# Flog Txt Version 1 # Analyzer Version: 4.4.1 # Analyzer Build Date: Jan 14 2022 06:06:11 # Log Creation Date: 25.04.2022 22:15:12.619 Process: id = "1" image_name = "a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe" filename = "c:\\users\\rdhj0cnfevzx\\desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe" page_root = "0x580e1000" os_pid = "0xb9c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x4a0" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\Desktop\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f72e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 124 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 125 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 126 start_va = 0x50000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 127 start_va = 0x150000 end_va = 0x153fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 128 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 129 start_va = 0x170000 end_va = 0x171fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 130 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 131 start_va = 0x400000 end_va = 0x40bfff monitored = 1 entry_point = 0x407cfe region_type = mapped_file name = "a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe") Region: id = 132 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 133 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 134 start_va = 0x7ff87ffa0000 end_va = 0x7ff880160fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 272 start_va = 0x4b0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004b0000" filename = "" Region: id = 273 start_va = 0x7ff865560000 end_va = 0x7ff8655c7fff monitored = 1 entry_point = 0x7ff865564970 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 274 start_va = 0x7ff87ce40000 end_va = 0x7ff87d027fff monitored = 0 entry_point = 0x7ff87ce6ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 275 start_va = 0x7ff87f640000 end_va = 0x7ff87f6ecfff monitored = 0 entry_point = 0x7ff87f6581a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 276 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 277 start_va = 0x7ff5ffed0000 end_va = 0x7ff5fffcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5ffed0000" filename = "" Region: id = 278 start_va = 0x5b0000 end_va = 0x66dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 279 start_va = 0x670000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 280 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 281 start_va = 0x7ff87aa90000 end_va = 0x7ff87ab08fff monitored = 0 entry_point = 0x7ff87aaafb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 282 start_va = 0x7ff5ffe50000 end_va = 0x7ff5ffecdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 283 start_va = 0x7ff87fd30000 end_va = 0x7ff87fdd6fff monitored = 0 entry_point = 0x7ff87fd458d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 284 start_va = 0x7ff87fde0000 end_va = 0x7ff87fe7cfff monitored = 0 entry_point = 0x7ff87fde78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 285 start_va = 0x670000 end_va = 0x76ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 286 start_va = 0x800000 end_va = 0x80ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 287 start_va = 0x7ff87f970000 end_va = 0x7ff87f9cafff monitored = 0 entry_point = 0x7ff87f9838b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 288 start_va = 0x180000 end_va = 0x186fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 289 start_va = 0x7ff87fe80000 end_va = 0x7ff87ff9bfff monitored = 0 entry_point = 0x7ff87fec02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 290 start_va = 0x810000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 291 start_va = 0x190000 end_va = 0x196fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 292 start_va = 0x7ff8654c0000 end_va = 0x7ff865557fff monitored = 1 entry_point = 0x7ff8654c1000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 293 start_va = 0x7ff87fb50000 end_va = 0x7ff87fba1fff monitored = 0 entry_point = 0x7ff87fb5f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 294 start_va = 0x7ff87f6f0000 end_va = 0x7ff87f96cfff monitored = 0 entry_point = 0x7ff87f7c4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 295 start_va = 0x7ff87d030000 end_va = 0x7ff87d099fff monitored = 0 entry_point = 0x7ff87d066d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 296 start_va = 0x7ff87f3e0000 end_va = 0x7ff87f565fff monitored = 0 entry_point = 0x7ff87f42ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 297 start_va = 0x7ff87ed60000 end_va = 0x7ff87eeb5fff monitored = 0 entry_point = 0x7ff87ed6a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 298 start_va = 0x1a0000 end_va = 0x1d8fff monitored = 0 entry_point = 0x1a12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 299 start_va = 0x9a0000 end_va = 0xb27fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000009a0000" filename = "" Region: id = 300 start_va = 0x7ff87d4f0000 end_va = 0x7ff87d52afff monitored = 0 entry_point = 0x7ff87d4f12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 301 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001a0000" filename = "" Region: id = 302 start_va = 0x1b0000 end_va = 0x1b0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001b0000" filename = "" Region: id = 303 start_va = 0xb30000 end_va = 0xcb0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b30000" filename = "" Region: id = 304 start_va = 0xcc0000 end_va = 0x20bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000cc0000" filename = "" Region: id = 305 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x1c7cfe region_type = mapped_file name = "a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe" filename = "\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe") Region: id = 306 start_va = 0x7ff87c640000 end_va = 0x7ff87c64efff monitored = 0 entry_point = 0x7ff87c643210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 307 start_va = 0x7ff870d80000 end_va = 0x7ff870d89fff monitored = 0 entry_point = 0x7ff870d81350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 308 start_va = 0x7ff85fa20000 end_va = 0x7ff8603adfff monitored = 1 entry_point = 0x7ff85fb4d9f0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 309 start_va = 0x7ff8650a0000 end_va = 0x7ff865196fff monitored = 0 entry_point = 0x7ff8650c4d80 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\System32\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll") Region: id = 310 start_va = 0x1c0000 end_va = 0x1c0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001c0000" filename = "" Region: id = 311 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001d0000" filename = "" Region: id = 312 start_va = 0x1e0000 end_va = 0x1effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 313 start_va = 0x7ff8002d0000 end_va = 0x7ff8002dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff8002d0000" filename = "" Region: id = 314 start_va = 0x7ff8002e0000 end_va = 0x7ff8002effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff8002e0000" filename = "" Region: id = 315 start_va = 0x7ff8002f0000 end_va = 0x7ff80037ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff8002f0000" filename = "" Region: id = 316 start_va = 0x7ff800380000 end_va = 0x7ff8003effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff800380000" filename = "" Region: id = 317 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 318 start_va = 0x410000 end_va = 0x410fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000410000" filename = "" Region: id = 319 start_va = 0x420000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 320 start_va = 0x810000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 321 start_va = 0x990000 end_va = 0x99ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000990000" filename = "" Region: id = 322 start_va = 0x20c0000 end_va = 0x21bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000020c0000" filename = "" Region: id = 323 start_va = 0x420000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 324 start_va = 0x470000 end_va = 0x47ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000470000" filename = "" Region: id = 325 start_va = 0x21c0000 end_va = 0x1a1bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021c0000" filename = "" Region: id = 326 start_va = 0x1a1c0000 end_va = 0x1a52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a1c0000" filename = "" Region: id = 327 start_va = 0x1a530000 end_va = 0x1a638fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a530000" filename = "" Region: id = 328 start_va = 0x1a640000 end_va = 0x1a73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a640000" filename = "" Region: id = 329 start_va = 0x1a740000 end_va = 0x1aa76fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 330 start_va = 0x7ff85e280000 end_va = 0x7ff85f745fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll") Region: id = 331 start_va = 0x7ff5ffe30000 end_va = 0x7ff5ffecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5ffe30000" filename = "" Region: id = 332 start_va = 0x7ff5ffe20000 end_va = 0x7ff5ffe2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5ffe20000" filename = "" Region: id = 333 start_va = 0x7ff87d3a0000 end_va = 0x7ff87d4e2fff monitored = 0 entry_point = 0x7ff87d3c8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 334 start_va = 0x8c0000 end_va = 0x97ffff monitored = 0 entry_point = 0x8e0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 335 start_va = 0x1aa80000 end_va = 0x1ab5cfff monitored = 0 entry_point = 0x1aade0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 336 start_va = 0x7ff8003f0000 end_va = 0x7ff80042ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff8003f0000" filename = "" Region: id = 337 start_va = 0x7ff800430000 end_va = 0x7ff80043ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff800430000" filename = "" Region: id = 338 start_va = 0x7ff8607e0000 end_va = 0x7ff8608e4fff monitored = 1 entry_point = 0x7ff8607e107c region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll") Region: id = 339 start_va = 0x7ff87fa80000 end_va = 0x7ff87fb40fff monitored = 0 entry_point = 0x7ff87faa0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 340 start_va = 0x420000 end_va = 0x42ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000420000" filename = "" Region: id = 341 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 342 start_va = 0x7ff85d660000 end_va = 0x7ff85e273fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll") Region: id = 343 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 344 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 345 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 346 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 347 start_va = 0x490000 end_va = 0x49ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000490000" filename = "" Region: id = 348 start_va = 0x4a0000 end_va = 0x4affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004a0000" filename = "" Region: id = 349 start_va = 0x770000 end_va = 0x77ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000770000" filename = "" Region: id = 350 start_va = 0x780000 end_va = 0x78ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000780000" filename = "" Region: id = 351 start_va = 0x790000 end_va = 0x79ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000790000" filename = "" Region: id = 352 start_va = 0x7a0000 end_va = 0x7affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007a0000" filename = "" Region: id = 353 start_va = 0x7b0000 end_va = 0x7bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007b0000" filename = "" Region: id = 354 start_va = 0x7c0000 end_va = 0x7cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007c0000" filename = "" Region: id = 355 start_va = 0x7d0000 end_va = 0x7effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 356 start_va = 0x810000 end_va = 0x83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000810000" filename = "" Region: id = 357 start_va = 0x8b0000 end_va = 0x8bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008b0000" filename = "" Region: id = 358 start_va = 0x840000 end_va = 0x85ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000840000" filename = "" Region: id = 359 start_va = 0x8c0000 end_va = 0x91ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000008c0000" filename = "" Region: id = 360 start_va = 0x860000 end_va = 0x88ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000860000" filename = "" Region: id = 361 start_va = 0x7f0000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007f0000" filename = "" Region: id = 362 start_va = 0x7ff87c240000 end_va = 0x7ff87c26cfff monitored = 0 entry_point = 0x7ff87c259d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 363 start_va = 0x1aa80000 end_va = 0x1ab5ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aa80000" filename = "" Region: id = 364 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 365 start_va = 0x440000 end_va = 0x44ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000440000" filename = "" Region: id = 366 start_va = 0x430000 end_va = 0x43ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000430000" filename = "" Region: id = 367 start_va = 0x7ff87eec0000 end_va = 0x7ff87eec7fff monitored = 0 entry_point = 0x7ff87eec10b0 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 368 start_va = 0x430000 end_va = 0x431fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000430000" filename = "" Region: id = 369 start_va = 0x440000 end_va = 0x440fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000440000" filename = "" Region: id = 370 start_va = 0x1ab60000 end_va = 0x1ac3ffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 371 start_va = 0x1ac40000 end_va = 0x1ad3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ac40000" filename = "" Region: id = 372 start_va = 0x1ad40000 end_va = 0x1ae3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ad40000" filename = "" Region: id = 376 start_va = 0x450000 end_va = 0x45ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000450000" filename = "" Region: id = 377 start_va = 0x460000 end_va = 0x46ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000460000" filename = "" Region: id = 378 start_va = 0x480000 end_va = 0x48ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000480000" filename = "" Region: id = 379 start_va = 0x7ff87d650000 end_va = 0x7ff87ebaefff monitored = 0 entry_point = 0x7ff87d7b11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 380 start_va = 0x7ff87c710000 end_va = 0x7ff87c752fff monitored = 0 entry_point = 0x7ff87c724b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 381 start_va = 0x1ae40000 end_va = 0x1af3ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ae40000" filename = "" Region: id = 382 start_va = 0x7ff87c760000 end_va = 0x7ff87cda3fff monitored = 0 entry_point = 0x7ff87c9264b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 383 start_va = 0x7ff87c650000 end_va = 0x7ff87c704fff monitored = 0 entry_point = 0x7ff87c6922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 384 start_va = 0x7ff87c5f0000 end_va = 0x7ff87c63afff monitored = 0 entry_point = 0x7ff87c5f35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 385 start_va = 0x7ff87c5d0000 end_va = 0x7ff87c5e3fff monitored = 0 entry_point = 0x7ff87c5d52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 386 start_va = 0x450000 end_va = 0x450fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000450000" filename = "" Region: id = 387 start_va = 0x7ff87bab0000 end_va = 0x7ff87bae0fff monitored = 0 entry_point = 0x7ff87bab7d10 region_type = mapped_file name = "ntmarta.dll" filename = "\\Windows\\System32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll") Region: id = 388 start_va = 0x7ff872970000 end_va = 0x7ff872a0bfff monitored = 0 entry_point = 0x7ff8729c96a0 region_type = mapped_file name = "efswrt.dll" filename = "\\Windows\\System32\\efswrt.dll" (normalized: "c:\\windows\\system32\\efswrt.dll") Region: id = 389 start_va = 0x7ff876870000 end_va = 0x7ff8769a5fff monitored = 0 entry_point = 0x7ff87689f350 region_type = mapped_file name = "wintypes.dll" filename = "\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll") Region: id = 390 start_va = 0x7ff86dea0000 end_va = 0x7ff86deeffff monitored = 0 entry_point = 0x7ff86dea2580 region_type = mapped_file name = "edputil.dll" filename = "\\Windows\\System32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll") Region: id = 391 start_va = 0x1af40000 end_va = 0x1b03ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001af40000" filename = "" Region: id = 392 start_va = 0x7ff87af40000 end_va = 0x7ff87afd5fff monitored = 0 entry_point = 0x7ff87af65570 region_type = mapped_file name = "uxtheme.dll" filename = "\\Windows\\System32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll") Region: id = 393 start_va = 0x670000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000670000" filename = "" Region: id = 394 start_va = 0x7ff87ab10000 end_va = 0x7ff87ac95fff monitored = 0 entry_point = 0x7ff87ab5d700 region_type = mapped_file name = "propsys.dll" filename = "\\Windows\\System32\\propsys.dll" (normalized: "c:\\windows\\system32\\propsys.dll") Region: id = 395 start_va = 0x460000 end_va = 0x460fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000460000" filename = "" Region: id = 396 start_va = 0x7ff87f9d0000 end_va = 0x7ff87fa76fff monitored = 0 entry_point = 0x7ff87f9db4d0 region_type = mapped_file name = "clbcatq.dll" filename = "\\Windows\\System32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll") Region: id = 397 start_va = 0x480000 end_va = 0x480fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000480000" filename = "" Region: id = 398 start_va = 0x490000 end_va = 0x493fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 399 start_va = 0x670000 end_va = 0x6b4fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000005.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000005.db") Region: id = 400 start_va = 0x7d0000 end_va = 0x7dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000007d0000" filename = "" Region: id = 401 start_va = 0x4a0000 end_va = 0x4a3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.2.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db") Region: id = 402 start_va = 0x6c0000 end_va = 0x74dfff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db" filename = "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db" (normalized: "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db") Region: id = 403 start_va = 0x1b040000 end_va = 0x1b43afff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x000000001b040000" filename = "" Region: id = 404 start_va = 0x750000 end_va = 0x753fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "cversions.1.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db") Region: id = 405 start_va = 0x760000 end_va = 0x778fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000b.db" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000000b.db" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x000000000000000b.db") Region: id = 406 start_va = 0x780000 end_va = 0x780fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000780000" filename = "" Region: id = 407 start_va = 0x1b440000 end_va = 0x1b53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b440000" filename = "" Region: id = 408 start_va = 0x1b540000 end_va = 0x1b61cfff monitored = 0 entry_point = 0x1b59e0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 409 start_va = 0x1b540000 end_va = 0x1b63ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b540000" filename = "" Region: id = 410 start_va = 0x1b640000 end_va = 0x1b73ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b640000" filename = "" Region: id = 411 start_va = 0x1b740000 end_va = 0x1b83ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b740000" filename = "" Region: id = 412 start_va = 0x7ff870840000 end_va = 0x7ff8709f7fff monitored = 0 entry_point = 0x7ff8708ae630 region_type = mapped_file name = "urlmon.dll" filename = "\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll") Region: id = 413 start_va = 0x7ff8764e0000 end_va = 0x7ff876861fff monitored = 0 entry_point = 0x7ff876531220 region_type = mapped_file name = "iertutil.dll" filename = "\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll") Region: id = 414 start_va = 0x750000 end_va = 0x750fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000750000" filename = "" Region: id = 415 start_va = 0x7ff5ffda0000 end_va = 0x7ff5ffe1dfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Thread: id = 1 os_tid = 0x91c [0069.399] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0070.052] RoInitialize () returned 0x1 [0070.052] RoUninitialize () returned 0x0 [0071.827] GetUserNameW (in: lpBuffer=0x14b9b0, pcbBuffer=0x14bcd8 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x14bcd8) returned 1 [0072.261] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14e0d0 | out: lpLuid=0x14e0d0*(LowPart=0x14, HighPart=0)) returned 1 [0072.263] GetCurrentProcess () returned 0xffffffffffffffff [0072.264] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14e0c8 | out: TokenHandle=0x14e0c8*=0x258) returned 1 [0072.264] AdjustTokenPrivileges (in: TokenHandle=0x258, DisableAllPrivileges=0, NewState=0x21d2a08*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0072.268] CloseHandle (hObject=0x258) returned 1 [0072.385] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x121ca1b0, Length=0x20000, ResultLength=0x14efc0 | out: SystemInformation=0x121ca1b0, ResultLength=0x14efc0*=0x21e38) returned 0xc0000004 [0072.404] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x121ea1e8, Length=0x24638, ResultLength=0x14efc0 | out: SystemInformation=0x121ea1e8, ResultLength=0x14efc0*=0x21e38) returned 0x0 [0072.448] GetCurrentProcessId () returned 0xb9c [0072.461] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd14) returned 0x0 [0072.630] EnumProcesses (in: lpidProcess=0x2217bc0, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x2217bc0, lpcbNeeded=0x14ee58) returned 1 [0072.639] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x14eab0, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0072.710] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10ec) returned 0x25c [0072.712] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2218950, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2218950, lpcbNeeded=0x14ef68) returned 1 [0072.713] GetModuleInformation (in: hProcess=0x25c, hModule=0xae0000, lpmodinfo=0x2218bc0, cb=0x18 | out: lpmodinfo=0x2218bc0*(lpBaseOfDll=0xae0000, SizeOfImage=0x17000, EntryPoint=0xae14a1)) returned 1 [0072.714] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.715] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xae0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="winscp.exe") returned 0xa [0072.715] CoTaskMemFree (pv=0x549620) [0072.716] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.716] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xae0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows NT\\winscp.exe" (normalized: "c:\\program files\\windows nt\\winscp.exe")) returned 0x26 [0072.716] CoTaskMemFree (pv=0x549620) [0072.717] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x221ade8, cb=0x18 | out: lpmodinfo=0x221ade8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0072.717] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.717] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0072.718] CoTaskMemFree (pv=0x549620) [0072.718] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.718] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0072.720] CoTaskMemFree (pv=0x549620) [0072.720] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x221cf90, cb=0x18 | out: lpmodinfo=0x221cf90*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0072.720] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.720] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0072.721] CoTaskMemFree (pv=0x549620) [0072.721] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.721] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0072.722] CoTaskMemFree (pv=0x549620) [0072.722] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x221f138, cb=0x18 | out: lpmodinfo=0x221f138*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0072.723] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.723] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0072.723] CoTaskMemFree (pv=0x549620) [0072.723] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.723] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0072.724] CoTaskMemFree (pv=0x549620) [0072.724] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x22212f0, cb=0x18 | out: lpmodinfo=0x22212f0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0072.725] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.725] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0072.727] CoTaskMemFree (pv=0x549620) [0072.727] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.727] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0072.728] CoTaskMemFree (pv=0x549620) [0072.728] CloseHandle (hObject=0x25c) returned 1 [0072.743] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0072.744] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb88) returned 0x25c [0072.744] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2223d68, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2223d68, lpcbNeeded=0x14ef68) returned 1 [0072.745] GetModuleInformation (in: hProcess=0x25c, hModule=0xa60000, lpmodinfo=0x2223fd8, cb=0x18 | out: lpmodinfo=0x2223fd8*(lpBaseOfDll=0xa60000, SizeOfImage=0x17000, EntryPoint=0xa614a1)) returned 1 [0072.745] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.745] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xa60000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="those.exe") returned 0x9 [0072.756] CoTaskMemFree (pv=0x549620) [0072.756] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.756] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xa60000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows NT\\those.exe" (normalized: "c:\\program files (x86)\\windows nt\\those.exe")) returned 0x2b [0072.757] CoTaskMemFree (pv=0x549620) [0072.757] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x22261d0, cb=0x18 | out: lpmodinfo=0x22261d0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0072.758] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.758] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0072.758] CoTaskMemFree (pv=0x549620) [0072.758] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.758] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0072.759] CoTaskMemFree (pv=0x549620) [0072.759] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2228378, cb=0x18 | out: lpmodinfo=0x2228378*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0072.759] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.759] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0072.760] CoTaskMemFree (pv=0x549620) [0072.760] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.760] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0072.761] CoTaskMemFree (pv=0x549620) [0072.761] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x222a520, cb=0x18 | out: lpmodinfo=0x222a520*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0072.762] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.762] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0072.762] CoTaskMemFree (pv=0x549620) [0072.762] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.762] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0072.763] CoTaskMemFree (pv=0x549620) [0072.763] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x222c6d8, cb=0x18 | out: lpmodinfo=0x222c6d8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0072.764] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.764] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0072.765] CoTaskMemFree (pv=0x549620) [0072.765] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.765] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0072.765] CoTaskMemFree (pv=0x549620) [0072.765] CloseHandle (hObject=0x25c) returned 1 [0072.766] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0072.766] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x310) returned 0x25c [0072.766] EnumProcessModules (in: hProcess=0x25c, lphModule=0x222eeb0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x222eeb0, lpcbNeeded=0x14ef68) returned 1 [0072.770] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff689230000, lpmodinfo=0x222f120, cb=0x18 | out: lpmodinfo=0x222f120*(lpBaseOfDll=0x7ff689230000, SizeOfImage=0x13000, EntryPoint=0x7ff689233100)) returned 1 [0072.770] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.770] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff689230000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="dwm.exe") returned 0x7 [0072.771] CoTaskMemFree (pv=0x549620) [0072.771] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.771] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff689230000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwm.exe" (normalized: "c:\\windows\\system32\\dwm.exe")) returned 0x1b [0072.771] CoTaskMemFree (pv=0x549620) [0072.771] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x22312f0, cb=0x18 | out: lpmodinfo=0x22312f0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0072.772] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.772] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0072.773] CoTaskMemFree (pv=0x549620) [0072.773] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.773] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0072.773] CoTaskMemFree (pv=0x549620) [0072.773] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x2233498, cb=0x18 | out: lpmodinfo=0x2233498*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0072.774] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.774] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0072.774] CoTaskMemFree (pv=0x549620) [0072.774] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.774] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0072.775] CoTaskMemFree (pv=0x549620) [0072.775] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x2235650, cb=0x18 | out: lpmodinfo=0x2235650*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0072.776] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.776] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0072.776] CoTaskMemFree (pv=0x549620) [0072.776] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.777] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0072.777] CoTaskMemFree (pv=0x549620) [0072.777] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87aa90000, lpmodinfo=0x2237808, cb=0x18 | out: lpmodinfo=0x2237808*(lpBaseOfDll=0x7ff87aa90000, SizeOfImage=0x79000, EntryPoint=0x7ff87aaafb90)) returned 1 [0072.778] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.778] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87aa90000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0072.779] CoTaskMemFree (pv=0x549620) [0072.779] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.779] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87aa90000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0072.780] CoTaskMemFree (pv=0x549620) [0072.780] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x2239a08, cb=0x18 | out: lpmodinfo=0x2239a08*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0072.781] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.781] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0072.781] CoTaskMemFree (pv=0x549620) [0072.781] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.782] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0072.782] CoTaskMemFree (pv=0x549620) [0072.782] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x223bbb0, cb=0x18 | out: lpmodinfo=0x223bbb0*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0072.783] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.783] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0072.784] CoTaskMemFree (pv=0x549620) [0072.784] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.784] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0072.785] CoTaskMemFree (pv=0x549620) [0072.785] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x223dd68, cb=0x18 | out: lpmodinfo=0x223dd68*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0072.786] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.786] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0072.787] CoTaskMemFree (pv=0x549620) [0072.787] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.787] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0072.788] CoTaskMemFree (pv=0x549620) [0072.788] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x223ff10, cb=0x18 | out: lpmodinfo=0x223ff10*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0072.789] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.789] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0072.791] CoTaskMemFree (pv=0x549620) [0072.791] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.791] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0072.798] CoTaskMemFree (pv=0x549620) [0072.798] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x2242150, cb=0x18 | out: lpmodinfo=0x2242150*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0072.799] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.799] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="gdi32.dll") returned 0x9 [0072.800] CoTaskMemFree (pv=0x549620) [0072.800] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.800] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0072.802] CoTaskMemFree (pv=0x549620) [0072.802] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x22442f8, cb=0x18 | out: lpmodinfo=0x22442f8*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0072.803] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.803] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0072.804] CoTaskMemFree (pv=0x549620) [0072.804] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.804] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0072.805] CoTaskMemFree (pv=0x549620) [0072.805] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87aa60000, lpmodinfo=0x22464a0, cb=0x18 | out: lpmodinfo=0x22464a0*(lpBaseOfDll=0x7ff87aa60000, SizeOfImage=0x2c000, EntryPoint=0x7ff87aa6f120)) returned 1 [0072.807] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.807] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87aa60000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="dwmredir.dll") returned 0xc [0072.808] CoTaskMemFree (pv=0x549620) [0072.808] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.808] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87aa60000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dwmredir.dll" (normalized: "c:\\windows\\system32\\dwmredir.dll")) returned 0x20 [0072.810] CoTaskMemFree (pv=0x549620) [0072.810] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a980000, lpmodinfo=0x2248658, cb=0x18 | out: lpmodinfo=0x2248658*(lpBaseOfDll=0x7ff87a980000, SizeOfImage=0xd5000, EntryPoint=0x7ff87a9cb980)) returned 1 [0072.811] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.811] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a980000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="udwm.dll") returned 0x8 [0072.812] CoTaskMemFree (pv=0x549620) [0072.812] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.813] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a980000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\udwm.dll" (normalized: "c:\\windows\\system32\\udwm.dll")) returned 0x1c [0072.814] CoTaskMemFree (pv=0x549620) [0072.814] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a790000, lpmodinfo=0x224a800, cb=0x18 | out: lpmodinfo=0x224a800*(lpBaseOfDll=0x7ff87a790000, SizeOfImage=0x1e3000, EntryPoint=0x7ff87a842160)) returned 1 [0072.815] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.815] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a790000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="dwmcore.dll") returned 0xb [0072.817] CoTaskMemFree (pv=0x549620) [0072.817] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.817] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a790000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmcore.dll" (normalized: "c:\\windows\\system32\\dwmcore.dll")) returned 0x1f [0072.819] CoTaskMemFree (pv=0x549620) [0072.819] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x224c9a8, cb=0x18 | out: lpmodinfo=0x224c9a8*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0072.820] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.820] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0072.822] CoTaskMemFree (pv=0x549620) [0072.822] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.822] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0072.824] CoTaskMemFree (pv=0x549620) [0072.824] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x224eb60, cb=0x18 | out: lpmodinfo=0x224eb60*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0072.825] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.825] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0072.827] CoTaskMemFree (pv=0x549620) [0072.827] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.827] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0072.829] CoTaskMemFree (pv=0x549620) [0072.829] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x2250d08, cb=0x18 | out: lpmodinfo=0x2250d08*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0072.830] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.830] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0072.923] CoTaskMemFree (pv=0x549620) [0072.923] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.923] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0072.925] CoTaskMemFree (pv=0x549620) [0072.925] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a6a0000, lpmodinfo=0x2252ff8, cb=0x18 | out: lpmodinfo=0x2252ff8*(lpBaseOfDll=0x7ff87a6a0000, SizeOfImage=0xe3000, EntryPoint=0x7ff87a6d7da0)) returned 1 [0072.927] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.927] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a6a0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="dcomp.dll") returned 0x9 [0072.930] CoTaskMemFree (pv=0x549620) [0072.930] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.930] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a6a0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll")) returned 0x1d [0072.932] CoTaskMemFree (pv=0x549620) [0072.932] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpmodinfo=0x22551a0, cb=0x18 | out: lpmodinfo=0x22551a0*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0072.934] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.934] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="CoreMessaging.dll") returned 0x11 [0072.936] CoTaskMemFree (pv=0x549620) [0072.936] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.936] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0072.938] CoTaskMemFree (pv=0x549620) [0072.938] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpmodinfo=0x2257368, cb=0x18 | out: lpmodinfo=0x2257368*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0072.940] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.940] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0072.942] CoTaskMemFree (pv=0x549620) [0072.942] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.942] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0072.944] CoTaskMemFree (pv=0x549620) [0072.944] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87af40000, lpmodinfo=0x2259510, cb=0x18 | out: lpmodinfo=0x2259510*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0072.946] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.946] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0072.949] CoTaskMemFree (pv=0x549620) [0072.949] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.949] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0072.952] CoTaskMemFree (pv=0x549620) [0072.952] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a5c0000, lpmodinfo=0x225b6b8, cb=0x18 | out: lpmodinfo=0x225b6b8*(lpBaseOfDll=0x7ff87a5c0000, SizeOfImage=0x16000, EntryPoint=0x7ff87a5ca430)) returned 1 [0072.954] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.954] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a5c0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="dwmghost.dll") returned 0xc [0072.956] CoTaskMemFree (pv=0x549620) [0072.956] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.956] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a5c0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dwmghost.dll" (normalized: "c:\\windows\\system32\\dwmghost.dll")) returned 0x20 [0072.958] CoTaskMemFree (pv=0x549620) [0072.958] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a590000, lpmodinfo=0x225d870, cb=0x18 | out: lpmodinfo=0x225d870*(lpBaseOfDll=0x7ff87a590000, SizeOfImage=0x22000, EntryPoint=0x7ff87a591a40)) returned 1 [0072.979] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.979] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a590000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0072.982] CoTaskMemFree (pv=0x549620) [0072.982] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.982] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a590000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0072.984] CoTaskMemFree (pv=0x549620) [0072.984] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a2e0000, lpmodinfo=0x225fa18, cb=0x18 | out: lpmodinfo=0x225fa18*(lpBaseOfDll=0x7ff87a2e0000, SizeOfImage=0x2a8000, EntryPoint=0x7ff87a373250)) returned 1 [0072.986] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.986] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a2e0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="d3d11.dll") returned 0x9 [0072.999] CoTaskMemFree (pv=0x549620) [0072.999] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0072.999] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a2e0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll")) returned 0x1d [0073.001] CoTaskMemFree (pv=0x549620) [0073.002] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a230000, lpmodinfo=0x2261bc0, cb=0x18 | out: lpmodinfo=0x2261bc0*(lpBaseOfDll=0x7ff87a230000, SizeOfImage=0xa2000, EntryPoint=0x7ff87a250a40)) returned 1 [0073.004] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.004] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a230000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="dxgi.dll") returned 0x8 [0073.007] CoTaskMemFree (pv=0x549620) [0073.007] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.007] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a230000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")) returned 0x1c [0073.009] CoTaskMemFree (pv=0x549620) [0073.009] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879920000, lpmodinfo=0x2263d68, cb=0x18 | out: lpmodinfo=0x2263d68*(lpBaseOfDll=0x7ff879920000, SizeOfImage=0x1b1000, EntryPoint=0x7ff8799b61a0)) returned 1 [0073.012] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.012] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879920000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0073.014] CoTaskMemFree (pv=0x549620) [0073.014] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.014] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879920000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")) returned 0x25 [0073.017] CoTaskMemFree (pv=0x549620) [0073.017] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x2265f30, cb=0x18 | out: lpmodinfo=0x2265f30*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0073.019] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.019] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0073.043] CoTaskMemFree (pv=0x549620) [0073.043] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.043] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0073.046] CoTaskMemFree (pv=0x549620) [0073.046] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x22680f8, cb=0x18 | out: lpmodinfo=0x22680f8*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0073.049] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.049] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0073.051] CoTaskMemFree (pv=0x549620) [0073.051] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.051] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0073.054] CoTaskMemFree (pv=0x549620) [0073.054] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8798d0000, lpmodinfo=0x226a2a0, cb=0x18 | out: lpmodinfo=0x226a2a0*(lpBaseOfDll=0x7ff8798d0000, SizeOfImage=0x4b000, EntryPoint=0x7ff8798e72b0)) returned 1 [0073.057] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.057] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8798d0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="UIAnimation.dll") returned 0xf [0073.061] CoTaskMemFree (pv=0x549620) [0073.061] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.061] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8798d0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll")) returned 0x23 [0073.064] CoTaskMemFree (pv=0x549620) [0073.064] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879840000, lpmodinfo=0x226c458, cb=0x18 | out: lpmodinfo=0x226c458*(lpBaseOfDll=0x7ff879840000, SizeOfImage=0x32000, EntryPoint=0x7ff87985f6d0)) returned 1 [0073.067] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.067] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879840000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="ism32k.dll") returned 0xa [0073.069] CoTaskMemFree (pv=0x549620) [0073.069] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.069] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879840000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ism32k.dll" (normalized: "c:\\windows\\system32\\ism32k.dll")) returned 0x1e [0073.072] CoTaskMemFree (pv=0x549620) [0073.072] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879830000, lpmodinfo=0x226e600, cb=0x18 | out: lpmodinfo=0x226e600*(lpBaseOfDll=0x7ff879830000, SizeOfImage=0xb000, EntryPoint=0x7ff879831650)) returned 1 [0073.075] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.075] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879830000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="avrt.dll") returned 0x8 [0073.078] CoTaskMemFree (pv=0x549620) [0073.078] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.078] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879830000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")) returned 0x1c [0073.128] CoTaskMemFree (pv=0x549620) [0073.128] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8797f0000, lpmodinfo=0x22707a8, cb=0x18 | out: lpmodinfo=0x22707a8*(lpBaseOfDll=0x7ff8797f0000, SizeOfImage=0x40000, EntryPoint=0x7ff8798177d0)) returned 1 [0073.131] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.131] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8797f0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="Windows.Gaming.Input.dll") returned 0x18 [0073.134] CoTaskMemFree (pv=0x549620) [0073.134] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.134] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8797f0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Gaming.Input.dll" (normalized: "c:\\windows\\system32\\windows.gaming.input.dll")) returned 0x2c [0073.144] CoTaskMemFree (pv=0x549620) [0073.144] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x2272990, cb=0x18 | out: lpmodinfo=0x2272990*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0073.148] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.148] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0073.152] CoTaskMemFree (pv=0x549620) [0073.153] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.153] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0073.158] CoTaskMemFree (pv=0x549620) [0073.158] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x2274d60, cb=0x18 | out: lpmodinfo=0x2274d60*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0073.164] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.164] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0073.219] CoTaskMemFree (pv=0x549620) [0073.219] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.219] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0073.223] CoTaskMemFree (pv=0x549620) [0073.223] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879580000, lpmodinfo=0x2276f08, cb=0x18 | out: lpmodinfo=0x2276f08*(lpBaseOfDll=0x7ff879580000, SizeOfImage=0x26f000, EntryPoint=0x7ff8796322b0)) returned 1 [0073.226] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.226] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879580000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="d3d10warp.dll") returned 0xd [0073.230] CoTaskMemFree (pv=0x549620) [0073.230] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.230] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879580000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll")) returned 0x21 [0073.233] CoTaskMemFree (pv=0x549620) [0073.233] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879030000, lpmodinfo=0x22790c0, cb=0x18 | out: lpmodinfo=0x22790c0*(lpBaseOfDll=0x7ff879030000, SizeOfImage=0x545000, EntryPoint=0x7ff8791ca450)) returned 1 [0073.236] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.236] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879030000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="d2d1.dll") returned 0x8 [0073.240] CoTaskMemFree (pv=0x549620) [0073.240] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.240] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879030000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll")) returned 0x1c [0073.243] CoTaskMemFree (pv=0x549620) [0073.243] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpmodinfo=0x227b268, cb=0x18 | out: lpmodinfo=0x227b268*(lpBaseOfDll=0x7ff878ff0000, SizeOfImage=0x36000, EntryPoint=0x7ff879000070)) returned 1 [0073.247] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.247] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0073.250] CoTaskMemFree (pv=0x549620) [0073.250] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.250] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0073.273] CoTaskMemFree (pv=0x549620) [0073.273] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878fc0000, lpmodinfo=0x227d410, cb=0x18 | out: lpmodinfo=0x227d410*(lpBaseOfDll=0x7ff878fc0000, SizeOfImage=0x29000, EntryPoint=0x7ff878fcca00)) returned 1 [0073.276] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.276] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878fc0000, lpBaseName=0x549620, nSize=0x800 | out: lpBaseName="Cabinet.dll") returned 0xb [0073.280] CoTaskMemFree (pv=0x549620) [0073.280] CoTaskMemAlloc (cb=0x804) returned 0x549620 [0073.280] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878fc0000, lpFilename=0x549620, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")) returned 0x1f [0073.284] CoTaskMemFree (pv=0x549620) [0073.284] CloseHandle (hObject=0x25c) returned 1 [0073.284] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0073.285] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x900) returned 0x25c [0073.285] EnumProcessModules (in: hProcess=0x25c, lphModule=0x22806d8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22806d8, lpcbNeeded=0x14ef68) returned 1 [0073.285] GetModuleInformation (in: hProcess=0x25c, hModule=0x110000, lpmodinfo=0x2280948, cb=0x18 | out: lpmodinfo=0x2280948*(lpBaseOfDll=0x110000, SizeOfImage=0x17000, EntryPoint=0x1114a1)) returned 1 [0073.286] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.286] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x110000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="boy.exe") returned 0x7 [0073.286] CoTaskMemFree (pv=0x549440) [0073.287] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.287] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x110000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Media Player\\boy.exe" (normalized: "c:\\program files\\windows media player\\boy.exe")) returned 0x2d [0073.287] CoTaskMemFree (pv=0x549440) [0073.287] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2282b40, cb=0x18 | out: lpmodinfo=0x2282b40*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0073.288] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.288] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.288] CoTaskMemFree (pv=0x549440) [0073.288] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.288] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.289] CoTaskMemFree (pv=0x549440) [0073.289] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2284ce8, cb=0x18 | out: lpmodinfo=0x2284ce8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0073.290] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.290] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.291] CoTaskMemFree (pv=0x549440) [0073.291] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.291] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.292] CoTaskMemFree (pv=0x549440) [0073.292] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2286e90, cb=0x18 | out: lpmodinfo=0x2286e90*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0073.292] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.292] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.293] CoTaskMemFree (pv=0x549440) [0073.293] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.293] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.294] CoTaskMemFree (pv=0x549440) [0073.294] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x2289048, cb=0x18 | out: lpmodinfo=0x2289048*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0073.294] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.294] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.295] CoTaskMemFree (pv=0x549440) [0073.295] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.295] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.296] CoTaskMemFree (pv=0x549440) [0073.296] CloseHandle (hObject=0x25c) returned 1 [0073.296] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0073.296] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1178) returned 0x25c [0073.297] EnumProcessModules (in: hProcess=0x25c, lphModule=0x228b820, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x228b820, lpcbNeeded=0x14ef68) returned 1 [0073.297] GetModuleInformation (in: hProcess=0x25c, hModule=0xe00000, lpmodinfo=0x228ba90, cb=0x18 | out: lpmodinfo=0x228ba90*(lpBaseOfDll=0xe00000, SizeOfImage=0x17000, EntryPoint=0xe014a1)) returned 1 [0073.298] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.298] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xe00000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="isspos.exe") returned 0xa [0073.298] CoTaskMemFree (pv=0x549440) [0073.298] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.298] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xe00000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Sidebar\\isspos.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\isspos.exe")) returned 0x31 [0073.299] CoTaskMemFree (pv=0x549440) [0073.299] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x228dc98, cb=0x18 | out: lpmodinfo=0x228dc98*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0073.299] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.299] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.300] CoTaskMemFree (pv=0x549440) [0073.300] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.300] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.300] CoTaskMemFree (pv=0x549440) [0073.301] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x228fe40, cb=0x18 | out: lpmodinfo=0x228fe40*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0073.301] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.301] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.302] CoTaskMemFree (pv=0x549440) [0073.302] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.302] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.302] CoTaskMemFree (pv=0x549440) [0073.303] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2291fe8, cb=0x18 | out: lpmodinfo=0x2291fe8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0073.303] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.303] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.304] CoTaskMemFree (pv=0x549440) [0073.304] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.304] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.305] CoTaskMemFree (pv=0x549440) [0073.305] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x22941a0, cb=0x18 | out: lpmodinfo=0x22941a0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0073.306] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.306] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.307] CoTaskMemFree (pv=0x549440) [0073.307] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.307] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.327] CoTaskMemFree (pv=0x549440) [0073.327] CloseHandle (hObject=0x25c) returned 1 [0073.328] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0073.328] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1020) returned 0x25c [0073.328] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2296978, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2296978, lpcbNeeded=0x14ef68) returned 1 [0073.329] GetModuleInformation (in: hProcess=0x25c, hModule=0xe10000, lpmodinfo=0x2296be8, cb=0x18 | out: lpmodinfo=0x2296be8*(lpBaseOfDll=0xe10000, SizeOfImage=0x17000, EntryPoint=0xe114a1)) returned 1 [0073.329] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.329] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xe10000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="foxmailincmail.exe") returned 0x12 [0073.330] CoTaskMemFree (pv=0x549440) [0073.330] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.330] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xe10000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Common Files\\foxmailincmail.exe" (normalized: "c:\\program files (x86)\\common files\\foxmailincmail.exe")) returned 0x36 [0073.330] CoTaskMemFree (pv=0x549440) [0073.330] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2298e08, cb=0x18 | out: lpmodinfo=0x2298e08*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0073.331] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.331] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.331] CoTaskMemFree (pv=0x549440) [0073.331] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.331] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.332] CoTaskMemFree (pv=0x549440) [0073.332] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x229afb0, cb=0x18 | out: lpmodinfo=0x229afb0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0073.332] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.332] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.333] CoTaskMemFree (pv=0x549440) [0073.333] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.333] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.334] CoTaskMemFree (pv=0x549440) [0073.334] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x229d158, cb=0x18 | out: lpmodinfo=0x229d158*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0073.334] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.334] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.335] CoTaskMemFree (pv=0x549440) [0073.335] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.335] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.336] CoTaskMemFree (pv=0x549440) [0073.336] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x229f310, cb=0x18 | out: lpmodinfo=0x229f310*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0073.336] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.336] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.337] CoTaskMemFree (pv=0x549440) [0073.338] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.338] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.338] CoTaskMemFree (pv=0x549440) [0073.338] CloseHandle (hObject=0x25c) returned 1 [0073.339] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0073.339] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x494) returned 0x25c [0073.339] EnumProcessModules (in: hProcess=0x25c, lphModule=0x22a1ae8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22a1ae8, lpcbNeeded=0x14ef68) returned 1 [0073.340] GetModuleInformation (in: hProcess=0x25c, hModule=0x150000, lpmodinfo=0x22a1d58, cb=0x18 | out: lpmodinfo=0x22a1d58*(lpBaseOfDll=0x150000, SizeOfImage=0x17000, EntryPoint=0x1514a1)) returned 1 [0073.340] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.340] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x150000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="bitkinex.exe") returned 0xc [0073.341] CoTaskMemFree (pv=0x549440) [0073.341] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.341] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x150000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Reference Assemblies\\bitkinex.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\bitkinex.exe")) returned 0x38 [0073.341] CoTaskMemFree (pv=0x549440) [0073.341] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x22a3f78, cb=0x18 | out: lpmodinfo=0x22a3f78*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0073.342] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.342] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.342] CoTaskMemFree (pv=0x549440) [0073.342] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.342] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.343] CoTaskMemFree (pv=0x549440) [0073.343] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x22a6120, cb=0x18 | out: lpmodinfo=0x22a6120*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0073.343] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.344] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0073.344] CoTaskMemFree (pv=0x549440) [0073.344] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.344] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0073.345] CoTaskMemFree (pv=0x549440) [0073.345] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x22a82c8, cb=0x18 | out: lpmodinfo=0x22a82c8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0073.345] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.345] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0073.346] CoTaskMemFree (pv=0x549440) [0073.346] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.346] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0073.347] CoTaskMemFree (pv=0x549440) [0073.347] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x22aa480, cb=0x18 | out: lpmodinfo=0x22aa480*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0073.349] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.349] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0073.350] CoTaskMemFree (pv=0x549440) [0073.350] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.350] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0073.351] CoTaskMemFree (pv=0x549440) [0073.351] CloseHandle (hObject=0x25c) returned 1 [0073.351] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0073.352] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3cc) returned 0x25c [0073.352] EnumProcessModules (in: hProcess=0x25c, lphModule=0x22acc58, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22acc58, lpcbNeeded=0x14ef68) returned 1 [0073.391] EnumProcessModules (in: hProcess=0x25c, lphModule=0x22ace70, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x22ace70, lpcbNeeded=0x14ef68) returned 1 [0073.402] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpmodinfo=0x22ad2e0, cb=0x18 | out: lpmodinfo=0x22ad2e0*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0073.403] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.403] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0073.403] CoTaskMemFree (pv=0x549440) [0073.403] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.403] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0073.404] CoTaskMemFree (pv=0x549440) [0073.404] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x22af4c0, cb=0x18 | out: lpmodinfo=0x22af4c0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0073.404] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.404] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0073.405] CoTaskMemFree (pv=0x549440) [0073.405] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.405] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0073.405] CoTaskMemFree (pv=0x549440) [0073.405] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x22b1668, cb=0x18 | out: lpmodinfo=0x22b1668*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0073.406] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.406] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0073.407] CoTaskMemFree (pv=0x549440) [0073.407] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.407] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0073.408] CoTaskMemFree (pv=0x549440) [0073.408] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x22b3820, cb=0x18 | out: lpmodinfo=0x22b3820*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0073.408] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.408] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0073.409] CoTaskMemFree (pv=0x549440) [0073.409] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.409] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0073.410] CoTaskMemFree (pv=0x549440) [0073.410] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x22b59d8, cb=0x18 | out: lpmodinfo=0x22b59d8*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0073.411] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.411] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0073.411] CoTaskMemFree (pv=0x549440) [0073.412] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.412] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0073.412] CoTaskMemFree (pv=0x549440) [0073.412] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x22b7bd8, cb=0x18 | out: lpmodinfo=0x22b7bd8*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0073.413] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.413] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0073.414] CoTaskMemFree (pv=0x549440) [0073.414] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.414] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0073.415] CoTaskMemFree (pv=0x549440) [0073.415] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b760000, lpmodinfo=0x22b9d80, cb=0x18 | out: lpmodinfo=0x22b9d80*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0073.416] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.416] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0073.417] CoTaskMemFree (pv=0x549440) [0073.417] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.417] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0073.418] CoTaskMemFree (pv=0x549440) [0073.418] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x22bbf38, cb=0x18 | out: lpmodinfo=0x22bbf38*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0073.419] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.419] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0073.420] CoTaskMemFree (pv=0x549440) [0073.420] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.420] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0073.421] CoTaskMemFree (pv=0x549440) [0073.421] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x22be0e0, cb=0x18 | out: lpmodinfo=0x22be0e0*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0073.422] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.422] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0073.423] CoTaskMemFree (pv=0x549440) [0073.423] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.423] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0073.425] CoTaskMemFree (pv=0x549440) [0073.425] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x22c0320, cb=0x18 | out: lpmodinfo=0x22c0320*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0073.426] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.426] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0073.427] CoTaskMemFree (pv=0x549440) [0073.427] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.427] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0073.429] CoTaskMemFree (pv=0x549440) [0073.429] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x22c24f8, cb=0x18 | out: lpmodinfo=0x22c24f8*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0073.430] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.430] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0073.431] CoTaskMemFree (pv=0x549440) [0073.431] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.431] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0073.433] CoTaskMemFree (pv=0x549440) [0073.433] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x22c46c0, cb=0x18 | out: lpmodinfo=0x22c46c0*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0073.439] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.439] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0073.441] CoTaskMemFree (pv=0x549440) [0073.441] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.441] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0073.442] CoTaskMemFree (pv=0x549440) [0073.442] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x22c6868, cb=0x18 | out: lpmodinfo=0x22c6868*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0073.444] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.444] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0073.445] CoTaskMemFree (pv=0x549440) [0073.445] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.445] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0073.447] CoTaskMemFree (pv=0x549440) [0073.447] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x22c8a10, cb=0x18 | out: lpmodinfo=0x22c8a10*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0073.448] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.448] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0073.450] CoTaskMemFree (pv=0x549440) [0073.450] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.450] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0073.452] CoTaskMemFree (pv=0x549440) [0073.452] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x22cabb8, cb=0x18 | out: lpmodinfo=0x22cabb8*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0073.453] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.453] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0073.455] CoTaskMemFree (pv=0x549440) [0073.455] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.455] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0073.456] CoTaskMemFree (pv=0x549440) [0073.456] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x22ccd70, cb=0x18 | out: lpmodinfo=0x22ccd70*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0073.458] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.458] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0073.460] CoTaskMemFree (pv=0x549440) [0073.460] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.460] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0073.462] CoTaskMemFree (pv=0x549440) [0073.462] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878f20000, lpmodinfo=0x22cef18, cb=0x18 | out: lpmodinfo=0x22cef18*(lpBaseOfDll=0x7ff878f20000, SizeOfImage=0x79000, EntryPoint=0x7ff878f37800)) returned 1 [0073.463] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.463] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878f20000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="Geolocation.dll") returned 0xf [0073.465] CoTaskMemFree (pv=0x549440) [0073.465] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.465] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878f20000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Geolocation.dll" (normalized: "c:\\windows\\system32\\geolocation.dll")) returned 0x23 [0073.467] CoTaskMemFree (pv=0x549440) [0073.468] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x22d11e8, cb=0x18 | out: lpmodinfo=0x22d11e8*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0073.469] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.469] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0073.472] CoTaskMemFree (pv=0x549440) [0073.472] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.472] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0073.474] CoTaskMemFree (pv=0x549440) [0073.474] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878e80000, lpmodinfo=0x22d33a0, cb=0x18 | out: lpmodinfo=0x22d33a0*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0073.479] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.479] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878e80000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0073.481] CoTaskMemFree (pv=0x549440) [0073.481] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.481] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878e80000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0073.483] CoTaskMemFree (pv=0x549440) [0073.483] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878e40000, lpmodinfo=0x22d5568, cb=0x18 | out: lpmodinfo=0x22d5568*(lpBaseOfDll=0x7ff878e40000, SizeOfImage=0x33000, EntryPoint=0x7ff878e4d5a0)) returned 1 [0073.485] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.485] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878e40000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="BiWinrt.dll") returned 0xb [0073.487] CoTaskMemFree (pv=0x549440) [0073.487] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.487] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878e40000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\BiWinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll")) returned 0x1f [0073.490] CoTaskMemFree (pv=0x549440) [0073.490] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpmodinfo=0x22d7710, cb=0x18 | out: lpmodinfo=0x22d7710*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0073.492] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.492] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0073.494] CoTaskMemFree (pv=0x549440) [0073.494] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.494] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0073.496] CoTaskMemFree (pv=0x549440) [0073.496] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpmodinfo=0x22d98d8, cb=0x18 | out: lpmodinfo=0x22d98d8*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0073.498] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.498] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0073.501] CoTaskMemFree (pv=0x549440) [0073.501] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.501] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0073.503] CoTaskMemFree (pv=0x549440) [0073.503] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x22dba80, cb=0x18 | out: lpmodinfo=0x22dba80*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0073.505] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.505] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0073.507] CoTaskMemFree (pv=0x549440) [0073.507] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.507] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0073.509] CoTaskMemFree (pv=0x549440) [0073.509] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x22ddc28, cb=0x18 | out: lpmodinfo=0x22ddc28*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0073.512] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.512] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0073.516] CoTaskMemFree (pv=0x549440) [0073.516] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.516] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0073.518] CoTaskMemFree (pv=0x549440) [0073.518] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878df0000, lpmodinfo=0x22dfdd0, cb=0x18 | out: lpmodinfo=0x22dfdd0*(lpBaseOfDll=0x7ff878df0000, SizeOfImage=0x4a000, EntryPoint=0x7ff878dfac30)) returned 1 [0073.521] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.521] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878df0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="deviceaccess.dll") returned 0x10 [0073.523] CoTaskMemFree (pv=0x549440) [0073.523] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.523] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878df0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")) returned 0x24 [0073.525] CoTaskMemFree (pv=0x549440) [0073.525] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878820000, lpmodinfo=0x22e1f98, cb=0x18 | out: lpmodinfo=0x22e1f98*(lpBaseOfDll=0x7ff878820000, SizeOfImage=0xc000, EntryPoint=0x7ff8788214d0)) returned 1 [0073.528] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.528] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878820000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="LocationFrameworkPS.dll") returned 0x17 [0073.531] CoTaskMemFree (pv=0x549440) [0073.531] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.531] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878820000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")) returned 0x2b [0073.533] CoTaskMemFree (pv=0x549440) [0073.533] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878580000, lpmodinfo=0x22e4170, cb=0x18 | out: lpmodinfo=0x22e4170*(lpBaseOfDll=0x7ff878580000, SizeOfImage=0x7a000, EntryPoint=0x7ff8785a7630)) returned 1 [0073.536] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.536] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878580000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="es.dll") returned 0x6 [0073.538] CoTaskMemFree (pv=0x549440) [0073.538] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.538] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878580000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")) returned 0x1a [0073.541] CoTaskMemFree (pv=0x549440) [0073.541] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff877ee0000, lpmodinfo=0x22e6308, cb=0x18 | out: lpmodinfo=0x22e6308*(lpBaseOfDll=0x7ff877ee0000, SizeOfImage=0x1a2000, EntryPoint=0x7ff877f2c2d0)) returned 1 [0073.544] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.544] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff877ee0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="fntcache.dll") returned 0xc [0073.546] CoTaskMemFree (pv=0x549440) [0073.546] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.546] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff877ee0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\fntcache.dll" (normalized: "c:\\windows\\system32\\fntcache.dll")) returned 0x20 [0073.549] CoTaskMemFree (pv=0x549440) [0073.549] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff877eb0000, lpmodinfo=0x22e84c0, cb=0x18 | out: lpmodinfo=0x22e84c0*(lpBaseOfDll=0x7ff877eb0000, SizeOfImage=0x29000, EntryPoint=0x7ff877ec24d0)) returned 1 [0073.554] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.554] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff877eb0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="FontProvider.dll") returned 0x10 [0073.557] CoTaskMemFree (pv=0x549440) [0073.557] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.557] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff877eb0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\FontProvider.dll" (normalized: "c:\\windows\\system32\\fontprovider.dll")) returned 0x24 [0073.560] CoTaskMemFree (pv=0x549440) [0073.560] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875e90000, lpmodinfo=0x22ea688, cb=0x18 | out: lpmodinfo=0x22ea688*(lpBaseOfDll=0x7ff875e90000, SizeOfImage=0xd000, EntryPoint=0x7ff875e92650)) returned 1 [0073.563] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.563] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875e90000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="nsisvc.dll") returned 0xa [0073.565] CoTaskMemFree (pv=0x549440) [0073.565] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.565] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875e90000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll")) returned 0x1e [0073.568] CoTaskMemFree (pv=0x549440) [0073.568] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpmodinfo=0x22ec830, cb=0x18 | out: lpmodinfo=0x22ec830*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0073.571] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.571] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0073.574] CoTaskMemFree (pv=0x549440) [0073.574] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.574] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0073.577] CoTaskMemFree (pv=0x549440) [0073.577] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874b70000, lpmodinfo=0x22ee9c8, cb=0x18 | out: lpmodinfo=0x22ee9c8*(lpBaseOfDll=0x7ff874b70000, SizeOfImage=0x8b000, EntryPoint=0x7ff874b8d2a0)) returned 1 [0073.580] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.580] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874b70000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="netprofmsvc.dll") returned 0xf [0073.583] CoTaskMemFree (pv=0x549440) [0073.583] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.583] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874b70000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\netprofmsvc.dll" (normalized: "c:\\windows\\system32\\netprofmsvc.dll")) returned 0x23 [0073.586] CoTaskMemFree (pv=0x549440) [0073.586] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8786b0000, lpmodinfo=0x22f0b80, cb=0x18 | out: lpmodinfo=0x22f0b80*(lpBaseOfDll=0x7ff8786b0000, SizeOfImage=0x18000, EntryPoint=0x7ff8786b5910)) returned 1 [0073.596] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.596] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8786b0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="nlaapi.dll") returned 0xa [0073.599] CoTaskMemFree (pv=0x549440) [0073.600] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.600] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8786b0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0073.603] CoTaskMemFree (pv=0x549440) [0073.603] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874a90000, lpmodinfo=0x22f2f40, cb=0x18 | out: lpmodinfo=0x22f2f40*(lpBaseOfDll=0x7ff874a90000, SizeOfImage=0xe000, EntryPoint=0x7ff874a91460)) returned 1 [0073.606] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.606] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874a90000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0073.609] CoTaskMemFree (pv=0x549440) [0073.609] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.609] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874a90000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0073.612] CoTaskMemFree (pv=0x549440) [0073.612] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpmodinfo=0x22f50f8, cb=0x18 | out: lpmodinfo=0x22f50f8*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0073.615] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.615] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0073.619] CoTaskMemFree (pv=0x549440) [0073.619] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.619] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0073.629] CoTaskMemFree (pv=0x549440) [0073.629] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878b20000, lpmodinfo=0x22f72a0, cb=0x18 | out: lpmodinfo=0x22f72a0*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0073.632] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.632] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878b20000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0073.645] CoTaskMemFree (pv=0x549440) [0073.645] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.645] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878b20000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0073.648] CoTaskMemFree (pv=0x549440) [0073.648] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpmodinfo=0x22f9448, cb=0x18 | out: lpmodinfo=0x22f9448*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0073.651] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.651] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0073.655] CoTaskMemFree (pv=0x549440) [0073.655] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.655] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0073.659] CoTaskMemFree (pv=0x549440) [0073.659] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87be90000, lpmodinfo=0x22fb5f0, cb=0x18 | out: lpmodinfo=0x22fb5f0*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0073.662] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.662] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0073.665] CoTaskMemFree (pv=0x549440) [0073.666] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.666] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0073.669] CoTaskMemFree (pv=0x549440) [0073.669] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875480000, lpmodinfo=0x22fd798, cb=0x18 | out: lpmodinfo=0x22fd798*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0073.673] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.673] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875480000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0073.677] CoTaskMemFree (pv=0x549440) [0073.677] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.677] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875480000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0073.701] CoTaskMemFree (pv=0x549440) [0073.701] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpmodinfo=0x22ff950, cb=0x18 | out: lpmodinfo=0x22ff950*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0073.705] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.705] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0073.709] CoTaskMemFree (pv=0x549440) [0073.709] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.709] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0073.712] CoTaskMemFree (pv=0x549440) [0073.712] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x2301af8, cb=0x18 | out: lpmodinfo=0x2301af8*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0073.716] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.716] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0073.720] CoTaskMemFree (pv=0x549440) [0073.720] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.720] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0073.724] CoTaskMemFree (pv=0x549440) [0073.724] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875270000, lpmodinfo=0x2303cb0, cb=0x18 | out: lpmodinfo=0x2303cb0*(lpBaseOfDll=0x7ff875270000, SizeOfImage=0x16000, EntryPoint=0x7ff8752719f0)) returned 1 [0073.728] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.728] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875270000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0073.731] CoTaskMemFree (pv=0x549440) [0073.731] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.731] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875270000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0073.739] CoTaskMemFree (pv=0x549440) [0073.739] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875250000, lpmodinfo=0x2305e68, cb=0x18 | out: lpmodinfo=0x2305e68*(lpBaseOfDll=0x7ff875250000, SizeOfImage=0x1a000, EntryPoint=0x7ff875252430)) returned 1 [0073.743] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.743] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875250000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0073.747] CoTaskMemFree (pv=0x549440) [0073.747] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.747] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875250000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0073.750] CoTaskMemFree (pv=0x549440) [0073.751] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b030000, lpmodinfo=0x2308020, cb=0x18 | out: lpmodinfo=0x2308020*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0073.754] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.754] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b030000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0073.759] CoTaskMemFree (pv=0x549440) [0073.759] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.759] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b030000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0073.762] CoTaskMemFree (pv=0x549440) [0073.763] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874880000, lpmodinfo=0x230a1c8, cb=0x18 | out: lpmodinfo=0x230a1c8*(lpBaseOfDll=0x7ff874880000, SizeOfImage=0x14000, EntryPoint=0x7ff874881a50)) returned 1 [0073.766] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.766] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874880000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="WlanRadioManager.dll") returned 0x14 [0073.770] CoTaskMemFree (pv=0x549440) [0073.770] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.771] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874880000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WlanRadioManager.dll" (normalized: "c:\\windows\\system32\\wlanradiomanager.dll")) returned 0x28 [0073.778] CoTaskMemFree (pv=0x549440) [0073.778] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878bf0000, lpmodinfo=0x230c3a0, cb=0x18 | out: lpmodinfo=0x230c3a0*(lpBaseOfDll=0x7ff878bf0000, SizeOfImage=0x61000, EntryPoint=0x7ff878bf4b50)) returned 1 [0073.782] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.782] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878bf0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="wlanapi.dll") returned 0xb [0073.786] CoTaskMemFree (pv=0x549440) [0073.786] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.786] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878bf0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")) returned 0x1f [0073.790] CoTaskMemFree (pv=0x549440) [0073.790] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874860000, lpmodinfo=0x230e548, cb=0x18 | out: lpmodinfo=0x230e548*(lpBaseOfDll=0x7ff874860000, SizeOfImage=0x19000, EntryPoint=0x7ff874862180)) returned 1 [0073.794] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.794] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874860000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="BthRadioMedia.dll") returned 0x11 [0073.800] CoTaskMemFree (pv=0x549440) [0073.800] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.800] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874860000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\BthRadioMedia.dll" (normalized: "c:\\windows\\system32\\bthradiomedia.dll")) returned 0x25 [0073.804] CoTaskMemFree (pv=0x549440) [0073.804] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x2310710, cb=0x18 | out: lpmodinfo=0x2310710*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0073.809] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.809] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0073.815] CoTaskMemFree (pv=0x549440) [0073.816] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.816] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0073.820] CoTaskMemFree (pv=0x549440) [0073.820] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpmodinfo=0x23128c8, cb=0x18 | out: lpmodinfo=0x23128c8*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0073.824] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.824] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0073.829] CoTaskMemFree (pv=0x549440) [0073.829] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.829] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0073.833] CoTaskMemFree (pv=0x549440) [0073.833] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874840000, lpmodinfo=0x2314a70, cb=0x18 | out: lpmodinfo=0x2314a70*(lpBaseOfDll=0x7ff874840000, SizeOfImage=0x1e000, EntryPoint=0x7ff874841690)) returned 1 [0073.837] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.837] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874840000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="bluetoothapis.dll") returned 0x11 [0073.842] CoTaskMemFree (pv=0x549440) [0073.842] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.842] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874840000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bluetoothapis.dll" (normalized: "c:\\windows\\system32\\bluetoothapis.dll")) returned 0x25 [0073.846] CoTaskMemFree (pv=0x549440) [0073.846] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874830000, lpmodinfo=0x2316c38, cb=0x18 | out: lpmodinfo=0x2316c38*(lpBaseOfDll=0x7ff874830000, SizeOfImage=0xa000, EntryPoint=0x7ff8748314c0)) returned 1 [0073.856] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.856] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874830000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0073.861] CoTaskMemFree (pv=0x549440) [0073.861] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.862] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874830000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0073.866] CoTaskMemFree (pv=0x549440) [0073.866] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpmodinfo=0x2318df0, cb=0x18 | out: lpmodinfo=0x2318df0*(lpBaseOfDll=0x7ff87b5c0000, SizeOfImage=0x24000, EntryPoint=0x7ff87b5c3260)) returned 1 [0073.870] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.870] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="gpapi.dll") returned 0x9 [0073.875] CoTaskMemFree (pv=0x549440) [0073.875] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.875] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0073.880] CoTaskMemFree (pv=0x549440) [0073.880] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873ad0000, lpmodinfo=0x231af98, cb=0x18 | out: lpmodinfo=0x231af98*(lpBaseOfDll=0x7ff873ad0000, SizeOfImage=0xb000, EntryPoint=0x7ff873ad1a20)) returned 1 [0073.884] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.884] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873ad0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="licensemanagersvc.dll") returned 0x15 [0073.891] CoTaskMemFree (pv=0x549440) [0073.891] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.891] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873ad0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\licensemanagersvc.dll" (normalized: "c:\\windows\\system32\\licensemanagersvc.dll")) returned 0x29 [0073.898] CoTaskMemFree (pv=0x549440) [0073.898] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873990000, lpmodinfo=0x231d170, cb=0x18 | out: lpmodinfo=0x231d170*(lpBaseOfDll=0x7ff873990000, SizeOfImage=0x13d000, EntryPoint=0x7ff8739aa6a0)) returned 1 [0073.902] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.902] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873990000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="LicenseManager.dll") returned 0x12 [0073.907] CoTaskMemFree (pv=0x549440) [0073.907] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.907] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873990000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\LicenseManager.dll" (normalized: "c:\\windows\\system32\\licensemanager.dll")) returned 0x26 [0073.912] CoTaskMemFree (pv=0x549440) [0073.912] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873970000, lpmodinfo=0x231f338, cb=0x18 | out: lpmodinfo=0x231f338*(lpBaseOfDll=0x7ff873970000, SizeOfImage=0x16000, EntryPoint=0x7ff87397b550)) returned 1 [0073.917] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.917] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873970000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="CLIPC.dll") returned 0x9 [0073.922] CoTaskMemFree (pv=0x549440) [0073.922] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.922] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873970000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\CLIPC.dll" (normalized: "c:\\windows\\system32\\clipc.dll")) returned 0x1d [0073.926] CoTaskMemFree (pv=0x549440) [0073.926] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8736c0000, lpmodinfo=0x23214e0, cb=0x18 | out: lpmodinfo=0x23214e0*(lpBaseOfDll=0x7ff8736c0000, SizeOfImage=0x2a3000, EntryPoint=0x7ff8736e6190)) returned 1 [0073.933] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.933] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8736c0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="Windows.StateRepository.dll") returned 0x1b [0073.938] CoTaskMemFree (pv=0x549440) [0073.938] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.938] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8736c0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")) returned 0x2f [0073.943] CoTaskMemFree (pv=0x549440) [0073.943] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873620000, lpmodinfo=0x23236c8, cb=0x18 | out: lpmodinfo=0x23236c8*(lpBaseOfDll=0x7ff873620000, SizeOfImage=0x94000, EntryPoint=0x7ff873659210)) returned 1 [0073.948] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.948] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873620000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="StateRepository.Core.dll") returned 0x18 [0073.953] CoTaskMemFree (pv=0x549440) [0073.953] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.953] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873620000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")) returned 0x2c [0073.958] CoTaskMemFree (pv=0x549440) [0073.958] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpmodinfo=0x23258b0, cb=0x18 | out: lpmodinfo=0x23258b0*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0073.963] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.963] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0073.971] CoTaskMemFree (pv=0x549440) [0073.971] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.971] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0073.976] CoTaskMemFree (pv=0x549440) [0073.976] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpmodinfo=0x2327a58, cb=0x18 | out: lpmodinfo=0x2327a58*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0073.981] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.981] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0073.986] CoTaskMemFree (pv=0x549440) [0073.986] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.986] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0073.991] CoTaskMemFree (pv=0x549440) [0073.991] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c060000, lpmodinfo=0x2329c00, cb=0x18 | out: lpmodinfo=0x2329c00*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0073.997] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0073.997] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0074.055] CoTaskMemFree (pv=0x549440) [0074.055] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.055] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0074.060] CoTaskMemFree (pv=0x549440) [0074.060] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873560000, lpmodinfo=0x232bdb8, cb=0x18 | out: lpmodinfo=0x232bdb8*(lpBaseOfDll=0x7ff873560000, SizeOfImage=0xb2000, EntryPoint=0x7ff87357f750)) returned 1 [0074.066] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.066] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873560000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="Windows.Security.Authentication.OnlineId.dll") returned 0x2c [0074.071] CoTaskMemFree (pv=0x549440) [0074.071] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.071] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873560000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll" (normalized: "c:\\windows\\system32\\windows.security.authentication.onlineid.dll")) returned 0x40 [0074.076] CoTaskMemFree (pv=0x549440) [0074.077] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873480000, lpmodinfo=0x232dff0, cb=0x18 | out: lpmodinfo=0x232dff0*(lpBaseOfDll=0x7ff873480000, SizeOfImage=0xd5000, EntryPoint=0x7ff87349cf80)) returned 1 [0074.082] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.082] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873480000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="wuapi.dll") returned 0x9 [0074.087] CoTaskMemFree (pv=0x549440) [0074.087] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.087] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873480000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")) returned 0x1d [0074.119] CoTaskMemFree (pv=0x549440) [0074.119] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d170000, lpmodinfo=0x2330198, cb=0x18 | out: lpmodinfo=0x2330198*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0074.125] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.125] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0074.130] CoTaskMemFree (pv=0x549440) [0074.130] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.130] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0074.136] CoTaskMemFree (pv=0x549440) [0074.136] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpmodinfo=0x2332340, cb=0x18 | out: lpmodinfo=0x2332340*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0074.142] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.142] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0074.147] CoTaskMemFree (pv=0x549440) [0074.147] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.147] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0074.157] CoTaskMemFree (pv=0x549440) [0074.157] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d340000, lpmodinfo=0x23344e8, cb=0x18 | out: lpmodinfo=0x23344e8*(lpBaseOfDll=0x7ff87d340000, SizeOfImage=0x55000, EntryPoint=0x7ff87d357970)) returned 1 [0074.164] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.164] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d340000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0074.169] CoTaskMemFree (pv=0x549440) [0074.169] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.170] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d340000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0074.176] CoTaskMemFree (pv=0x549440) [0074.176] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873450000, lpmodinfo=0x2336ab8, cb=0x18 | out: lpmodinfo=0x2336ab8*(lpBaseOfDll=0x7ff873450000, SizeOfImage=0x22000, EntryPoint=0x7ff873462540)) returned 1 [0074.181] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.181] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873450000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="UpdatePolicy.dll") returned 0x10 [0074.187] CoTaskMemFree (pv=0x549440) [0074.187] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.187] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873450000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\UpdatePolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll")) returned 0x24 [0074.197] CoTaskMemFree (pv=0x549440) [0074.197] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872a10000, lpmodinfo=0x2338c80, cb=0x18 | out: lpmodinfo=0x2338c80*(lpBaseOfDll=0x7ff872a10000, SizeOfImage=0x10000, EntryPoint=0x7ff872a11690)) returned 1 [0074.204] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.204] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872a10000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="wups.dll") returned 0x8 [0074.210] CoTaskMemFree (pv=0x549440) [0074.210] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.210] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872a10000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll")) returned 0x1c [0074.225] CoTaskMemFree (pv=0x549440) [0074.225] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870b40000, lpmodinfo=0x233ae28, cb=0x18 | out: lpmodinfo=0x233ae28*(lpBaseOfDll=0x7ff870b40000, SizeOfImage=0x1d000, EntryPoint=0x7ff870b46190)) returned 1 [0074.231] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.231] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870b40000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="wdi.dll") returned 0x7 [0074.237] CoTaskMemFree (pv=0x549440) [0074.237] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.237] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870b40000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll")) returned 0x1b [0074.251] CoTaskMemFree (pv=0x549440) [0074.251] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c480000, lpmodinfo=0x233cfc0, cb=0x18 | out: lpmodinfo=0x233cfc0*(lpBaseOfDll=0x7ff87c480000, SizeOfImage=0x99000, EntryPoint=0x7ff87c4af4e0)) returned 1 [0074.257] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.257] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c480000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="sxs.dll") returned 0x7 [0074.264] CoTaskMemFree (pv=0x549440) [0074.264] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.264] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c480000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0074.270] CoTaskMemFree (pv=0x549440) [0074.270] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f440000, lpmodinfo=0x233f158, cb=0x18 | out: lpmodinfo=0x233f158*(lpBaseOfDll=0x7ff86f440000, SizeOfImage=0x18000, EntryPoint=0x7ff86f444a20)) returned 1 [0074.276] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.276] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f440000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="perftrack.dll") returned 0xd [0074.289] CoTaskMemFree (pv=0x549440) [0074.289] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.289] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f440000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll")) returned 0x21 [0074.296] CoTaskMemFree (pv=0x549440) [0074.296] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff876870000, lpmodinfo=0x2341310, cb=0x18 | out: lpmodinfo=0x2341310*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0074.302] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.302] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff876870000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="WinTypes.dll") returned 0xc [0074.310] CoTaskMemFree (pv=0x549440) [0074.310] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.310] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff876870000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0074.316] CoTaskMemFree (pv=0x549440) [0074.316] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872540000, lpmodinfo=0x23434c8, cb=0x18 | out: lpmodinfo=0x23434c8*(lpBaseOfDll=0x7ff872540000, SizeOfImage=0x27a000, EntryPoint=0x7ff87255a7a0)) returned 1 [0074.322] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.322] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872540000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="msxml6.dll") returned 0xa [0074.331] CoTaskMemFree (pv=0x549440) [0074.331] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.331] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872540000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")) returned 0x1e [0074.337] CoTaskMemFree (pv=0x549440) [0074.337] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86b0b0000, lpmodinfo=0x2345670, cb=0x18 | out: lpmodinfo=0x2345670*(lpBaseOfDll=0x7ff86b0b0000, SizeOfImage=0xc5000, EntryPoint=0x7ff86b0be740)) returned 1 [0074.344] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.344] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86b0b0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="Windows.Web.dll") returned 0xf [0074.350] CoTaskMemFree (pv=0x549440) [0074.350] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.350] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86b0b0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Web.dll" (normalized: "c:\\windows\\system32\\windows.web.dll")) returned 0x23 [0074.378] CoTaskMemFree (pv=0x549440) [0074.378] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpmodinfo=0x2347828, cb=0x18 | out: lpmodinfo=0x2347828*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0074.386] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.387] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0074.393] CoTaskMemFree (pv=0x549440) [0074.393] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.393] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0074.399] CoTaskMemFree (pv=0x549440) [0074.399] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c760000, lpmodinfo=0x23499e0, cb=0x18 | out: lpmodinfo=0x23499e0*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0074.406] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.406] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0074.414] CoTaskMemFree (pv=0x549440) [0074.414] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.414] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0074.429] CoTaskMemFree (pv=0x549440) [0074.429] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpmodinfo=0x234bba8, cb=0x18 | out: lpmodinfo=0x234bba8*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0074.442] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.442] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0074.449] CoTaskMemFree (pv=0x549440) [0074.449] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.449] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0074.455] CoTaskMemFree (pv=0x549440) [0074.455] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpmodinfo=0x234dd50, cb=0x18 | out: lpmodinfo=0x234dd50*(lpBaseOfDll=0x7ff87bc10000, SizeOfImage=0xa000, EntryPoint=0x7ff87bc11830)) returned 1 [0074.462] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.462] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="DPAPI.DLL") returned 0x9 [0074.469] CoTaskMemFree (pv=0x549440) [0074.469] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.469] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DPAPI.DLL" (normalized: "c:\\windows\\system32\\dpapi.dll")) returned 0x1d [0074.479] CoTaskMemFree (pv=0x549440) [0074.479] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879c90000, lpmodinfo=0x234fef8, cb=0x18 | out: lpmodinfo=0x234fef8*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0074.486] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.486] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0074.493] CoTaskMemFree (pv=0x549440) [0074.493] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.493] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0074.500] CoTaskMemFree (pv=0x549440) [0074.500] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86ad40000, lpmodinfo=0x23520b0, cb=0x18 | out: lpmodinfo=0x23520b0*(lpBaseOfDll=0x7ff86ad40000, SizeOfImage=0xb1000, EntryPoint=0x7ff86adb1ca0)) returned 1 [0074.507] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.507] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86ad40000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="Windows.Security.Authentication.Web.Core.dll") returned 0x2c [0074.516] CoTaskMemFree (pv=0x549440) [0074.516] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.516] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86ad40000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Security.Authentication.Web.Core.dll" (normalized: "c:\\windows\\system32\\windows.security.authentication.web.core.dll")) returned 0x40 [0074.523] CoTaskMemFree (pv=0x549440) [0074.523] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f220000, lpmodinfo=0x23542e8, cb=0x18 | out: lpmodinfo=0x23542e8*(lpBaseOfDll=0x7ff86f220000, SizeOfImage=0x17000, EntryPoint=0x7ff86f226620)) returned 1 [0074.530] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.530] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f220000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="msauserext.dll") returned 0xe [0074.537] CoTaskMemFree (pv=0x549440) [0074.537] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.537] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f220000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msauserext.dll" (normalized: "c:\\windows\\system32\\msauserext.dll")) returned 0x22 [0074.544] CoTaskMemFree (pv=0x549440) [0074.544] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ae40000, lpmodinfo=0x23564a0, cb=0x18 | out: lpmodinfo=0x23564a0*(lpBaseOfDll=0x7ff87ae40000, SizeOfImage=0x2c000, EntryPoint=0x7ff87ae41d20)) returned 1 [0074.562] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.562] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ae40000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="AuthBroker.dll") returned 0xe [0074.569] CoTaskMemFree (pv=0x549440) [0074.569] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.569] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ae40000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\AuthBroker.dll" (normalized: "c:\\windows\\system32\\authbroker.dll")) returned 0x22 [0074.576] CoTaskMemFree (pv=0x549440) [0074.576] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875230000, lpmodinfo=0x2358658, cb=0x18 | out: lpmodinfo=0x2358658*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff875231b60)) returned 1 [0074.583] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.583] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875230000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0074.590] CoTaskMemFree (pv=0x549440) [0074.590] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.590] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875230000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0074.606] CoTaskMemFree (pv=0x549440) [0074.606] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpmodinfo=0x235a800, cb=0x18 | out: lpmodinfo=0x235a800*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0074.614] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.614] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0074.621] CoTaskMemFree (pv=0x549440) [0074.621] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.622] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0074.628] CoTaskMemFree (pv=0x549440) [0074.628] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff863f10000, lpmodinfo=0x235c9b8, cb=0x18 | out: lpmodinfo=0x235c9b8*(lpBaseOfDll=0x7ff863f10000, SizeOfImage=0x12000, EntryPoint=0x7ff863f11a80)) returned 1 [0074.635] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.636] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff863f10000, lpBaseName=0x549440, nSize=0x800 | out: lpBaseName="BitsProxy.dll") returned 0xd [0074.658] CoTaskMemFree (pv=0x549440) [0074.658] CoTaskMemAlloc (cb=0x804) returned 0x549440 [0074.658] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff863f10000, lpFilename=0x549440, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll")) returned 0x21 [0074.665] CoTaskMemFree (pv=0x549440) [0074.666] CloseHandle (hObject=0x25c) returned 1 [0074.667] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0074.667] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x868) returned 0x25c [0074.667] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2360c60, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2360c60, lpcbNeeded=0x14ef68) returned 1 [0074.670] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff7531e0000, lpmodinfo=0x2360ed0, cb=0x18 | out: lpmodinfo=0x2360ed0*(lpBaseOfDll=0x7ff7531e0000, SizeOfImage=0x80000, EntryPoint=0x7ff7531f5f50)) returned 1 [0074.670] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.670] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff7531e0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wmiprvse.exe") returned 0xc [0074.671] CoTaskMemFree (pv=0x548dc0) [0074.671] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.671] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff7531e0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiprvse.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")) returned 0x25 [0074.672] CoTaskMemFree (pv=0x548dc0) [0074.672] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x23630c8, cb=0x18 | out: lpmodinfo=0x23630c8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0074.672] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.672] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0074.673] CoTaskMemFree (pv=0x548dc0) [0074.673] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.673] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0074.673] CoTaskMemFree (pv=0x548dc0) [0074.673] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x2365270, cb=0x18 | out: lpmodinfo=0x2365270*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0074.674] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.674] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0074.674] CoTaskMemFree (pv=0x548dc0) [0074.674] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.675] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0074.675] CoTaskMemFree (pv=0x548dc0) [0074.675] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x2367428, cb=0x18 | out: lpmodinfo=0x2367428*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0074.676] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.676] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0074.676] CoTaskMemFree (pv=0x548dc0) [0074.676] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.676] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0074.677] CoTaskMemFree (pv=0x548dc0) [0074.677] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x23695e0, cb=0x18 | out: lpmodinfo=0x23695e0*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0074.678] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.678] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0074.679] CoTaskMemFree (pv=0x548dc0) [0074.679] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.679] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0074.680] CoTaskMemFree (pv=0x548dc0) [0074.680] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e990000, lpmodinfo=0x236b7e0, cb=0x18 | out: lpmodinfo=0x236b7e0*(lpBaseOfDll=0x7ff86e990000, SizeOfImage=0xf6000, EntryPoint=0x7ff86e9c9590)) returned 1 [0074.680] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.680] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e990000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="FastProx.dll") returned 0xc [0074.681] CoTaskMemFree (pv=0x548dc0) [0074.681] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.681] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e990000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\FastProx.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0074.682] CoTaskMemFree (pv=0x548dc0) [0074.682] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x236d9a0, cb=0x18 | out: lpmodinfo=0x236d9a0*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0074.683] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.683] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0074.684] CoTaskMemFree (pv=0x548dc0) [0074.684] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.684] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0074.685] CoTaskMemFree (pv=0x548dc0) [0074.685] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x236fb48, cb=0x18 | out: lpmodinfo=0x236fb48*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0074.686] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.686] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0074.687] CoTaskMemFree (pv=0x548dc0) [0074.687] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.687] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0074.688] CoTaskMemFree (pv=0x548dc0) [0074.688] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x2371cf0, cb=0x18 | out: lpmodinfo=0x2371cf0*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0074.701] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.701] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0074.702] CoTaskMemFree (pv=0x548dc0) [0074.702] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.702] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0074.703] CoTaskMemFree (pv=0x548dc0) [0074.703] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e590000, lpmodinfo=0x2373f60, cb=0x18 | out: lpmodinfo=0x2373f60*(lpBaseOfDll=0x7ff86e590000, SizeOfImage=0x16000, EntryPoint=0x7ff86e5955e0)) returned 1 [0074.704] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.704] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e590000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="NCObjAPI.DLL") returned 0xc [0074.705] CoTaskMemFree (pv=0x548dc0) [0074.705] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.705] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e590000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NCObjAPI.DLL" (normalized: "c:\\windows\\system32\\ncobjapi.dll")) returned 0x20 [0074.707] CoTaskMemFree (pv=0x548dc0) [0074.707] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870c70000, lpmodinfo=0x2376118, cb=0x18 | out: lpmodinfo=0x2376118*(lpBaseOfDll=0x7ff870c70000, SizeOfImage=0x7f000, EntryPoint=0x7ff870c87110)) returned 1 [0074.708] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.708] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870c70000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wbemcomn.dll") returned 0xc [0074.709] CoTaskMemFree (pv=0x548dc0) [0074.709] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.709] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870c70000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")) returned 0x20 [0074.711] CoTaskMemFree (pv=0x548dc0) [0074.711] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpmodinfo=0x23782d0, cb=0x18 | out: lpmodinfo=0x23782d0*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0074.713] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.713] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0074.715] CoTaskMemFree (pv=0x548dc0) [0074.715] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.715] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0074.716] CoTaskMemFree (pv=0x548dc0) [0074.716] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x237a478, cb=0x18 | out: lpmodinfo=0x237a478*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0074.717] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.717] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0074.719] CoTaskMemFree (pv=0x548dc0) [0074.719] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.719] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0074.720] CoTaskMemFree (pv=0x548dc0) [0074.720] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x237c620, cb=0x18 | out: lpmodinfo=0x237c620*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0074.722] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.722] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0074.723] CoTaskMemFree (pv=0x548dc0) [0074.723] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.723] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0074.725] CoTaskMemFree (pv=0x548dc0) [0074.725] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x237e7c8, cb=0x18 | out: lpmodinfo=0x237e7c8*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0074.726] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.726] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0074.728] CoTaskMemFree (pv=0x548dc0) [0074.728] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.728] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0074.730] CoTaskMemFree (pv=0x548dc0) [0074.730] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x2380980, cb=0x18 | out: lpmodinfo=0x2380980*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0074.731] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.731] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0074.733] CoTaskMemFree (pv=0x548dc0) [0074.734] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.734] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0074.744] CoTaskMemFree (pv=0x548dc0) [0074.744] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x2382b28, cb=0x18 | out: lpmodinfo=0x2382b28*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0074.746] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.746] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0074.747] CoTaskMemFree (pv=0x548dc0) [0074.748] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.748] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0074.749] CoTaskMemFree (pv=0x548dc0) [0074.749] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x2384de8, cb=0x18 | out: lpmodinfo=0x2384de8*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0074.751] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.751] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0074.753] CoTaskMemFree (pv=0x548dc0) [0074.753] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.753] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0074.755] CoTaskMemFree (pv=0x548dc0) [0074.755] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x2386fb0, cb=0x18 | out: lpmodinfo=0x2386fb0*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0074.757] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.757] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0074.759] CoTaskMemFree (pv=0x548dc0) [0074.759] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.759] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0074.761] CoTaskMemFree (pv=0x548dc0) [0074.761] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86efa0000, lpmodinfo=0x2389158, cb=0x18 | out: lpmodinfo=0x2389158*(lpBaseOfDll=0x7ff86efa0000, SizeOfImage=0x11000, EntryPoint=0x7ff86efa2fc0)) returned 1 [0074.763] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.763] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86efa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0074.765] CoTaskMemFree (pv=0x548dc0) [0074.765] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.765] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86efa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0074.767] CoTaskMemFree (pv=0x548dc0) [0074.767] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x238b318, cb=0x18 | out: lpmodinfo=0x238b318*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0074.769] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.769] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0074.771] CoTaskMemFree (pv=0x548dc0) [0074.771] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.771] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0074.773] CoTaskMemFree (pv=0x548dc0) [0074.773] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e970000, lpmodinfo=0x238d4d0, cb=0x18 | out: lpmodinfo=0x238d4d0*(lpBaseOfDll=0x7ff86e970000, SizeOfImage=0x14000, EntryPoint=0x7ff86e971800)) returned 1 [0074.775] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.775] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e970000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0074.777] CoTaskMemFree (pv=0x548dc0) [0074.777] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.777] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e970000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0074.815] CoTaskMemFree (pv=0x548dc0) [0074.815] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e940000, lpmodinfo=0x238f688, cb=0x18 | out: lpmodinfo=0x238f688*(lpBaseOfDll=0x7ff86e940000, SizeOfImage=0x25000, EntryPoint=0x7ff86e949900)) returned 1 [0074.817] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.817] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e940000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wmiutils.dll") returned 0xc [0074.819] CoTaskMemFree (pv=0x548dc0) [0074.819] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.820] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e940000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")) returned 0x25 [0074.822] CoTaskMemFree (pv=0x548dc0) [0074.822] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff865cb0000, lpmodinfo=0x2391848, cb=0x18 | out: lpmodinfo=0x2391848*(lpBaseOfDll=0x7ff865cb0000, SizeOfImage=0x3d000, EntryPoint=0x7ff865cbb760)) returned 1 [0074.825] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.825] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff865cb0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wmiprov.dll") returned 0xb [0074.827] CoTaskMemFree (pv=0x548dc0) [0074.827] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.827] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff865cb0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll")) returned 0x24 [0074.829] CoTaskMemFree (pv=0x548dc0) [0074.829] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpmodinfo=0x2393a00, cb=0x18 | out: lpmodinfo=0x2393a00*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0074.832] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.832] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0074.835] CoTaskMemFree (pv=0x548dc0) [0074.835] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.835] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0074.837] CoTaskMemFree (pv=0x548dc0) [0074.837] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875d20000, lpmodinfo=0x2395ba8, cb=0x18 | out: lpmodinfo=0x2395ba8*(lpBaseOfDll=0x7ff875d20000, SizeOfImage=0x11000, EntryPoint=0x7ff875d23320)) returned 1 [0074.839] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.839] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875d20000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WMICLNT.dll") returned 0xb [0074.842] CoTaskMemFree (pv=0x548dc0) [0074.842] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.842] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875d20000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WMICLNT.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")) returned 0x1f [0074.844] CoTaskMemFree (pv=0x548dc0) [0074.844] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861780000, lpmodinfo=0x2397d50, cb=0x18 | out: lpmodinfo=0x2397d50*(lpBaseOfDll=0x7ff861780000, SizeOfImage=0x25000, EntryPoint=0x7ff861795dc0)) returned 1 [0074.847] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.847] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861780000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WmiPerfClass.dll") returned 0x10 [0074.855] CoTaskMemFree (pv=0x548dc0) [0074.855] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.855] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861780000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll")) returned 0x29 [0074.858] CoTaskMemFree (pv=0x548dc0) [0074.858] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861730000, lpmodinfo=0x2399f20, cb=0x18 | out: lpmodinfo=0x2399f20*(lpBaseOfDll=0x7ff861730000, SizeOfImage=0x4d000, EntryPoint=0x7ff86173b470)) returned 1 [0074.860] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.860] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861730000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="pdh.dll") returned 0x7 [0074.863] CoTaskMemFree (pv=0x548dc0) [0074.863] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.863] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861730000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll")) returned 0x1b [0074.866] CoTaskMemFree (pv=0x548dc0) [0074.866] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8788f0000, lpmodinfo=0x239c0b8, cb=0x18 | out: lpmodinfo=0x239c0b8*(lpBaseOfDll=0x7ff8788f0000, SizeOfImage=0x64000, EntryPoint=0x7ff878905ae0)) returned 1 [0074.868] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.868] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8788f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0074.871] CoTaskMemFree (pv=0x548dc0) [0074.871] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0074.871] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8788f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0074.874] CoTaskMemFree (pv=0x548dc0) [0074.874] CloseHandle (hObject=0x25c) returned 1 [0074.875] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0074.875] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x618) returned 0x25c [0074.875] EnumProcessModules (in: hProcess=0x25c, lphModule=0x239f068, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x239f068, lpcbNeeded=0x14ef68) returned 1 [0074.878] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpmodinfo=0x239f2d8, cb=0x18 | out: lpmodinfo=0x239f2d8*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0074.878] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.878] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0074.879] CoTaskMemFree (pv=0x5498e0) [0074.879] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.879] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0074.879] CoTaskMemFree (pv=0x5498e0) [0074.879] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x23a14b8, cb=0x18 | out: lpmodinfo=0x23a14b8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0074.880] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.880] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0074.881] CoTaskMemFree (pv=0x5498e0) [0074.881] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.881] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0074.881] CoTaskMemFree (pv=0x5498e0) [0074.881] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x23a3660, cb=0x18 | out: lpmodinfo=0x23a3660*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0074.882] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.882] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0074.883] CoTaskMemFree (pv=0x5498e0) [0074.883] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.883] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0074.884] CoTaskMemFree (pv=0x5498e0) [0074.884] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x23a5818, cb=0x18 | out: lpmodinfo=0x23a5818*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0074.885] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.885] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0074.886] CoTaskMemFree (pv=0x5498e0) [0074.886] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.886] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0074.886] CoTaskMemFree (pv=0x5498e0) [0074.886] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x23a79d0, cb=0x18 | out: lpmodinfo=0x23a79d0*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0074.887] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.887] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0074.888] CoTaskMemFree (pv=0x5498e0) [0074.888] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.888] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0074.889] CoTaskMemFree (pv=0x5498e0) [0074.889] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x23a9bd0, cb=0x18 | out: lpmodinfo=0x23a9bd0*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0074.889] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.889] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0074.899] CoTaskMemFree (pv=0x5498e0) [0074.899] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.899] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0074.899] CoTaskMemFree (pv=0x5498e0) [0074.899] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b760000, lpmodinfo=0x23abd78, cb=0x18 | out: lpmodinfo=0x23abd78*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0074.900] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.900] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0074.901] CoTaskMemFree (pv=0x5498e0) [0074.901] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.901] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0074.902] CoTaskMemFree (pv=0x5498e0) [0074.902] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x23adf30, cb=0x18 | out: lpmodinfo=0x23adf30*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0074.904] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.904] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0074.905] CoTaskMemFree (pv=0x5498e0) [0074.905] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.905] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0074.906] CoTaskMemFree (pv=0x5498e0) [0074.906] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x23b00d8, cb=0x18 | out: lpmodinfo=0x23b00d8*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0074.907] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.907] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0074.908] CoTaskMemFree (pv=0x5498e0) [0074.908] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.908] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0074.910] CoTaskMemFree (pv=0x5498e0) [0074.910] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x23b2318, cb=0x18 | out: lpmodinfo=0x23b2318*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0074.911] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.911] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0074.912] CoTaskMemFree (pv=0x5498e0) [0074.912] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.912] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0074.915] CoTaskMemFree (pv=0x5498e0) [0074.915] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x23b44f0, cb=0x18 | out: lpmodinfo=0x23b44f0*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0074.916] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.916] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0074.917] CoTaskMemFree (pv=0x5498e0) [0074.918] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.918] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0074.919] CoTaskMemFree (pv=0x5498e0) [0074.919] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x23b66b8, cb=0x18 | out: lpmodinfo=0x23b66b8*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0074.920] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.920] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0074.921] CoTaskMemFree (pv=0x5498e0) [0074.921] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.921] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0074.923] CoTaskMemFree (pv=0x5498e0) [0074.923] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x23b8860, cb=0x18 | out: lpmodinfo=0x23b8860*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0074.924] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.924] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0074.926] CoTaskMemFree (pv=0x5498e0) [0074.926] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.926] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0074.927] CoTaskMemFree (pv=0x5498e0) [0074.927] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8736c0000, lpmodinfo=0x23baa08, cb=0x18 | out: lpmodinfo=0x23baa08*(lpBaseOfDll=0x7ff8736c0000, SizeOfImage=0x2a3000, EntryPoint=0x7ff8736e6190)) returned 1 [0074.929] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.929] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8736c0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="windows.staterepository.dll") returned 0x1b [0074.930] CoTaskMemFree (pv=0x5498e0) [0074.930] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.930] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8736c0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\windows.staterepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")) returned 0x2f [0074.932] CoTaskMemFree (pv=0x5498e0) [0074.932] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873620000, lpmodinfo=0x23bcbf0, cb=0x18 | out: lpmodinfo=0x23bcbf0*(lpBaseOfDll=0x7ff873620000, SizeOfImage=0x94000, EntryPoint=0x7ff873659210)) returned 1 [0074.933] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.933] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873620000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="StateRepository.Core.dll") returned 0x18 [0074.937] CoTaskMemFree (pv=0x5498e0) [0074.938] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.938] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873620000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")) returned 0x2c [0074.939] CoTaskMemFree (pv=0x5498e0) [0074.939] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x23bedd8, cb=0x18 | out: lpmodinfo=0x23bedd8*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0074.941] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.941] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0074.942] CoTaskMemFree (pv=0x5498e0) [0074.943] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.943] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0074.944] CoTaskMemFree (pv=0x5498e0) [0074.944] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870a00000, lpmodinfo=0x23c0f80, cb=0x18 | out: lpmodinfo=0x23c0f80*(lpBaseOfDll=0x7ff870a00000, SizeOfImage=0x7c000, EntryPoint=0x7ff870a2a970)) returned 1 [0074.947] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.947] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870a00000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="tileobjserver.dll") returned 0x11 [0074.964] CoTaskMemFree (pv=0x5498e0) [0074.964] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.964] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870a00000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\tileobjserver.dll" (normalized: "c:\\windows\\system32\\tileobjserver.dll")) returned 0x25 [0074.966] CoTaskMemFree (pv=0x5498e0) [0074.966] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x21fe6d0, cb=0x18 | out: lpmodinfo=0x21fe6d0*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0074.968] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.968] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0074.969] CoTaskMemFree (pv=0x5498e0) [0074.969] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.969] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0074.971] CoTaskMemFree (pv=0x5498e0) [0074.971] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878e80000, lpmodinfo=0x2200878, cb=0x18 | out: lpmodinfo=0x2200878*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0074.973] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.973] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878e80000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0074.975] CoTaskMemFree (pv=0x5498e0) [0074.975] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.975] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878e80000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0074.977] CoTaskMemFree (pv=0x5498e0) [0074.977] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872f10000, lpmodinfo=0x2202a40, cb=0x18 | out: lpmodinfo=0x2202a40*(lpBaseOfDll=0x7ff872f10000, SizeOfImage=0x2f9000, EntryPoint=0x7ff872fd7280)) returned 1 [0074.979] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.979] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872f10000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="ESENT.dll") returned 0x9 [0074.986] CoTaskMemFree (pv=0x5498e0) [0074.986] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.986] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872f10000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ESENT.dll" (normalized: "c:\\windows\\system32\\esent.dll")) returned 0x1d [0074.988] CoTaskMemFree (pv=0x5498e0) [0074.988] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870840000, lpmodinfo=0x2204be8, cb=0x18 | out: lpmodinfo=0x2204be8*(lpBaseOfDll=0x7ff870840000, SizeOfImage=0x1b8000, EntryPoint=0x7ff8708ae630)) returned 1 [0074.990] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.990] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870840000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="urlmon.dll") returned 0xa [0074.992] CoTaskMemFree (pv=0x5498e0) [0074.992] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.992] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870840000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")) returned 0x1e [0074.994] CoTaskMemFree (pv=0x5498e0) [0074.994] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x2206d90, cb=0x18 | out: lpmodinfo=0x2206d90*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0074.996] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.996] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0074.998] CoTaskMemFree (pv=0x5498e0) [0074.998] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0074.998] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0075.000] CoTaskMemFree (pv=0x5498e0) [0075.000] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpmodinfo=0x2208f48, cb=0x18 | out: lpmodinfo=0x2208f48*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0075.002] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.002] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0075.004] CoTaskMemFree (pv=0x5498e0) [0075.004] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.004] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0075.007] CoTaskMemFree (pv=0x5498e0) [0075.007] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpmodinfo=0x220b0f0, cb=0x18 | out: lpmodinfo=0x220b0f0*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0075.009] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.009] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0075.011] CoTaskMemFree (pv=0x5498e0) [0075.011] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.011] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0075.014] CoTaskMemFree (pv=0x5498e0) [0075.014] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c760000, lpmodinfo=0x220d2a8, cb=0x18 | out: lpmodinfo=0x220d2a8*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0075.017] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.017] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0075.019] CoTaskMemFree (pv=0x5498e0) [0075.019] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.019] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0075.026] CoTaskMemFree (pv=0x5498e0) [0075.026] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x220f470, cb=0x18 | out: lpmodinfo=0x220f470*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0075.028] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.028] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0075.031] CoTaskMemFree (pv=0x5498e0) [0075.031] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.031] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0075.033] CoTaskMemFree (pv=0x5498e0) [0075.033] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x2211628, cb=0x18 | out: lpmodinfo=0x2211628*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0075.036] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.036] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0075.038] CoTaskMemFree (pv=0x5498e0) [0075.038] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.038] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0075.041] CoTaskMemFree (pv=0x5498e0) [0075.041] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x22137e0, cb=0x18 | out: lpmodinfo=0x22137e0*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0075.043] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.043] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0075.046] CoTaskMemFree (pv=0x5498e0) [0075.046] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.046] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0075.049] CoTaskMemFree (pv=0x5498e0) [0075.049] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff876870000, lpmodinfo=0x2215988, cb=0x18 | out: lpmodinfo=0x2215988*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0075.052] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.052] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff876870000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="WinTypes.dll") returned 0xc [0075.054] CoTaskMemFree (pv=0x5498e0) [0075.054] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.054] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff876870000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0075.057] CoTaskMemFree (pv=0x5498e0) [0075.057] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpmodinfo=0x2217b40, cb=0x18 | out: lpmodinfo=0x2217b40*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0075.063] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.063] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0075.066] CoTaskMemFree (pv=0x5498e0) [0075.066] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.066] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0075.069] CoTaskMemFree (pv=0x5498e0) [0075.069] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpmodinfo=0x2219ce8, cb=0x18 | out: lpmodinfo=0x2219ce8*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0075.071] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.071] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0075.074] CoTaskMemFree (pv=0x5498e0) [0075.074] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.074] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0075.077] CoTaskMemFree (pv=0x5498e0) [0075.077] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x221be90, cb=0x18 | out: lpmodinfo=0x221be90*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0075.080] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.080] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0075.083] CoTaskMemFree (pv=0x5498e0) [0075.083] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.083] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0075.086] CoTaskMemFree (pv=0x5498e0) [0075.086] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c060000, lpmodinfo=0x221e038, cb=0x18 | out: lpmodinfo=0x221e038*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0075.089] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.089] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0075.092] CoTaskMemFree (pv=0x5498e0) [0075.092] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.092] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0075.095] CoTaskMemFree (pv=0x5498e0) [0075.095] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpmodinfo=0x2220408, cb=0x18 | out: lpmodinfo=0x2220408*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0075.101] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.101] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0075.110] CoTaskMemFree (pv=0x5498e0) [0075.111] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.111] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0075.114] CoTaskMemFree (pv=0x5498e0) [0075.114] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpmodinfo=0x22225c0, cb=0x18 | out: lpmodinfo=0x22225c0*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0075.118] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.118] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0075.121] CoTaskMemFree (pv=0x5498e0) [0075.121] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.121] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0075.124] CoTaskMemFree (pv=0x5498e0) [0075.124] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpmodinfo=0x2224768, cb=0x18 | out: lpmodinfo=0x2224768*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0075.127] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.127] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0075.130] CoTaskMemFree (pv=0x5498e0) [0075.130] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.130] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0075.134] CoTaskMemFree (pv=0x5498e0) [0075.134] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x2226910, cb=0x18 | out: lpmodinfo=0x2226910*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0075.137] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.137] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0075.147] CoTaskMemFree (pv=0x5498e0) [0075.147] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.148] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0075.151] CoTaskMemFree (pv=0x5498e0) [0075.151] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879c90000, lpmodinfo=0x2228ab8, cb=0x18 | out: lpmodinfo=0x2228ab8*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0075.154] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.154] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0075.158] CoTaskMemFree (pv=0x5498e0) [0075.158] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.158] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0075.161] CoTaskMemFree (pv=0x5498e0) [0075.161] CloseHandle (hObject=0x25c) returned 1 [0075.162] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0075.162] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1018) returned 0x25c [0075.162] EnumProcessModules (in: hProcess=0x25c, lphModule=0x222bd90, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x222bd90, lpcbNeeded=0x14ef68) returned 1 [0075.163] GetModuleInformation (in: hProcess=0x25c, hModule=0xda0000, lpmodinfo=0x222c000, cb=0x18 | out: lpmodinfo=0x222c000*(lpBaseOfDll=0xda0000, SizeOfImage=0x17000, EntryPoint=0xda14a1)) returned 1 [0075.163] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.163] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xda0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="fling.exe") returned 0x9 [0075.163] CoTaskMemFree (pv=0x5498e0) [0075.163] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.163] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xda0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Multimedia Platform\\fling.exe" (normalized: "c:\\program files\\windows multimedia platform\\fling.exe")) returned 0x36 [0075.164] CoTaskMemFree (pv=0x5498e0) [0075.164] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x222e210, cb=0x18 | out: lpmodinfo=0x222e210*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0075.164] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.164] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0075.165] CoTaskMemFree (pv=0x5498e0) [0075.165] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.165] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0075.166] CoTaskMemFree (pv=0x5498e0) [0075.166] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x22303b8, cb=0x18 | out: lpmodinfo=0x22303b8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0075.166] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.166] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0075.167] CoTaskMemFree (pv=0x5498e0) [0075.167] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.167] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0075.167] CoTaskMemFree (pv=0x5498e0) [0075.167] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2232560, cb=0x18 | out: lpmodinfo=0x2232560*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0075.168] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.168] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0075.169] CoTaskMemFree (pv=0x5498e0) [0075.169] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.169] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0075.169] CoTaskMemFree (pv=0x5498e0) [0075.169] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x2234718, cb=0x18 | out: lpmodinfo=0x2234718*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0075.170] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.170] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0075.171] CoTaskMemFree (pv=0x5498e0) [0075.171] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.171] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0075.172] CoTaskMemFree (pv=0x5498e0) [0075.172] CloseHandle (hObject=0x25c) returned 1 [0075.172] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0075.172] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10dc) returned 0x25c [0075.172] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2236ef0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2236ef0, lpcbNeeded=0x14ef68) returned 1 [0075.173] GetModuleInformation (in: hProcess=0x25c, hModule=0x930000, lpmodinfo=0x2237160, cb=0x18 | out: lpmodinfo=0x2237160*(lpBaseOfDll=0x930000, SizeOfImage=0x17000, EntryPoint=0x9314a1)) returned 1 [0075.173] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.173] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x930000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="whatsapp.exe") returned 0xc [0075.174] CoTaskMemFree (pv=0x5498e0) [0075.174] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.174] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x930000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft.NET\\whatsapp.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\whatsapp.exe")) returned 0x31 [0075.174] CoTaskMemFree (pv=0x5498e0) [0075.174] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2239370, cb=0x18 | out: lpmodinfo=0x2239370*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0075.174] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.174] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0075.175] CoTaskMemFree (pv=0x5498e0) [0075.175] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.175] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0075.176] CoTaskMemFree (pv=0x5498e0) [0075.176] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x223b518, cb=0x18 | out: lpmodinfo=0x223b518*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0075.176] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.176] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0075.177] CoTaskMemFree (pv=0x5498e0) [0075.177] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.177] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0075.177] CoTaskMemFree (pv=0x5498e0) [0075.178] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x223d6c0, cb=0x18 | out: lpmodinfo=0x223d6c0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0075.178] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.178] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0075.179] CoTaskMemFree (pv=0x5498e0) [0075.179] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.179] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0075.179] CoTaskMemFree (pv=0x5498e0) [0075.179] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x223f878, cb=0x18 | out: lpmodinfo=0x223f878*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0075.180] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.180] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0075.193] CoTaskMemFree (pv=0x5498e0) [0075.193] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.193] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0075.194] CoTaskMemFree (pv=0x5498e0) [0075.194] CloseHandle (hObject=0x25c) returned 1 [0075.194] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0075.194] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11a0) returned 0x25c [0075.194] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2242050, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2242050, lpcbNeeded=0x14ef68) returned 1 [0075.195] GetModuleInformation (in: hProcess=0x25c, hModule=0x12d0000, lpmodinfo=0x22422c0, cb=0x18 | out: lpmodinfo=0x22422c0*(lpBaseOfDll=0x12d0000, SizeOfImage=0x17000, EntryPoint=0x12d14a1)) returned 1 [0075.196] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.196] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x12d0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="spgagentservice.exe") returned 0x13 [0075.196] CoTaskMemFree (pv=0x5498e0) [0075.196] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.196] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x12d0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\spgagentservice.exe" (normalized: "c:\\program files (x86)\\windows media player\\spgagentservice.exe")) returned 0x3f [0075.197] CoTaskMemFree (pv=0x5498e0) [0075.197] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x22444f0, cb=0x18 | out: lpmodinfo=0x22444f0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0075.197] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.197] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0075.198] CoTaskMemFree (pv=0x5498e0) [0075.198] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.198] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0075.198] CoTaskMemFree (pv=0x5498e0) [0075.198] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2246698, cb=0x18 | out: lpmodinfo=0x2246698*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0075.199] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.199] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0075.199] CoTaskMemFree (pv=0x5498e0) [0075.199] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.199] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0075.200] CoTaskMemFree (pv=0x5498e0) [0075.200] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2248840, cb=0x18 | out: lpmodinfo=0x2248840*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0075.200] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.201] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0075.201] CoTaskMemFree (pv=0x5498e0) [0075.201] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.201] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0075.202] CoTaskMemFree (pv=0x5498e0) [0075.202] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x224a9f8, cb=0x18 | out: lpmodinfo=0x224a9f8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0075.203] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.203] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x5498e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0075.203] CoTaskMemFree (pv=0x5498e0) [0075.203] CoTaskMemAlloc (cb=0x804) returned 0x5498e0 [0075.203] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x5498e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0075.204] CoTaskMemFree (pv=0x5498e0) [0075.204] CloseHandle (hObject=0x25c) returned 1 [0075.205] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0075.205] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x112c) returned 0x25c [0075.205] EnumProcessModules (in: hProcess=0x25c, lphModule=0x224d1d0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x224d1d0, lpcbNeeded=0x14ef68) returned 1 [0075.205] GetModuleInformation (in: hProcess=0x25c, hModule=0xbe0000, lpmodinfo=0x224d440, cb=0x18 | out: lpmodinfo=0x224d440*(lpBaseOfDll=0xbe0000, SizeOfImage=0x17000, EntryPoint=0xbe14a1)) returned 1 [0075.206] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.206] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xbe0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="centralcreditcard.exe") returned 0x15 [0075.206] CoTaskMemFree (pv=0x548dc0) [0075.206] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.206] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xbe0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Portable Devices\\centralcreditcard.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\centralcreditcard.exe")) returned 0x45 [0075.207] CoTaskMemFree (pv=0x548dc0) [0075.207] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x224f688, cb=0x18 | out: lpmodinfo=0x224f688*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0075.207] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.207] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0075.208] CoTaskMemFree (pv=0x548dc0) [0075.208] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.208] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0075.208] CoTaskMemFree (pv=0x548dc0) [0075.208] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2251830, cb=0x18 | out: lpmodinfo=0x2251830*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0075.209] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.209] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0075.209] CoTaskMemFree (pv=0x548dc0) [0075.209] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.209] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0075.210] CoTaskMemFree (pv=0x548dc0) [0075.210] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x22539d8, cb=0x18 | out: lpmodinfo=0x22539d8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0075.211] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.211] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0075.211] CoTaskMemFree (pv=0x548dc0) [0075.211] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.211] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0075.212] CoTaskMemFree (pv=0x548dc0) [0075.212] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x2255b90, cb=0x18 | out: lpmodinfo=0x2255b90*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0075.221] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.221] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0075.222] CoTaskMemFree (pv=0x548dc0) [0075.222] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.222] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0075.223] CoTaskMemFree (pv=0x548dc0) [0075.223] CloseHandle (hObject=0x25c) returned 1 [0075.223] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0075.223] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x174) returned 0x0 [0075.224] EnumProcesses (in: lpidProcess=0x2258368, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x2258368, lpcbNeeded=0x14ee58) returned 1 [0075.233] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x14eab0, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0075.235] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc38) returned 0x25c [0075.235] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2259098, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2259098, lpcbNeeded=0x14ef68) returned 1 [0075.414] EnumProcessModules (in: hProcess=0x25c, lphModule=0x22592b0, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x22592b0, lpcbNeeded=0x14ef68) returned 1 [0075.420] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpmodinfo=0x2259720, cb=0x18 | out: lpmodinfo=0x2259720*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0075.421] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.421] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0075.421] CoTaskMemFree (pv=0x548dc0) [0075.421] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.421] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0075.422] CoTaskMemFree (pv=0x548dc0) [0075.422] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x225b900, cb=0x18 | out: lpmodinfo=0x225b900*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0075.422] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.422] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0075.423] CoTaskMemFree (pv=0x548dc0) [0075.423] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.423] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0075.423] CoTaskMemFree (pv=0x548dc0) [0075.423] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x225daa8, cb=0x18 | out: lpmodinfo=0x225daa8*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0075.424] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.424] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0075.424] CoTaskMemFree (pv=0x548dc0) [0075.424] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.424] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0075.426] CoTaskMemFree (pv=0x548dc0) [0075.426] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x225fc60, cb=0x18 | out: lpmodinfo=0x225fc60*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0075.427] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.427] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0075.428] CoTaskMemFree (pv=0x548dc0) [0075.428] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.428] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0075.429] CoTaskMemFree (pv=0x548dc0) [0075.429] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x2261e18, cb=0x18 | out: lpmodinfo=0x2261e18*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0075.429] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.429] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0075.430] CoTaskMemFree (pv=0x548dc0) [0075.430] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.430] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0075.431] CoTaskMemFree (pv=0x548dc0) [0075.431] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x2264018, cb=0x18 | out: lpmodinfo=0x2264018*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0075.432] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.432] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0075.433] CoTaskMemFree (pv=0x548dc0) [0075.433] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.433] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0075.434] CoTaskMemFree (pv=0x548dc0) [0075.434] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b760000, lpmodinfo=0x22661c0, cb=0x18 | out: lpmodinfo=0x22661c0*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0075.434] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.434] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0075.435] CoTaskMemFree (pv=0x548dc0) [0075.435] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.435] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0075.436] CoTaskMemFree (pv=0x548dc0) [0075.436] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x2268378, cb=0x18 | out: lpmodinfo=0x2268378*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0075.437] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.437] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0075.438] CoTaskMemFree (pv=0x548dc0) [0075.438] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.438] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0075.439] CoTaskMemFree (pv=0x548dc0) [0075.439] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x226a520, cb=0x18 | out: lpmodinfo=0x226a520*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0075.440] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.440] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0075.441] CoTaskMemFree (pv=0x548dc0) [0075.441] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.441] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0075.442] CoTaskMemFree (pv=0x548dc0) [0075.443] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x226c760, cb=0x18 | out: lpmodinfo=0x226c760*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0075.447] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.447] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0075.448] CoTaskMemFree (pv=0x548dc0) [0075.448] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.448] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0075.449] CoTaskMemFree (pv=0x548dc0) [0075.449] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x226e938, cb=0x18 | out: lpmodinfo=0x226e938*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0075.451] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.451] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0075.452] CoTaskMemFree (pv=0x548dc0) [0075.452] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.452] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0075.453] CoTaskMemFree (pv=0x548dc0) [0075.453] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x2270b00, cb=0x18 | out: lpmodinfo=0x2270b00*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0075.454] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.454] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0075.456] CoTaskMemFree (pv=0x548dc0) [0075.456] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.456] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0075.457] CoTaskMemFree (pv=0x548dc0) [0075.457] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x2272ca8, cb=0x18 | out: lpmodinfo=0x2272ca8*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0075.459] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.459] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0075.461] CoTaskMemFree (pv=0x548dc0) [0075.461] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.461] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0075.462] CoTaskMemFree (pv=0x548dc0) [0075.462] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpmodinfo=0x2274e50, cb=0x18 | out: lpmodinfo=0x2274e50*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0075.463] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.464] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0075.465] CoTaskMemFree (pv=0x548dc0) [0075.465] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.465] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0075.467] CoTaskMemFree (pv=0x548dc0) [0075.467] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8668a0000, lpmodinfo=0x2276ff8, cb=0x18 | out: lpmodinfo=0x2276ff8*(lpBaseOfDll=0x7ff8668a0000, SizeOfImage=0x12f000, EntryPoint=0x7ff8668e1f50)) returned 1 [0075.469] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.469] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8668a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="unistore.dll") returned 0xc [0075.470] CoTaskMemFree (pv=0x548dc0) [0075.471] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.471] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8668a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\unistore.dll" (normalized: "c:\\windows\\system32\\unistore.dll")) returned 0x20 [0075.472] CoTaskMemFree (pv=0x548dc0) [0075.472] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872f10000, lpmodinfo=0x22791b0, cb=0x18 | out: lpmodinfo=0x22791b0*(lpBaseOfDll=0x7ff872f10000, SizeOfImage=0x2f9000, EntryPoint=0x7ff872fd7280)) returned 1 [0075.474] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.474] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872f10000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ESENT.dll") returned 0x9 [0075.475] CoTaskMemFree (pv=0x548dc0) [0075.475] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.475] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872f10000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ESENT.dll" (normalized: "c:\\windows\\system32\\esent.dll")) returned 0x1d [0075.477] CoTaskMemFree (pv=0x548dc0) [0075.477] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875770000, lpmodinfo=0x227b358, cb=0x18 | out: lpmodinfo=0x227b358*(lpBaseOfDll=0x7ff875770000, SizeOfImage=0x16000, EntryPoint=0x7ff875779f30)) returned 1 [0075.479] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.479] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875770000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="UserDataPlatformHelperUtil.dll") returned 0x1e [0075.480] CoTaskMemFree (pv=0x548dc0) [0075.480] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.480] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875770000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\UserDataPlatformHelperUtil.dll" (normalized: "c:\\windows\\system32\\userdataplatformhelperutil.dll")) returned 0x32 [0075.496] CoTaskMemFree (pv=0x548dc0) [0075.496] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x227d668, cb=0x18 | out: lpmodinfo=0x227d668*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0075.498] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.498] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="sspicli.dll") returned 0xb [0075.500] CoTaskMemFree (pv=0x548dc0) [0075.500] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.500] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0075.502] CoTaskMemFree (pv=0x548dc0) [0075.502] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87be30000, lpmodinfo=0x227f810, cb=0x18 | out: lpmodinfo=0x227f810*(lpBaseOfDll=0x7ff87be30000, SizeOfImage=0x5d000, EntryPoint=0x7ff87be45100)) returned 1 [0075.504] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.504] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87be30000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="msv1_0.DLL") returned 0xa [0075.506] CoTaskMemFree (pv=0x548dc0) [0075.506] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.506] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87be30000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msv1_0.DLL" (normalized: "c:\\windows\\system32\\msv1_0.dll")) returned 0x1e [0075.508] CoTaskMemFree (pv=0x548dc0) [0075.508] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x22819b8, cb=0x18 | out: lpmodinfo=0x22819b8*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0075.510] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.510] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0075.512] CoTaskMemFree (pv=0x548dc0) [0075.512] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.512] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0075.514] CoTaskMemFree (pv=0x548dc0) [0075.514] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87be20000, lpmodinfo=0x2283b60, cb=0x18 | out: lpmodinfo=0x2283b60*(lpBaseOfDll=0x7ff87be20000, SizeOfImage=0xc000, EntryPoint=0x7ff87be245f0)) returned 1 [0075.516] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.516] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87be20000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="NtlmShared.dll") returned 0xe [0075.518] CoTaskMemFree (pv=0x548dc0) [0075.518] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.518] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87be20000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NtlmShared.dll" (normalized: "c:\\windows\\system32\\ntlmshared.dll")) returned 0x22 [0075.520] CoTaskMemFree (pv=0x548dc0) [0075.520] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bef0000, lpmodinfo=0x2285d18, cb=0x18 | out: lpmodinfo=0x2285d18*(lpBaseOfDll=0x7ff87bef0000, SizeOfImage=0x15000, EntryPoint=0x7ff87bef3f50)) returned 1 [0075.522] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.522] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bef0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="cryptdll.dll") returned 0xc [0075.524] CoTaskMemFree (pv=0x548dc0) [0075.524] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.524] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bef0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll")) returned 0x20 [0075.526] CoTaskMemFree (pv=0x548dc0) [0075.526] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff866720000, lpmodinfo=0x2287ed0, cb=0x18 | out: lpmodinfo=0x2287ed0*(lpBaseOfDll=0x7ff866720000, SizeOfImage=0x172000, EntryPoint=0x7ff866765b80)) returned 1 [0075.530] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.530] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff866720000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="userdataservice.dll") returned 0x13 [0075.535] CoTaskMemFree (pv=0x548dc0) [0075.535] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.535] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff866720000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\userdataservice.dll" (normalized: "c:\\windows\\system32\\userdataservice.dll")) returned 0x27 [0075.538] CoTaskMemFree (pv=0x548dc0) [0075.538] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f460000, lpmodinfo=0x228a098, cb=0x18 | out: lpmodinfo=0x228a098*(lpBaseOfDll=0x7ff86f460000, SizeOfImage=0xb000, EntryPoint=0x7ff86f461e70)) returned 1 [0075.540] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.540] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f460000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SystemEventsBrokerClient.dll") returned 0x1c [0075.542] CoTaskMemFree (pv=0x548dc0) [0075.542] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.542] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f460000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\systemeventsbrokerclient.dll")) returned 0x30 [0075.545] CoTaskMemFree (pv=0x548dc0) [0075.545] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8665b0000, lpmodinfo=0x228c290, cb=0x18 | out: lpmodinfo=0x228c290*(lpBaseOfDll=0x7ff8665b0000, SizeOfImage=0x16c000, EntryPoint=0x7ff8665ddd00)) returned 1 [0075.547] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.547] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8665b0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="PIMSTORE.dll") returned 0xc [0075.550] CoTaskMemFree (pv=0x548dc0) [0075.550] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.550] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8665b0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\PIMSTORE.dll" (normalized: "c:\\windows\\system32\\pimstore.dll")) returned 0x20 [0075.552] CoTaskMemFree (pv=0x548dc0) [0075.552] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875720000, lpmodinfo=0x228e448, cb=0x18 | out: lpmodinfo=0x228e448*(lpBaseOfDll=0x7ff875720000, SizeOfImage=0x4c000, EntryPoint=0x7ff8757540d0)) returned 1 [0075.555] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.555] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875720000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="PhoneUtil.dll") returned 0xd [0075.557] CoTaskMemFree (pv=0x548dc0) [0075.557] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.557] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875720000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\PhoneUtil.dll" (normalized: "c:\\windows\\system32\\phoneutil.dll")) returned 0x21 [0075.560] CoTaskMemFree (pv=0x548dc0) [0075.560] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x2290600, cb=0x18 | out: lpmodinfo=0x2290600*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0075.562] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.562] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0075.565] CoTaskMemFree (pv=0x548dc0) [0075.565] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.565] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0075.567] CoTaskMemFree (pv=0x548dc0) [0075.567] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff866510000, lpmodinfo=0x22927b8, cb=0x18 | out: lpmodinfo=0x22927b8*(lpBaseOfDll=0x7ff866510000, SizeOfImage=0x9e000, EntryPoint=0x7ff866586bf0)) returned 1 [0075.576] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.576] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff866510000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="MessagingDataModel2.DLL") returned 0x17 [0075.579] CoTaskMemFree (pv=0x548dc0) [0075.579] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.579] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff866510000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\MessagingDataModel2.DLL" (normalized: "c:\\windows\\system32\\messagingdatamodel2.dll")) returned 0x2b [0075.582] CoTaskMemFree (pv=0x548dc0) [0075.582] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x2294990, cb=0x18 | out: lpmodinfo=0x2294990*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0075.584] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.584] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SHCORE.dll") returned 0xa [0075.587] CoTaskMemFree (pv=0x548dc0) [0075.587] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.587] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHCORE.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0075.590] CoTaskMemFree (pv=0x548dc0) [0075.590] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ae30000, lpmodinfo=0x2296b38, cb=0x18 | out: lpmodinfo=0x2296b38*(lpBaseOfDll=0x7ff87ae30000, SizeOfImage=0xc000, EntryPoint=0x7ff87ae31470)) returned 1 [0075.593] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.593] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ae30000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="dsclient.dll") returned 0xc [0075.595] CoTaskMemFree (pv=0x548dc0) [0075.595] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.595] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ae30000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dsclient.dll" (normalized: "c:\\windows\\system32\\dsclient.dll")) returned 0x20 [0075.598] CoTaskMemFree (pv=0x548dc0) [0075.598] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875700000, lpmodinfo=0x2298cf0, cb=0x18 | out: lpmodinfo=0x2298cf0*(lpBaseOfDll=0x7ff875700000, SizeOfImage=0x14000, EntryPoint=0x7ff875708b30)) returned 1 [0075.601] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.601] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875700000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="PimIndexMaintenanceClient.DLL") returned 0x1d [0075.604] CoTaskMemFree (pv=0x548dc0) [0075.604] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.604] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875700000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\PimIndexMaintenanceClient.DLL" (normalized: "c:\\windows\\system32\\pimindexmaintenanceclient.dll")) returned 0x31 [0075.607] CoTaskMemFree (pv=0x548dc0) [0075.607] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpmodinfo=0x229aee8, cb=0x18 | out: lpmodinfo=0x229aee8*(lpBaseOfDll=0x7ff878ff0000, SizeOfImage=0x36000, EntryPoint=0x7ff879000070)) returned 1 [0075.610] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.610] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0075.616] CoTaskMemFree (pv=0x548dc0) [0075.616] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.616] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0075.619] CoTaskMemFree (pv=0x548dc0) [0075.619] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpmodinfo=0x229d090, cb=0x18 | out: lpmodinfo=0x229d090*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0075.622] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.622] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="cryptsp.dll") returned 0xb [0075.625] CoTaskMemFree (pv=0x548dc0) [0075.625] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.625] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0075.635] CoTaskMemFree (pv=0x548dc0) [0075.635] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875410000, lpmodinfo=0x229f450, cb=0x18 | out: lpmodinfo=0x229f450*(lpBaseOfDll=0x7ff875410000, SizeOfImage=0x40000, EntryPoint=0x7ff87543b3d0)) returned 1 [0075.638] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.638] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875410000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="CEMAPI.dll") returned 0xa [0075.642] CoTaskMemFree (pv=0x548dc0) [0075.642] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.642] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875410000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\CEMAPI.dll" (normalized: "c:\\windows\\system32\\cemapi.dll")) returned 0x1e [0075.645] CoTaskMemFree (pv=0x548dc0) [0075.645] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875590000, lpmodinfo=0x22a15f8, cb=0x18 | out: lpmodinfo=0x22a15f8*(lpBaseOfDll=0x7ff875590000, SizeOfImage=0x11000, EntryPoint=0x7ff8755973f0)) returned 1 [0075.648] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.648] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875590000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="UserDataTypeHelperUtil.dll") returned 0x1a [0075.651] CoTaskMemFree (pv=0x548dc0) [0075.651] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.651] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875590000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\UserDataTypeHelperUtil.dll" (normalized: "c:\\windows\\system32\\userdatatypehelperutil.dll")) returned 0x2e [0075.660] CoTaskMemFree (pv=0x548dc0) [0075.660] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x22a37e0, cb=0x18 | out: lpmodinfo=0x22a37e0*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0075.663] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.663] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0075.666] CoTaskMemFree (pv=0x548dc0) [0075.666] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.666] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0075.670] CoTaskMemFree (pv=0x548dc0) [0075.670] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c760000, lpmodinfo=0x22a5988, cb=0x18 | out: lpmodinfo=0x22a5988*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0075.673] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.673] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0075.676] CoTaskMemFree (pv=0x548dc0) [0075.676] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.676] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0075.680] CoTaskMemFree (pv=0x548dc0) [0075.680] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x22a7b50, cb=0x18 | out: lpmodinfo=0x22a7b50*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0075.683] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.683] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0075.687] CoTaskMemFree (pv=0x548dc0) [0075.687] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.687] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0075.690] CoTaskMemFree (pv=0x548dc0) [0075.690] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x22a9d08, cb=0x18 | out: lpmodinfo=0x22a9d08*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0075.696] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.696] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0075.700] CoTaskMemFree (pv=0x548dc0) [0075.700] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.700] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0075.703] CoTaskMemFree (pv=0x548dc0) [0075.703] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpmodinfo=0x22abec0, cb=0x18 | out: lpmodinfo=0x22abec0*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0075.707] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.707] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0075.711] CoTaskMemFree (pv=0x548dc0) [0075.711] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.711] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0075.714] CoTaskMemFree (pv=0x548dc0) [0075.714] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x22ae068, cb=0x18 | out: lpmodinfo=0x22ae068*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0075.718] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.718] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0075.722] CoTaskMemFree (pv=0x548dc0) [0075.722] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.722] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0075.725] CoTaskMemFree (pv=0x548dc0) [0075.725] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x22b0220, cb=0x18 | out: lpmodinfo=0x22b0220*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0075.729] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.729] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0075.736] CoTaskMemFree (pv=0x548dc0) [0075.736] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.736] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0075.739] CoTaskMemFree (pv=0x548dc0) [0075.740] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c060000, lpmodinfo=0x22b23c8, cb=0x18 | out: lpmodinfo=0x22b23c8*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0075.743] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.743] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="CRYPTBASE.DLL") returned 0xd [0075.747] CoTaskMemFree (pv=0x548dc0) [0075.747] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.747] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTBASE.DLL" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0075.751] CoTaskMemFree (pv=0x548dc0) [0075.751] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8736c0000, lpmodinfo=0x22b4580, cb=0x18 | out: lpmodinfo=0x22b4580*(lpBaseOfDll=0x7ff8736c0000, SizeOfImage=0x2a3000, EntryPoint=0x7ff8736e6190)) returned 1 [0075.755] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.755] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8736c0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="Windows.StateRepository.dll") returned 0x1b [0075.759] CoTaskMemFree (pv=0x548dc0) [0075.759] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.759] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8736c0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")) returned 0x2f [0075.763] CoTaskMemFree (pv=0x548dc0) [0075.763] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873620000, lpmodinfo=0x22b6768, cb=0x18 | out: lpmodinfo=0x22b6768*(lpBaseOfDll=0x7ff873620000, SizeOfImage=0x94000, EntryPoint=0x7ff873659210)) returned 1 [0075.767] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.767] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873620000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="StateRepository.Core.dll") returned 0x18 [0075.775] CoTaskMemFree (pv=0x548dc0) [0075.775] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.775] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873620000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")) returned 0x2c [0075.779] CoTaskMemFree (pv=0x548dc0) [0075.779] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878df0000, lpmodinfo=0x22b8950, cb=0x18 | out: lpmodinfo=0x22b8950*(lpBaseOfDll=0x7ff878df0000, SizeOfImage=0x4a000, EntryPoint=0x7ff878dfac30)) returned 1 [0075.783] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.783] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878df0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="deviceaccess.dll") returned 0x10 [0075.787] CoTaskMemFree (pv=0x548dc0) [0075.787] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.787] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878df0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")) returned 0x24 [0075.791] CoTaskMemFree (pv=0x548dc0) [0075.791] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff865eb0000, lpmodinfo=0x22bab18, cb=0x18 | out: lpmodinfo=0x22bab18*(lpBaseOfDll=0x7ff865eb0000, SizeOfImage=0x42000, EntryPoint=0x7ff865edd4f0)) returned 1 [0075.795] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.795] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff865eb0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="pimindexmaintenance.dll") returned 0x17 [0075.800] CoTaskMemFree (pv=0x548dc0) [0075.800] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.800] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff865eb0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\pimindexmaintenance.dll" (normalized: "c:\\windows\\system32\\pimindexmaintenance.dll")) returned 0x2b [0075.804] CoTaskMemFree (pv=0x548dc0) [0075.804] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86ab10000, lpmodinfo=0x22bccf0, cb=0x18 | out: lpmodinfo=0x22bccf0*(lpBaseOfDll=0x7ff86ab10000, SizeOfImage=0x21000, EntryPoint=0x7ff86ab162d0)) returned 1 [0075.810] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.810] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86ab10000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="UserDataTimeUtil.dll") returned 0x14 [0075.814] CoTaskMemFree (pv=0x548dc0) [0075.814] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.814] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86ab10000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\UserDataTimeUtil.dll" (normalized: "c:\\windows\\system32\\userdatatimeutil.dll")) returned 0x28 [0075.819] CoTaskMemFree (pv=0x548dc0) [0075.819] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86bdb0000, lpmodinfo=0x22beec8, cb=0x18 | out: lpmodinfo=0x22beec8*(lpBaseOfDll=0x7ff86bdb0000, SizeOfImage=0x16000, EntryPoint=0x7ff86bdbc500)) returned 1 [0075.823] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.823] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86bdb0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="POSyncServices.dll") returned 0x12 [0075.827] CoTaskMemFree (pv=0x548dc0) [0075.827] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.827] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86bdb0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\POSyncServices.dll" (normalized: "c:\\windows\\system32\\posyncservices.dll")) returned 0x26 [0075.832] CoTaskMemFree (pv=0x548dc0) [0075.832] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff865dc0000, lpmodinfo=0x22c1090, cb=0x18 | out: lpmodinfo=0x22c1090*(lpBaseOfDll=0x7ff865dc0000, SizeOfImage=0xe1000, EntryPoint=0x7ff865dc22c0)) returned 1 [0075.836] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.836] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff865dc0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="MbaeApiPublic.dll") returned 0x11 [0075.841] CoTaskMemFree (pv=0x548dc0) [0075.841] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.841] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff865dc0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MbaeApiPublic.dll" (normalized: "c:\\windows\\system32\\mbaeapipublic.dll")) returned 0x25 [0075.848] CoTaskMemFree (pv=0x548dc0) [0075.848] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff877e30000, lpmodinfo=0x22c3258, cb=0x18 | out: lpmodinfo=0x22c3258*(lpBaseOfDll=0x7ff877e30000, SizeOfImage=0x74000, EntryPoint=0x7ff877e38f30)) returned 1 [0075.853] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.853] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff877e30000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="Windows.Devices.Enumeration.dll") returned 0x1f [0075.857] CoTaskMemFree (pv=0x548dc0) [0075.857] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.857] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff877e30000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Devices.Enumeration.dll" (normalized: "c:\\windows\\system32\\windows.devices.enumeration.dll")) returned 0x33 [0075.862] CoTaskMemFree (pv=0x548dc0) [0075.862] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878e40000, lpmodinfo=0x22c5450, cb=0x18 | out: lpmodinfo=0x22c5450*(lpBaseOfDll=0x7ff878e40000, SizeOfImage=0x33000, EntryPoint=0x7ff878e4d5a0)) returned 1 [0075.867] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.867] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878e40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="BiWinrt.dll") returned 0xb [0075.871] CoTaskMemFree (pv=0x548dc0) [0075.871] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.871] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878e40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\BiWinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll")) returned 0x1f [0075.876] CoTaskMemFree (pv=0x548dc0) [0075.876] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879c30000, lpmodinfo=0x22c75f8, cb=0x18 | out: lpmodinfo=0x22c75f8*(lpBaseOfDll=0x7ff879c30000, SizeOfImage=0x11000, EntryPoint=0x7ff879c35040)) returned 1 [0075.881] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.881] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879c30000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="deviceassociation.dll") returned 0x15 [0075.892] CoTaskMemFree (pv=0x548dc0) [0075.892] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.892] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879c30000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\deviceassociation.dll" (normalized: "c:\\windows\\system32\\deviceassociation.dll")) returned 0x29 [0075.897] CoTaskMemFree (pv=0x548dc0) [0075.897] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpmodinfo=0x22c97d0, cb=0x18 | out: lpmodinfo=0x22c97d0*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0075.902] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.902] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0075.906] CoTaskMemFree (pv=0x548dc0) [0075.907] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.907] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0075.912] CoTaskMemFree (pv=0x548dc0) [0075.912] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875600000, lpmodinfo=0x22cb978, cb=0x18 | out: lpmodinfo=0x22cb978*(lpBaseOfDll=0x7ff875600000, SizeOfImage=0xaa000, EntryPoint=0x7ff875637c30)) returned 1 [0075.917] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.917] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875600000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="StructuredQuery.dll") returned 0x13 [0075.926] CoTaskMemFree (pv=0x548dc0) [0075.926] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.926] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875600000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StructuredQuery.dll" (normalized: "c:\\windows\\system32\\structuredquery.dll")) returned 0x27 [0075.931] CoTaskMemFree (pv=0x548dc0) [0075.931] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875790000, lpmodinfo=0x22cdb40, cb=0x18 | out: lpmodinfo=0x22cdb40*(lpBaseOfDll=0x7ff875790000, SizeOfImage=0x48000, EntryPoint=0x7ff87579c0e0)) returned 1 [0075.937] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.937] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875790000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="MSWB7.dll") returned 0x9 [0075.943] CoTaskMemFree (pv=0x548dc0) [0075.943] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.943] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875790000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MSWB7.dll" (normalized: "c:\\windows\\system32\\mswb7.dll")) returned 0x1d [0075.948] CoTaskMemFree (pv=0x548dc0) [0075.948] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87adf0000, lpmodinfo=0x22cfce8, cb=0x18 | out: lpmodinfo=0x22cfce8*(lpBaseOfDll=0x7ff87adf0000, SizeOfImage=0x1f000, EntryPoint=0x7ff87ae054a0)) returned 1 [0075.953] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.953] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87adf0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="DevDispItemProvider.dll") returned 0x17 [0075.958] CoTaskMemFree (pv=0x548dc0) [0075.958] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.958] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87adf0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DevDispItemProvider.dll" (normalized: "c:\\windows\\system32\\devdispitemprovider.dll")) returned 0x2b [0075.966] CoTaskMemFree (pv=0x548dc0) [0075.966] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c500000, lpmodinfo=0x22d1ec0, cb=0x18 | out: lpmodinfo=0x22d1ec0*(lpBaseOfDll=0x7ff86c500000, SizeOfImage=0x97000, EntryPoint=0x7ff86c50ddc0)) returned 1 [0075.971] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.971] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c500000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wlidprov.dll") returned 0xc [0075.977] CoTaskMemFree (pv=0x548dc0) [0075.977] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.977] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c500000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wlidprov.dll" (normalized: "c:\\windows\\system32\\wlidprov.dll")) returned 0x20 [0075.983] CoTaskMemFree (pv=0x548dc0) [0075.983] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff865cf0000, lpmodinfo=0x22d4078, cb=0x18 | out: lpmodinfo=0x22d4078*(lpBaseOfDll=0x7ff865cf0000, SizeOfImage=0xcc000, EntryPoint=0x7ff865d19fd0)) returned 1 [0075.988] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.988] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff865cf0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WinSync.dll") returned 0xb [0075.994] CoTaskMemFree (pv=0x548dc0) [0075.994] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0075.994] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff865cf0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WinSync.dll" (normalized: "c:\\windows\\system32\\winsync.dll")) returned 0x1f [0076.003] CoTaskMemFree (pv=0x548dc0) [0076.003] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff867d20000, lpmodinfo=0x22d6220, cb=0x18 | out: lpmodinfo=0x22d6220*(lpBaseOfDll=0x7ff867d20000, SizeOfImage=0x5a000, EntryPoint=0x7ff867d30330)) returned 1 [0076.009] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.009] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff867d20000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="aphostservice.dll") returned 0x11 [0076.015] CoTaskMemFree (pv=0x548dc0) [0076.015] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.015] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff867d20000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\aphostservice.dll" (normalized: "c:\\windows\\system32\\aphostservice.dll")) returned 0x25 [0076.020] CoTaskMemFree (pv=0x548dc0) [0076.020] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86ae00000, lpmodinfo=0x22d83e8, cb=0x18 | out: lpmodinfo=0x22d83e8*(lpBaseOfDll=0x7ff86ae00000, SizeOfImage=0x1f000, EntryPoint=0x7ff86ae11020)) returned 1 [0076.026] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.026] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86ae00000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="NetworkHelper.dll") returned 0x11 [0076.032] CoTaskMemFree (pv=0x548dc0) [0076.032] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.032] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86ae00000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\NetworkHelper.dll" (normalized: "c:\\windows\\system32\\networkhelper.dll")) returned 0x25 [0076.039] CoTaskMemFree (pv=0x548dc0) [0076.039] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875900000, lpmodinfo=0x22da5b0, cb=0x18 | out: lpmodinfo=0x22da5b0*(lpBaseOfDll=0x7ff875900000, SizeOfImage=0xb000, EntryPoint=0x7ff875901ea0)) returned 1 [0076.045] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.045] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875900000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="MCCSPal.dll") returned 0xb [0076.051] CoTaskMemFree (pv=0x548dc0) [0076.051] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.051] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875900000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\MCCSPal.dll" (normalized: "c:\\windows\\system32\\mccspal.dll")) returned 0x1f [0076.057] CoTaskMemFree (pv=0x548dc0) [0076.057] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8672b0000, lpmodinfo=0x22dc758, cb=0x18 | out: lpmodinfo=0x22dc758*(lpBaseOfDll=0x7ff8672b0000, SizeOfImage=0x63000, EntryPoint=0x7ff8672f3150)) returned 1 [0076.065] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.065] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8672b0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SYNCUTIL.dll") returned 0xc [0076.072] CoTaskMemFree (pv=0x548dc0) [0076.072] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.072] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8672b0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SYNCUTIL.dll" (normalized: "c:\\windows\\system32\\syncutil.dll")) returned 0x20 [0076.083] CoTaskMemFree (pv=0x548dc0) [0076.083] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff867260000, lpmodinfo=0x22de910, cb=0x18 | out: lpmodinfo=0x22de910*(lpBaseOfDll=0x7ff867260000, SizeOfImage=0x4b000, EntryPoint=0x7ff867271590)) returned 1 [0076.090] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.090] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff867260000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="VAULTCLI.dll") returned 0xc [0076.097] CoTaskMemFree (pv=0x548dc0) [0076.097] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.097] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff867260000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\VAULTCLI.dll" (normalized: "c:\\windows\\system32\\vaultcli.dll")) returned 0x20 [0076.105] CoTaskMemFree (pv=0x548dc0) [0076.105] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff876870000, lpmodinfo=0x22e0ac8, cb=0x18 | out: lpmodinfo=0x22e0ac8*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0076.113] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.113] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff876870000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0076.121] CoTaskMemFree (pv=0x548dc0) [0076.121] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.121] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff876870000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0076.128] CoTaskMemFree (pv=0x548dc0) [0076.128] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff865f40000, lpmodinfo=0x22e3098, cb=0x18 | out: lpmodinfo=0x22e3098*(lpBaseOfDll=0x7ff865f40000, SizeOfImage=0x11000, EntryPoint=0x7ff865f474c0)) returned 1 [0076.135] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.135] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff865f40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="InprocLogger.dll") returned 0x10 [0076.144] CoTaskMemFree (pv=0x548dc0) [0076.144] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.144] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff865f40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\InprocLogger.dll" (normalized: "c:\\windows\\system32\\inproclogger.dll")) returned 0x24 [0076.153] CoTaskMemFree (pv=0x548dc0) [0076.153] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff865f00000, lpmodinfo=0x22e5260, cb=0x18 | out: lpmodinfo=0x22e5260*(lpBaseOfDll=0x7ff865f00000, SizeOfImage=0x3f000, EntryPoint=0x7ff865f23320)) returned 1 [0076.161] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.161] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff865f00000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="FlightSettings.dll") returned 0x12 [0076.168] CoTaskMemFree (pv=0x548dc0) [0076.168] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.168] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff865f00000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\FlightSettings.dll" (normalized: "c:\\windows\\system32\\flightsettings.dll")) returned 0x26 [0076.176] CoTaskMemFree (pv=0x548dc0) [0076.176] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d170000, lpmodinfo=0x22e7428, cb=0x18 | out: lpmodinfo=0x22e7428*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0076.184] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.184] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0076.194] CoTaskMemFree (pv=0x548dc0) [0076.194] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.194] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0076.202] CoTaskMemFree (pv=0x548dc0) [0076.202] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpmodinfo=0x22e95d0, cb=0x18 | out: lpmodinfo=0x22e95d0*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0076.210] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.210] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0076.229] CoTaskMemFree (pv=0x548dc0) [0076.229] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.229] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0076.244] CoTaskMemFree (pv=0x548dc0) [0076.244] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8622d0000, lpmodinfo=0x22eb778, cb=0x18 | out: lpmodinfo=0x22eb778*(lpBaseOfDll=0x7ff8622d0000, SizeOfImage=0x8d000, EntryPoint=0x7ff8623307a0)) returned 1 [0076.250] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.250] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8622d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SyncController.dll") returned 0x12 [0076.257] CoTaskMemFree (pv=0x548dc0) [0076.257] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.257] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8622d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SyncController.dll" (normalized: "c:\\windows\\system32\\synccontroller.dll")) returned 0x26 [0076.263] CoTaskMemFree (pv=0x548dc0) [0076.263] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff864110000, lpmodinfo=0x22ed940, cb=0x18 | out: lpmodinfo=0x22ed940*(lpBaseOfDll=0x7ff864110000, SizeOfImage=0x13000, EntryPoint=0x7ff864115720)) returned 1 [0076.269] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.270] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff864110000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="APHostClient.dll") returned 0x10 [0076.278] CoTaskMemFree (pv=0x548dc0) [0076.278] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.278] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff864110000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\APHostClient.dll" (normalized: "c:\\windows\\system32\\aphostclient.dll")) returned 0x24 [0076.284] CoTaskMemFree (pv=0x548dc0) [0076.284] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8640f0000, lpmodinfo=0x22efb08, cb=0x18 | out: lpmodinfo=0x22efb08*(lpBaseOfDll=0x7ff8640f0000, SizeOfImage=0x11000, EntryPoint=0x7ff8640f7400)) returned 1 [0076.291] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.291] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8640f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="UserDataLanguageUtil.dll") returned 0x18 [0076.297] CoTaskMemFree (pv=0x548dc0) [0076.297] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.297] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8640f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\UserDataLanguageUtil.dll" (normalized: "c:\\windows\\system32\\userdatalanguageutil.dll")) returned 0x2c [0076.304] CoTaskMemFree (pv=0x548dc0) [0076.304] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff862280000, lpmodinfo=0x22f1cf0, cb=0x18 | out: lpmodinfo=0x22f1cf0*(lpBaseOfDll=0x7ff862280000, SizeOfImage=0x43000, EntryPoint=0x7ff8622ab150)) returned 1 [0076.311] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.311] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff862280000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="AccountAccessor.dll") returned 0x13 [0076.317] CoTaskMemFree (pv=0x548dc0) [0076.317] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.317] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff862280000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\AccountAccessor.dll" (normalized: "c:\\windows\\system32\\accountaccessor.dll")) returned 0x27 [0076.324] CoTaskMemFree (pv=0x548dc0) [0076.324] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff862250000, lpmodinfo=0x22f3eb8, cb=0x18 | out: lpmodinfo=0x22f3eb8*(lpBaseOfDll=0x7ff862250000, SizeOfImage=0x30000, EntryPoint=0x7ff86226eca0)) returned 1 [0076.330] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.330] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff862250000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="MCCSEngineShared.dll") returned 0x14 [0076.336] CoTaskMemFree (pv=0x548dc0) [0076.336] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.336] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff862250000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MCCSEngineShared.dll" (normalized: "c:\\windows\\system32\\mccsengineshared.dll")) returned 0x28 [0076.344] CoTaskMemFree (pv=0x548dc0) [0076.344] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878830000, lpmodinfo=0x22f6090, cb=0x18 | out: lpmodinfo=0x22f6090*(lpBaseOfDll=0x7ff878830000, SizeOfImage=0x55000, EntryPoint=0x7ff878833fb0)) returned 1 [0076.352] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.352] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878830000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="policymanager.dll") returned 0x11 [0076.376] CoTaskMemFree (pv=0x548dc0) [0076.376] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.376] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878830000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")) returned 0x25 [0076.384] CoTaskMemFree (pv=0x548dc0) [0076.384] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878e80000, lpmodinfo=0x22f8258, cb=0x18 | out: lpmodinfo=0x22f8258*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0076.390] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.390] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878e80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0076.397] CoTaskMemFree (pv=0x548dc0) [0076.397] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.397] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878e80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0076.405] CoTaskMemFree (pv=0x548dc0) [0076.405] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e6e0000, lpmodinfo=0x22fa420, cb=0x18 | out: lpmodinfo=0x22fa420*(lpBaseOfDll=0x7ff86e6e0000, SizeOfImage=0xce000, EntryPoint=0x7ff86e7114c0)) returned 1 [0076.412] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.412] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e6e0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="TokenBroker.dll") returned 0xf [0076.419] CoTaskMemFree (pv=0x548dc0) [0076.419] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.419] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e6e0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll")) returned 0x23 [0076.426] CoTaskMemFree (pv=0x548dc0) [0076.426] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879c90000, lpmodinfo=0x22fc5d8, cb=0x18 | out: lpmodinfo=0x22fc5d8*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0076.432] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.432] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0076.498] CoTaskMemFree (pv=0x548dc0) [0076.498] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.498] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0076.509] CoTaskMemFree (pv=0x548dc0) [0076.509] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpmodinfo=0x22fe790, cb=0x18 | out: lpmodinfo=0x22fe790*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0076.519] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.519] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0076.532] CoTaskMemFree (pv=0x548dc0) [0076.532] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.532] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0076.578] CoTaskMemFree (pv=0x548dc0) [0076.578] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875450000, lpmodinfo=0x2300948, cb=0x18 | out: lpmodinfo=0x2300948*(lpBaseOfDll=0x7ff875450000, SizeOfImage=0x28000, EntryPoint=0x7ff875458c10)) returned 1 [0076.585] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.585] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875450000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="IDStore.dll") returned 0xb [0076.592] CoTaskMemFree (pv=0x548dc0) [0076.592] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.592] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875450000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll")) returned 0x1f [0076.599] CoTaskMemFree (pv=0x548dc0) [0076.599] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87aca0000, lpmodinfo=0x2302af0, cb=0x18 | out: lpmodinfo=0x2302af0*(lpBaseOfDll=0x7ff87aca0000, SizeOfImage=0x1c000, EntryPoint=0x7ff87aca37a0)) returned 1 [0076.606] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.606] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87aca0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SAMLIB.dll") returned 0xa [0076.619] CoTaskMemFree (pv=0x548dc0) [0076.619] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.619] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87aca0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SAMLIB.dll" (normalized: "c:\\windows\\system32\\samlib.dll")) returned 0x1e [0076.626] CoTaskMemFree (pv=0x548dc0) [0076.626] CloseHandle (hObject=0x25c) returned 1 [0076.627] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0076.628] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x484) returned 0x25c [0076.628] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2306c80, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2306c80, lpcbNeeded=0x14ef68) returned 1 [0076.634] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2306e98, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x2306e98, lpcbNeeded=0x14ef68) returned 1 [0076.640] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff6ee8d0000, lpmodinfo=0x2307308, cb=0x18 | out: lpmodinfo=0x2307308*(lpBaseOfDll=0x7ff6ee8d0000, SizeOfImage=0xbe000, EntryPoint=0x7ff6ee8f2340)) returned 1 [0076.641] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.641] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff6ee8d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="spoolsv.exe") returned 0xb [0076.641] CoTaskMemFree (pv=0x548dc0) [0076.641] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.641] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff6ee8d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\spoolsv.exe" (normalized: "c:\\windows\\system32\\spoolsv.exe")) returned 0x1f [0076.642] CoTaskMemFree (pv=0x548dc0) [0076.642] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x23094e8, cb=0x18 | out: lpmodinfo=0x23094e8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0076.642] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.642] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0076.642] CoTaskMemFree (pv=0x548dc0) [0076.642] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.643] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0076.644] CoTaskMemFree (pv=0x548dc0) [0076.644] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x230b690, cb=0x18 | out: lpmodinfo=0x230b690*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0076.645] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.645] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0076.645] CoTaskMemFree (pv=0x548dc0) [0076.645] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.645] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0076.646] CoTaskMemFree (pv=0x548dc0) [0076.646] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x230d848, cb=0x18 | out: lpmodinfo=0x230d848*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0076.647] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.647] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0076.647] CoTaskMemFree (pv=0x548dc0) [0076.647] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.647] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0076.648] CoTaskMemFree (pv=0x548dc0) [0076.648] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x230fa00, cb=0x18 | out: lpmodinfo=0x230fa00*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0076.649] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.649] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0076.649] CoTaskMemFree (pv=0x548dc0) [0076.649] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.649] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0076.650] CoTaskMemFree (pv=0x548dc0) [0076.650] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x2311c00, cb=0x18 | out: lpmodinfo=0x2311c00*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0076.651] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.651] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0076.652] CoTaskMemFree (pv=0x548dc0) [0076.652] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.652] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0076.653] CoTaskMemFree (pv=0x548dc0) [0076.653] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x2313da8, cb=0x18 | out: lpmodinfo=0x2313da8*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0076.662] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.662] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0076.663] CoTaskMemFree (pv=0x548dc0) [0076.663] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.663] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0076.664] CoTaskMemFree (pv=0x548dc0) [0076.664] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x2315f50, cb=0x18 | out: lpmodinfo=0x2315f50*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0076.666] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.666] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0076.667] CoTaskMemFree (pv=0x548dc0) [0076.667] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.667] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0076.669] CoTaskMemFree (pv=0x548dc0) [0076.669] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x23180f8, cb=0x18 | out: lpmodinfo=0x23180f8*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0076.670] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.670] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0076.672] CoTaskMemFree (pv=0x548dc0) [0076.672] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.672] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0076.673] CoTaskMemFree (pv=0x548dc0) [0076.673] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b030000, lpmodinfo=0x231a338, cb=0x18 | out: lpmodinfo=0x231a338*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0076.675] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.675] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b030000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0076.677] CoTaskMemFree (pv=0x548dc0) [0076.677] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.677] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b030000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0076.678] CoTaskMemFree (pv=0x548dc0) [0076.678] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpmodinfo=0x231c4e0, cb=0x18 | out: lpmodinfo=0x231c4e0*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0076.680] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.680] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0076.681] CoTaskMemFree (pv=0x548dc0) [0076.681] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.682] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0076.683] CoTaskMemFree (pv=0x548dc0) [0076.683] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpmodinfo=0x231e688, cb=0x18 | out: lpmodinfo=0x231e688*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0076.685] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.685] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0076.687] CoTaskMemFree (pv=0x548dc0) [0076.687] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.687] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0076.698] CoTaskMemFree (pv=0x548dc0) [0076.699] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x2320820, cb=0x18 | out: lpmodinfo=0x2320820*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0076.700] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.701] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0076.702] CoTaskMemFree (pv=0x548dc0) [0076.702] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.702] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0076.704] CoTaskMemFree (pv=0x548dc0) [0076.704] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x23229c8, cb=0x18 | out: lpmodinfo=0x23229c8*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0076.706] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.706] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0076.780] CoTaskMemFree (pv=0x548dc0) [0076.780] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.780] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0076.782] CoTaskMemFree (pv=0x548dc0) [0076.782] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x2324b70, cb=0x18 | out: lpmodinfo=0x2324b70*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0076.784] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.784] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0076.785] CoTaskMemFree (pv=0x548dc0) [0076.785] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.785] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0076.787] CoTaskMemFree (pv=0x548dc0) [0076.787] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x2326d48, cb=0x18 | out: lpmodinfo=0x2326d48*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0076.789] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.789] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0076.790] CoTaskMemFree (pv=0x548dc0) [0076.790] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.790] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0076.792] CoTaskMemFree (pv=0x548dc0) [0076.792] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x2328f10, cb=0x18 | out: lpmodinfo=0x2328f10*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0076.794] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.794] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0076.795] CoTaskMemFree (pv=0x548dc0) [0076.795] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.795] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0076.797] CoTaskMemFree (pv=0x548dc0) [0076.798] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x232b1d0, cb=0x18 | out: lpmodinfo=0x232b1d0*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0076.799] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.799] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0076.801] CoTaskMemFree (pv=0x548dc0) [0076.801] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.801] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0076.803] CoTaskMemFree (pv=0x548dc0) [0076.803] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87be90000, lpmodinfo=0x232d388, cb=0x18 | out: lpmodinfo=0x232d388*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0076.805] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.805] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0076.807] CoTaskMemFree (pv=0x548dc0) [0076.807] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.807] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0076.809] CoTaskMemFree (pv=0x548dc0) [0076.809] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpmodinfo=0x232f530, cb=0x18 | out: lpmodinfo=0x232f530*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0076.811] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.811] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0076.813] CoTaskMemFree (pv=0x548dc0) [0076.813] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.813] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0076.821] CoTaskMemFree (pv=0x548dc0) [0076.821] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpmodinfo=0x23316e8, cb=0x18 | out: lpmodinfo=0x23316e8*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0076.823] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.823] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0076.825] CoTaskMemFree (pv=0x548dc0) [0076.825] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.825] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0076.827] CoTaskMemFree (pv=0x548dc0) [0076.827] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875480000, lpmodinfo=0x2333890, cb=0x18 | out: lpmodinfo=0x2333890*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0076.829] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.829] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875480000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0076.831] CoTaskMemFree (pv=0x548dc0) [0076.831] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.831] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875480000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0076.833] CoTaskMemFree (pv=0x548dc0) [0076.834] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpmodinfo=0x2335a48, cb=0x18 | out: lpmodinfo=0x2335a48*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0076.836] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.836] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0076.838] CoTaskMemFree (pv=0x548dc0) [0076.838] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.838] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0076.840] CoTaskMemFree (pv=0x548dc0) [0076.840] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874830000, lpmodinfo=0x2337bf0, cb=0x18 | out: lpmodinfo=0x2337bf0*(lpBaseOfDll=0x7ff874830000, SizeOfImage=0xa000, EntryPoint=0x7ff8748314c0)) returned 1 [0076.842] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.842] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874830000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0076.846] CoTaskMemFree (pv=0x548dc0) [0076.846] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.846] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874830000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0076.848] CoTaskMemFree (pv=0x548dc0) [0076.848] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpmodinfo=0x2339da8, cb=0x18 | out: lpmodinfo=0x2339da8*(lpBaseOfDll=0x7ff874fc0000, SizeOfImage=0x67000, EntryPoint=0x7ff874fc63e0)) returned 1 [0076.850] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.850] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0076.854] CoTaskMemFree (pv=0x548dc0) [0076.854] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.854] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0076.857] CoTaskMemFree (pv=0x548dc0) [0076.857] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86af40000, lpmodinfo=0x233bf60, cb=0x18 | out: lpmodinfo=0x233bf60*(lpBaseOfDll=0x7ff86af40000, SizeOfImage=0x117000, EntryPoint=0x7ff86af955b0)) returned 1 [0076.859] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.860] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86af40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="localspl.dll") returned 0xc [0076.862] CoTaskMemFree (pv=0x548dc0) [0076.862] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.862] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86af40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\localspl.dll" (normalized: "c:\\windows\\system32\\localspl.dll")) returned 0x20 [0076.865] CoTaskMemFree (pv=0x548dc0) [0076.865] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d170000, lpmodinfo=0x233e118, cb=0x18 | out: lpmodinfo=0x233e118*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0076.867] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.867] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0076.869] CoTaskMemFree (pv=0x548dc0) [0076.869] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.869] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0076.872] CoTaskMemFree (pv=0x548dc0) [0076.872] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpmodinfo=0x23402c0, cb=0x18 | out: lpmodinfo=0x23402c0*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0076.875] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.875] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0076.877] CoTaskMemFree (pv=0x548dc0) [0076.877] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.877] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0076.880] CoTaskMemFree (pv=0x548dc0) [0076.880] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x2342468, cb=0x18 | out: lpmodinfo=0x2342468*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0076.883] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.883] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0076.886] CoTaskMemFree (pv=0x548dc0) [0076.886] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.886] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0076.888] CoTaskMemFree (pv=0x548dc0) [0076.888] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86d070000, lpmodinfo=0x2344620, cb=0x18 | out: lpmodinfo=0x2344620*(lpBaseOfDll=0x7ff86d070000, SizeOfImage=0x26000, EntryPoint=0x7ff86d071cf0)) returned 1 [0076.894] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.894] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86d070000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="srvcli.dll") returned 0xa [0076.896] CoTaskMemFree (pv=0x548dc0) [0076.896] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.897] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86d070000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")) returned 0x1e [0076.899] CoTaskMemFree (pv=0x548dc0) [0076.899] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x23467c8, cb=0x18 | out: lpmodinfo=0x23467c8*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0076.902] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.902] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0076.905] CoTaskMemFree (pv=0x548dc0) [0076.905] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.905] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0076.908] CoTaskMemFree (pv=0x548dc0) [0076.908] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87efb0000, lpmodinfo=0x2348980, cb=0x18 | out: lpmodinfo=0x2348980*(lpBaseOfDll=0x7ff87efb0000, SizeOfImage=0x429000, EntryPoint=0x7ff87efd8740)) returned 1 [0076.911] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.911] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87efb0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0076.913] CoTaskMemFree (pv=0x548dc0) [0076.913] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.913] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87efb0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0076.916] CoTaskMemFree (pv=0x548dc0) [0076.916] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875cd0000, lpmodinfo=0x234ab38, cb=0x18 | out: lpmodinfo=0x234ab38*(lpBaseOfDll=0x7ff875cd0000, SizeOfImage=0x1c000, EntryPoint=0x7ff875cd3c20)) returned 1 [0076.919] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.919] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875cd0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SPOOLSS.DLL") returned 0xb [0076.922] CoTaskMemFree (pv=0x548dc0) [0076.922] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.922] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875cd0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SPOOLSS.DLL" (normalized: "c:\\windows\\system32\\spoolss.dll")) returned 0x1f [0076.925] CoTaskMemFree (pv=0x548dc0) [0076.925] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpmodinfo=0x234cef8, cb=0x18 | out: lpmodinfo=0x234cef8*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0076.933] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.933] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0076.936] CoTaskMemFree (pv=0x548dc0) [0076.936] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.936] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0076.939] CoTaskMemFree (pv=0x548dc0) [0076.939] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f0a0000, lpmodinfo=0x234f0a0, cb=0x18 | out: lpmodinfo=0x234f0a0*(lpBaseOfDll=0x7ff86f0a0000, SizeOfImage=0x11000, EntryPoint=0x7ff86f0a3e10)) returned 1 [0076.942] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.942] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f0a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="sfc_os.dll") returned 0xa [0076.946] CoTaskMemFree (pv=0x548dc0) [0076.946] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.946] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f0a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll")) returned 0x1e [0076.949] CoTaskMemFree (pv=0x548dc0) [0076.949] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870dc0000, lpmodinfo=0x2351248, cb=0x18 | out: lpmodinfo=0x2351248*(lpBaseOfDll=0x7ff870dc0000, SizeOfImage=0xc000, EntryPoint=0x7ff870dc35c0)) returned 1 [0076.952] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.952] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870dc0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="Secur32.dll") returned 0xb [0076.956] CoTaskMemFree (pv=0x548dc0) [0076.956] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.956] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870dc0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0076.960] CoTaskMemFree (pv=0x548dc0) [0076.960] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872e10000, lpmodinfo=0x23533f0, cb=0x18 | out: lpmodinfo=0x23533f0*(lpBaseOfDll=0x7ff872e10000, SizeOfImage=0x84000, EntryPoint=0x7ff872e22830)) returned 1 [0076.963] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.963] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872e10000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="winspool.drv") returned 0xc [0076.967] CoTaskMemFree (pv=0x548dc0) [0076.967] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.967] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872e10000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv")) returned 0x20 [0076.973] CoTaskMemFree (pv=0x548dc0) [0076.973] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f080000, lpmodinfo=0x23555a8, cb=0x18 | out: lpmodinfo=0x23555a8*(lpBaseOfDll=0x7ff86f080000, SizeOfImage=0x14000, EntryPoint=0x7ff86f083990)) returned 1 [0076.976] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.976] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f080000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="PrintIsolationProxy.dll") returned 0x17 [0076.980] CoTaskMemFree (pv=0x548dc0) [0076.980] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.980] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f080000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PrintIsolationProxy.dll" (normalized: "c:\\windows\\system32\\printisolationproxy.dll")) returned 0x2b [0076.983] CoTaskMemFree (pv=0x548dc0) [0076.983] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86d000000, lpmodinfo=0x2357780, cb=0x18 | out: lpmodinfo=0x2357780*(lpBaseOfDll=0x7ff86d000000, SizeOfImage=0x11000, EntryPoint=0x7ff86d0015f0)) returned 1 [0076.987] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.987] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86d000000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="FXSMON.DLL") returned 0xa [0076.991] CoTaskMemFree (pv=0x548dc0) [0076.991] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.991] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86d000000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\FXSMON.DLL" (normalized: "c:\\windows\\system32\\fxsmon.dll")) returned 0x1e [0076.995] CoTaskMemFree (pv=0x548dc0) [0076.995] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c5b0000, lpmodinfo=0x2359928, cb=0x18 | out: lpmodinfo=0x2359928*(lpBaseOfDll=0x7ff86c5b0000, SizeOfImage=0x3a000, EntryPoint=0x7ff86c5b30b0)) returned 1 [0076.998] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0076.998] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c5b0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="tcpmon.dll") returned 0xa [0077.002] CoTaskMemFree (pv=0x548dc0) [0077.002] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.002] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c5b0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\tcpmon.dll" (normalized: "c:\\windows\\system32\\tcpmon.dll")) returned 0x1e [0077.006] CoTaskMemFree (pv=0x548dc0) [0077.006] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ade0000, lpmodinfo=0x235bad0, cb=0x18 | out: lpmodinfo=0x235bad0*(lpBaseOfDll=0x7ff87ade0000, SizeOfImage=0xc000, EntryPoint=0x7ff87ade1400)) returned 1 [0077.010] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.010] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ade0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="snmpapi.dll") returned 0xb [0077.013] CoTaskMemFree (pv=0x548dc0) [0077.013] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.013] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ade0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\snmpapi.dll" (normalized: "c:\\windows\\system32\\snmpapi.dll")) returned 0x1f [0077.017] CoTaskMemFree (pv=0x548dc0) [0077.017] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86cfe0000, lpmodinfo=0x235dc78, cb=0x18 | out: lpmodinfo=0x235dc78*(lpBaseOfDll=0x7ff86cfe0000, SizeOfImage=0x14000, EntryPoint=0x7ff86cfe18e0)) returned 1 [0077.021] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.021] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86cfe0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wsnmp32.dll") returned 0xb [0077.025] CoTaskMemFree (pv=0x548dc0) [0077.025] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.025] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86cfe0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wsnmp32.dll" (normalized: "c:\\windows\\system32\\wsnmp32.dll")) returned 0x1f [0077.028] CoTaskMemFree (pv=0x548dc0) [0077.028] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86aef0000, lpmodinfo=0x235fe20, cb=0x18 | out: lpmodinfo=0x235fe20*(lpBaseOfDll=0x7ff86aef0000, SizeOfImage=0x50000, EntryPoint=0x7ff86aef3340)) returned 1 [0077.032] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.032] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86aef0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="usbmon.dll") returned 0xa [0077.036] CoTaskMemFree (pv=0x548dc0) [0077.036] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.036] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86aef0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\usbmon.dll" (normalized: "c:\\windows\\system32\\usbmon.dll")) returned 0x1e [0077.040] CoTaskMemFree (pv=0x548dc0) [0077.040] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x2361fc8, cb=0x18 | out: lpmodinfo=0x2361fc8*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0077.046] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.046] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0077.049] CoTaskMemFree (pv=0x548dc0) [0077.049] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.050] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0077.054] CoTaskMemFree (pv=0x548dc0) [0077.054] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpmodinfo=0x2364180, cb=0x18 | out: lpmodinfo=0x2364180*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0077.059] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.059] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0077.063] CoTaskMemFree (pv=0x548dc0) [0077.063] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.063] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0077.067] CoTaskMemFree (pv=0x548dc0) [0077.067] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d340000, lpmodinfo=0x2366328, cb=0x18 | out: lpmodinfo=0x2366328*(lpBaseOfDll=0x7ff87d340000, SizeOfImage=0x55000, EntryPoint=0x7ff87d357970)) returned 1 [0077.071] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.071] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d340000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0077.075] CoTaskMemFree (pv=0x548dc0) [0077.075] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.075] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d340000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0077.082] CoTaskMemFree (pv=0x548dc0) [0077.083] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86ae50000, lpmodinfo=0x23684e0, cb=0x18 | out: lpmodinfo=0x23684e0*(lpBaseOfDll=0x7ff86ae50000, SizeOfImage=0x94000, EntryPoint=0x7ff86ae53d40)) returned 1 [0077.087] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.087] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86ae50000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WSDMon.dll") returned 0xa [0077.092] CoTaskMemFree (pv=0x548dc0) [0077.092] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.092] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86ae50000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WSDMon.dll" (normalized: "c:\\windows\\system32\\wsdmon.dll")) returned 0x1e [0077.096] CoTaskMemFree (pv=0x548dc0) [0077.096] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpmodinfo=0x236a688, cb=0x18 | out: lpmodinfo=0x236a688*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0077.100] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.100] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0077.104] CoTaskMemFree (pv=0x548dc0) [0077.104] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.104] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0077.108] CoTaskMemFree (pv=0x548dc0) [0077.109] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff867450000, lpmodinfo=0x236c830, cb=0x18 | out: lpmodinfo=0x236c830*(lpBaseOfDll=0x7ff867450000, SizeOfImage=0xac000, EntryPoint=0x7ff867463ea0)) returned 1 [0077.113] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.113] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff867450000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wsdapi.dll") returned 0xa [0077.117] CoTaskMemFree (pv=0x548dc0) [0077.117] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.117] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff867450000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wsdapi.dll" (normalized: "c:\\windows\\system32\\wsdapi.dll")) returned 0x1e [0077.252] CoTaskMemFree (pv=0x548dc0) [0077.252] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87cdb0000, lpmodinfo=0x236e9d8, cb=0x18 | out: lpmodinfo=0x236e9d8*(lpBaseOfDll=0x7ff87cdb0000, SizeOfImage=0x86000, EntryPoint=0x7ff87cdbd8f0)) returned 1 [0077.258] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.258] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87cdb0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="FirewallAPI.dll") returned 0xf [0077.262] CoTaskMemFree (pv=0x548dc0) [0077.262] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.262] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87cdb0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0077.267] CoTaskMemFree (pv=0x548dc0) [0077.267] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879c30000, lpmodinfo=0x2370b90, cb=0x18 | out: lpmodinfo=0x2370b90*(lpBaseOfDll=0x7ff879c30000, SizeOfImage=0x11000, EntryPoint=0x7ff879c35040)) returned 1 [0077.271] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.271] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879c30000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="deviceassociation.dll") returned 0x15 [0077.275] CoTaskMemFree (pv=0x548dc0) [0077.275] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.275] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879c30000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\deviceassociation.dll" (normalized: "c:\\windows\\system32\\deviceassociation.dll")) returned 0x29 [0077.282] CoTaskMemFree (pv=0x548dc0) [0077.282] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpmodinfo=0x2372d68, cb=0x18 | out: lpmodinfo=0x2372d68*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0077.290] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.290] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0077.295] CoTaskMemFree (pv=0x548dc0) [0077.295] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.295] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0077.300] CoTaskMemFree (pv=0x548dc0) [0077.300] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878b20000, lpmodinfo=0x2374f20, cb=0x18 | out: lpmodinfo=0x2374f20*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0077.304] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.304] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878b20000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WINHTTP.dll") returned 0xb [0077.309] CoTaskMemFree (pv=0x548dc0) [0077.309] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.309] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878b20000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINHTTP.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0077.314] CoTaskMemFree (pv=0x548dc0) [0077.314] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872800000, lpmodinfo=0x23770c8, cb=0x18 | out: lpmodinfo=0x23770c8*(lpBaseOfDll=0x7ff872800000, SizeOfImage=0x162000, EntryPoint=0x7ff872851b30)) returned 1 [0077.333] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.333] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872800000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="webservices.dll") returned 0xf [0077.338] CoTaskMemFree (pv=0x548dc0) [0077.338] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.338] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872800000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\webservices.dll" (normalized: "c:\\windows\\system32\\webservices.dll")) returned 0x23 [0077.344] CoTaskMemFree (pv=0x548dc0) [0077.344] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b340000, lpmodinfo=0x2379280, cb=0x18 | out: lpmodinfo=0x2379280*(lpBaseOfDll=0x7ff87b340000, SizeOfImage=0x32000, EntryPoint=0x7ff87b352340)) returned 1 [0077.349] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.349] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b340000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="fwbase.dll") returned 0xa [0077.372] CoTaskMemFree (pv=0x548dc0) [0077.372] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.372] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b340000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")) returned 0x1e [0077.377] CoTaskMemFree (pv=0x548dc0) [0077.377] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x237b428, cb=0x18 | out: lpmodinfo=0x237b428*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0077.384] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.384] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0077.405] CoTaskMemFree (pv=0x548dc0) [0077.405] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.405] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0077.410] CoTaskMemFree (pv=0x548dc0) [0077.410] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872540000, lpmodinfo=0x237d5d0, cb=0x18 | out: lpmodinfo=0x237d5d0*(lpBaseOfDll=0x7ff872540000, SizeOfImage=0x27a000, EntryPoint=0x7ff87255a7a0)) returned 1 [0077.415] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.415] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872540000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="msxml6.dll") returned 0xa [0077.420] CoTaskMemFree (pv=0x548dc0) [0077.420] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.420] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872540000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")) returned 0x1e [0077.426] CoTaskMemFree (pv=0x548dc0) [0077.426] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86ae20000, lpmodinfo=0x237f778, cb=0x18 | out: lpmodinfo=0x237f778*(lpBaseOfDll=0x7ff86ae20000, SizeOfImage=0x2a000, EntryPoint=0x7ff86ae26eb0)) returned 1 [0077.431] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.431] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86ae20000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="FunDisc.dll") returned 0xb [0077.435] CoTaskMemFree (pv=0x548dc0) [0077.436] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.436] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86ae20000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\FunDisc.dll" (normalized: "c:\\windows\\system32\\fundisc.dll")) returned 0x1f [0077.443] CoTaskMemFree (pv=0x548dc0) [0077.443] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpmodinfo=0x2381920, cb=0x18 | out: lpmodinfo=0x2381920*(lpBaseOfDll=0x7ff878ff0000, SizeOfImage=0x36000, EntryPoint=0x7ff879000070)) returned 1 [0077.448] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.448] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0077.453] CoTaskMemFree (pv=0x548dc0) [0077.453] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.453] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0077.459] CoTaskMemFree (pv=0x548dc0) [0077.459] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c230000, lpmodinfo=0x2383ac8, cb=0x18 | out: lpmodinfo=0x2383ac8*(lpBaseOfDll=0x7ff86c230000, SizeOfImage=0x13000, EntryPoint=0x7ff86c233960)) returned 1 [0077.464] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.464] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c230000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="fdPnp.dll") returned 0x9 [0077.469] CoTaskMemFree (pv=0x548dc0) [0077.469] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.469] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c230000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fdPnp.dll" (normalized: "c:\\windows\\system32\\fdpnp.dll")) returned 0x1d [0077.474] CoTaskMemFree (pv=0x548dc0) [0077.474] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86efc0000, lpmodinfo=0x2385c70, cb=0x18 | out: lpmodinfo=0x2385c70*(lpBaseOfDll=0x7ff86efc0000, SizeOfImage=0x1e000, EntryPoint=0x7ff86efc3a40)) returned 1 [0077.484] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.484] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86efc0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ATL.DLL") returned 0x7 [0077.489] CoTaskMemFree (pv=0x548dc0) [0077.489] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.489] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86efc0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ATL.DLL" (normalized: "c:\\windows\\system32\\atl.dll")) returned 0x1b [0077.495] CoTaskMemFree (pv=0x548dc0) [0077.495] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff865f60000, lpmodinfo=0x2387e08, cb=0x18 | out: lpmodinfo=0x2387e08*(lpBaseOfDll=0x7ff865f60000, SizeOfImage=0xd9000, EntryPoint=0x7ff865f6e550)) returned 1 [0077.501] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.501] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff865f60000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="drvstore.dll") returned 0xc [0077.506] CoTaskMemFree (pv=0x548dc0) [0077.506] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.506] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff865f60000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\drvstore.dll" (normalized: "c:\\windows\\system32\\drvstore.dll")) returned 0x20 [0077.512] CoTaskMemFree (pv=0x548dc0) [0077.512] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879c20000, lpmodinfo=0x2389fc0, cb=0x18 | out: lpmodinfo=0x2389fc0*(lpBaseOfDll=0x7ff879c20000, SizeOfImage=0x10000, EntryPoint=0x7ff879c214a0)) returned 1 [0077.526] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.526] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879c20000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="winprint.dll") returned 0xc [0077.532] CoTaskMemFree (pv=0x548dc0) [0077.532] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.532] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879c20000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\spool\\PRTPROCS\\x64\\winprint.dll" (normalized: "c:\\windows\\system32\\spool\\prtprocs\\x64\\winprint.dll")) returned 0x33 [0077.538] CoTaskMemFree (pv=0x548dc0) [0077.538] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpmodinfo=0x238c198, cb=0x18 | out: lpmodinfo=0x238c198*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0077.544] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.544] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0077.549] CoTaskMemFree (pv=0x548dc0) [0077.549] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.549] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0077.555] CoTaskMemFree (pv=0x548dc0) [0077.555] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x238e340, cb=0x18 | out: lpmodinfo=0x238e340*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0077.561] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.561] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0077.594] CoTaskMemFree (pv=0x548dc0) [0077.594] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.594] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0077.600] CoTaskMemFree (pv=0x548dc0) [0077.600] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpmodinfo=0x2390900, cb=0x18 | out: lpmodinfo=0x2390900*(lpBaseOfDll=0x7ff87b5c0000, SizeOfImage=0x24000, EntryPoint=0x7ff87b5c3260)) returned 1 [0077.606] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.606] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="gpapi.dll") returned 0x9 [0077.612] CoTaskMemFree (pv=0x548dc0) [0077.612] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.612] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0077.618] CoTaskMemFree (pv=0x548dc0) [0077.618] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8786a0000, lpmodinfo=0x2392aa8, cb=0x18 | out: lpmodinfo=0x2392aa8*(lpBaseOfDll=0x7ff8786a0000, SizeOfImage=0xa000, EntryPoint=0x7ff8786a1660)) returned 1 [0077.624] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.624] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8786a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="DSROLE.dll") returned 0xa [0077.682] CoTaskMemFree (pv=0x548dc0) [0077.683] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.683] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8786a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DSROLE.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")) returned 0x1e [0077.689] CoTaskMemFree (pv=0x548dc0) [0077.689] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff865bd0000, lpmodinfo=0x2394c50, cb=0x18 | out: lpmodinfo=0x2394c50*(lpBaseOfDll=0x7ff865bd0000, SizeOfImage=0xd2000, EntryPoint=0x7ff865be3380)) returned 1 [0077.695] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.695] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff865bd0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="win32spl.dll") returned 0xc [0077.701] CoTaskMemFree (pv=0x548dc0) [0077.701] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.701] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff865bd0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\win32spl.dll" (normalized: "c:\\windows\\system32\\win32spl.dll")) returned 0x20 [0077.707] CoTaskMemFree (pv=0x548dc0) [0077.707] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff867d80000, lpmodinfo=0x2396e08, cb=0x18 | out: lpmodinfo=0x2396e08*(lpBaseOfDll=0x7ff867d80000, SizeOfImage=0x2f000, EntryPoint=0x7ff867d81fa0)) returned 1 [0077.713] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.713] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff867d80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="inetpp.dll") returned 0xa [0077.722] CoTaskMemFree (pv=0x548dc0) [0077.722] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.722] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff867d80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\inetpp.dll" (normalized: "c:\\windows\\system32\\inetpp.dll")) returned 0x1e [0077.761] CoTaskMemFree (pv=0x548dc0) [0077.761] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpmodinfo=0x2398fb0, cb=0x18 | out: lpmodinfo=0x2398fb0*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0077.768] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.768] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0077.774] CoTaskMemFree (pv=0x548dc0) [0077.774] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.774] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0077.781] CoTaskMemFree (pv=0x548dc0) [0077.781] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpmodinfo=0x239b158, cb=0x18 | out: lpmodinfo=0x239b158*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0077.810] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.810] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0077.816] CoTaskMemFree (pv=0x548dc0) [0077.816] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.816] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0077.822] CoTaskMemFree (pv=0x548dc0) [0077.822] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c060000, lpmodinfo=0x239d300, cb=0x18 | out: lpmodinfo=0x239d300*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0077.828] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.828] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0077.835] CoTaskMemFree (pv=0x548dc0) [0077.835] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.835] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0077.845] CoTaskMemFree (pv=0x548dc0) [0077.845] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8744b0000, lpmodinfo=0x239f4b8, cb=0x18 | out: lpmodinfo=0x239f4b8*(lpBaseOfDll=0x7ff8744b0000, SizeOfImage=0x12000, EntryPoint=0x7ff8744b3580)) returned 1 [0077.850] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.850] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8744b0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="cscapi.dll") returned 0xa [0077.857] CoTaskMemFree (pv=0x548dc0) [0077.857] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0077.857] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8744b0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")) returned 0x1e [0077.863] CoTaskMemFree (pv=0x548dc0) [0077.864] CloseHandle (hObject=0x25c) returned 1 [0077.865] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0077.865] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xaa8) returned 0x25c [0077.865] EnumProcessModules (in: hProcess=0x25c, lphModule=0x23a3388, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23a3388, lpcbNeeded=0x14ef68) returned 1 [0077.876] EnumProcessModules (in: hProcess=0x25c, lphModule=0x23a35a0, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x23a35a0, lpcbNeeded=0x14ef68) returned 1 [0077.888] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff7c35e0000, lpmodinfo=0x23a3a10, cb=0x18 | out: lpmodinfo=0x23a3a10*(lpBaseOfDll=0x7ff7c35e0000, SizeOfImage=0x8f4000, EntryPoint=0x7ff7c3718d30)) returned 1 [0077.888] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.888] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff7c35e0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="SearchUI.exe") returned 0xc [0077.889] CoTaskMemFree (pv=0x54a0f0) [0077.889] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.889] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff7c35e0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe" (normalized: "c:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\searchui.exe")) returned 0x4a [0077.889] CoTaskMemFree (pv=0x54a0f0) [0077.889] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x23a5c50, cb=0x18 | out: lpmodinfo=0x23a5c50*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0077.890] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.890] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0077.890] CoTaskMemFree (pv=0x54a0f0) [0077.890] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.890] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0077.891] CoTaskMemFree (pv=0x54a0f0) [0077.891] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x23a7df8, cb=0x18 | out: lpmodinfo=0x23a7df8*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0077.891] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.891] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0077.892] CoTaskMemFree (pv=0x54a0f0) [0077.892] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.892] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0077.893] CoTaskMemFree (pv=0x54a0f0) [0077.893] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x23a9fb0, cb=0x18 | out: lpmodinfo=0x23a9fb0*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0077.894] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.894] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0077.894] CoTaskMemFree (pv=0x54a0f0) [0077.894] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.894] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0077.895] CoTaskMemFree (pv=0x54a0f0) [0077.895] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87aa90000, lpmodinfo=0x23ac168, cb=0x18 | out: lpmodinfo=0x23ac168*(lpBaseOfDll=0x7ff87aa90000, SizeOfImage=0x79000, EntryPoint=0x7ff87aaafb90)) returned 1 [0077.896] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.896] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87aa90000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0077.896] CoTaskMemFree (pv=0x54a0f0) [0077.896] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.896] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87aa90000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0077.897] CoTaskMemFree (pv=0x54a0f0) [0077.897] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x23ae368, cb=0x18 | out: lpmodinfo=0x23ae368*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0077.898] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.898] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0077.899] CoTaskMemFree (pv=0x54a0f0) [0077.899] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.899] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0077.899] CoTaskMemFree (pv=0x54a0f0) [0077.899] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x23b0510, cb=0x18 | out: lpmodinfo=0x23b0510*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0077.900] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.900] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0077.901] CoTaskMemFree (pv=0x54a0f0) [0077.901] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.901] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0077.902] CoTaskMemFree (pv=0x54a0f0) [0077.902] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x23b26b8, cb=0x18 | out: lpmodinfo=0x23b26b8*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0077.903] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.903] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0077.904] CoTaskMemFree (pv=0x54a0f0) [0077.904] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.904] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0077.905] CoTaskMemFree (pv=0x54a0f0) [0077.905] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x23b4860, cb=0x18 | out: lpmodinfo=0x23b4860*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0077.906] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.906] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0077.907] CoTaskMemFree (pv=0x54a0f0) [0077.907] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.907] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0077.908] CoTaskMemFree (pv=0x54a0f0) [0077.908] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff877bb0000, lpmodinfo=0x23b6ad0, cb=0x18 | out: lpmodinfo=0x23b6ad0*(lpBaseOfDll=0x7ff877bb0000, SizeOfImage=0x6a000, EntryPoint=0x7ff877bb9d60)) returned 1 [0077.909] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.909] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff877bb0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="wincorlib.DLL") returned 0xd [0077.910] CoTaskMemFree (pv=0x54a0f0) [0077.910] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.910] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff877bb0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wincorlib.DLL" (normalized: "c:\\windows\\system32\\wincorlib.dll")) returned 0x21 [0077.912] CoTaskMemFree (pv=0x54a0f0) [0077.912] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x23b8c88, cb=0x18 | out: lpmodinfo=0x23b8c88*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0077.913] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.913] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0077.914] CoTaskMemFree (pv=0x54a0f0) [0077.914] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.914] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0077.916] CoTaskMemFree (pv=0x54a0f0) [0077.916] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a130000, lpmodinfo=0x23bae40, cb=0x18 | out: lpmodinfo=0x23bae40*(lpBaseOfDll=0x7ff87a130000, SizeOfImage=0x67000, EntryPoint=0x7ff87a14e710)) returned 1 [0077.921] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.921] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a130000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="Bcp47Langs.dll") returned 0xe [0077.922] CoTaskMemFree (pv=0x54a0f0) [0077.922] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.922] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a130000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Bcp47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")) returned 0x22 [0077.924] CoTaskMemFree (pv=0x54a0f0) [0077.924] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x23bcff8, cb=0x18 | out: lpmodinfo=0x23bcff8*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0077.925] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.925] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0077.926] CoTaskMemFree (pv=0x54a0f0) [0077.926] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.926] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0077.928] CoTaskMemFree (pv=0x54a0f0) [0077.928] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x23bf1a0, cb=0x18 | out: lpmodinfo=0x23bf1a0*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0077.929] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.929] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0077.931] CoTaskMemFree (pv=0x54a0f0) [0077.931] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.931] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0077.932] CoTaskMemFree (pv=0x54a0f0) [0077.932] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8769b0000, lpmodinfo=0x23c1368, cb=0x18 | out: lpmodinfo=0x23c1368*(lpBaseOfDll=0x7ff8769b0000, SizeOfImage=0x1039000, EntryPoint=0x7ff876dcb6f0)) returned 1 [0077.934] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.934] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8769b0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="Windows.UI.Xaml.dll") returned 0x13 [0077.936] CoTaskMemFree (pv=0x54a0f0) [0077.936] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.936] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8769b0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.Xaml.dll" (normalized: "c:\\windows\\system32\\windows.ui.xaml.dll")) returned 0x27 [0077.938] CoTaskMemFree (pv=0x54a0f0) [0077.938] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x23c3530, cb=0x18 | out: lpmodinfo=0x23c3530*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0077.939] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.939] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0077.941] CoTaskMemFree (pv=0x54a0f0) [0077.941] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.941] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0077.943] CoTaskMemFree (pv=0x54a0f0) [0077.943] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x23c56d8, cb=0x18 | out: lpmodinfo=0x23c56d8*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0077.944] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.944] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0077.946] CoTaskMemFree (pv=0x54a0f0) [0077.946] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.946] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0077.948] CoTaskMemFree (pv=0x54a0f0) [0077.948] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff876870000, lpmodinfo=0x23c7998, cb=0x18 | out: lpmodinfo=0x23c7998*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0077.950] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.950] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff876870000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0077.951] CoTaskMemFree (pv=0x54a0f0) [0077.951] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.951] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff876870000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0077.953] CoTaskMemFree (pv=0x54a0f0) [0077.953] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpmodinfo=0x23c9b50, cb=0x18 | out: lpmodinfo=0x23c9b50*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0077.955] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.955] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="CoreMessaging.dll") returned 0x11 [0077.959] CoTaskMemFree (pv=0x54a0f0) [0077.959] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.959] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0077.961] CoTaskMemFree (pv=0x54a0f0) [0077.961] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpmodinfo=0x23cbd18, cb=0x18 | out: lpmodinfo=0x23cbd18*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0077.963] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.963] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0077.965] CoTaskMemFree (pv=0x54a0f0) [0077.965] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.965] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0077.968] CoTaskMemFree (pv=0x54a0f0) [0077.968] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x23cded0, cb=0x18 | out: lpmodinfo=0x23cded0*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0077.970] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.970] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0077.972] CoTaskMemFree (pv=0x54a0f0) [0077.972] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.972] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0077.974] CoTaskMemFree (pv=0x54a0f0) [0077.974] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c760000, lpmodinfo=0x23d0078, cb=0x18 | out: lpmodinfo=0x23d0078*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0077.977] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.977] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0077.979] CoTaskMemFree (pv=0x54a0f0) [0077.979] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.979] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0077.982] CoTaskMemFree (pv=0x54a0f0) [0077.982] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x23d2240, cb=0x18 | out: lpmodinfo=0x23d2240*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0077.984] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.984] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0077.986] CoTaskMemFree (pv=0x54a0f0) [0077.986] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.986] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0077.989] CoTaskMemFree (pv=0x54a0f0) [0077.989] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x23d43f8, cb=0x18 | out: lpmodinfo=0x23d43f8*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0077.991] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.991] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0077.999] CoTaskMemFree (pv=0x54a0f0) [0077.999] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0077.999] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0078.002] CoTaskMemFree (pv=0x54a0f0) [0078.002] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpmodinfo=0x23d65b0, cb=0x18 | out: lpmodinfo=0x23d65b0*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0078.004] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.004] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0078.006] CoTaskMemFree (pv=0x54a0f0) [0078.006] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.006] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0078.009] CoTaskMemFree (pv=0x54a0f0) [0078.009] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x23d8758, cb=0x18 | out: lpmodinfo=0x23d8758*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0078.011] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.011] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0078.014] CoTaskMemFree (pv=0x54a0f0) [0078.014] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.014] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0078.016] CoTaskMemFree (pv=0x54a0f0) [0078.016] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x23da910, cb=0x18 | out: lpmodinfo=0x23da910*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0078.019] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.019] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0078.021] CoTaskMemFree (pv=0x54a0f0) [0078.022] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.022] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0078.024] CoTaskMemFree (pv=0x54a0f0) [0078.024] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpmodinfo=0x23dcab8, cb=0x18 | out: lpmodinfo=0x23dcab8*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0078.027] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.027] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0078.029] CoTaskMemFree (pv=0x54a0f0) [0078.029] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.030] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0078.032] CoTaskMemFree (pv=0x54a0f0) [0078.032] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpmodinfo=0x23dec60, cb=0x18 | out: lpmodinfo=0x23dec60*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0078.044] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.044] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0078.047] CoTaskMemFree (pv=0x54a0f0) [0078.047] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.047] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0078.049] CoTaskMemFree (pv=0x54a0f0) [0078.050] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x23e0e28, cb=0x18 | out: lpmodinfo=0x23e0e28*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0078.053] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.053] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0078.055] CoTaskMemFree (pv=0x54a0f0) [0078.056] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.056] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0078.058] CoTaskMemFree (pv=0x54a0f0) [0078.058] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86a360000, lpmodinfo=0x23e2fd0, cb=0x18 | out: lpmodinfo=0x23e2fd0*(lpBaseOfDll=0x7ff86a360000, SizeOfImage=0x7a7000, EntryPoint=0x7ff86a4622c0)) returned 1 [0078.061] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.061] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86a360000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="CortanaApi.dll") returned 0xe [0078.064] CoTaskMemFree (pv=0x54a0f0) [0078.064] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.064] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86a360000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\CortanaApi.dll" (normalized: "c:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\cortanaapi.dll")) returned 0x4c [0078.067] CoTaskMemFree (pv=0x54a0f0) [0078.067] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c0c0000, lpmodinfo=0x23e51e0, cb=0x18 | out: lpmodinfo=0x23e51e0*(lpBaseOfDll=0x7ff86c0c0000, SizeOfImage=0x21000, EntryPoint=0x7ff86c0c8230)) returned 1 [0078.070] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.070] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c0c0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="BingConfigurationClient.dll") returned 0x1b [0078.073] CoTaskMemFree (pv=0x54a0f0) [0078.073] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.073] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c0c0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\BingConfigurationClient.dll" (normalized: "c:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\bingconfigurationclient.dll")) returned 0x59 [0078.080] CoTaskMemFree (pv=0x54a0f0) [0078.080] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878e80000, lpmodinfo=0x23e7420, cb=0x18 | out: lpmodinfo=0x23e7420*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0078.083] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.083] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878e80000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0078.086] CoTaskMemFree (pv=0x54a0f0) [0078.086] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.086] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878e80000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0078.089] CoTaskMemFree (pv=0x54a0f0) [0078.089] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c040000, lpmodinfo=0x23e9800, cb=0x18 | out: lpmodinfo=0x23e9800*(lpBaseOfDll=0x7ff86c040000, SizeOfImage=0x14000, EntryPoint=0x7ff86c042b50)) returned 1 [0078.092] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.093] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c040000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="windows.cortana.pal.desktop.dll") returned 0x1f [0078.096] CoTaskMemFree (pv=0x54a0f0) [0078.096] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.096] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c040000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.cortana.pal.desktop.dll" (normalized: "c:\\windows\\system32\\windows.cortana.pal.desktop.dll")) returned 0x33 [0078.099] CoTaskMemFree (pv=0x54a0f0) [0078.099] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c0f0000, lpmodinfo=0x23eb9f8, cb=0x18 | out: lpmodinfo=0x23eb9f8*(lpBaseOfDll=0x7ff86c0f0000, SizeOfImage=0x95000, EntryPoint=0x7ff86c11c210)) returned 1 [0078.102] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.103] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c0f0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="Cortana.Core.dll") returned 0x10 [0078.106] CoTaskMemFree (pv=0x54a0f0) [0078.106] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.106] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c0f0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\Cortana.Core.dll" (normalized: "c:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\cortana.core.dll")) returned 0x4e [0078.109] CoTaskMemFree (pv=0x54a0f0) [0078.109] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870840000, lpmodinfo=0x23edc10, cb=0x18 | out: lpmodinfo=0x23edc10*(lpBaseOfDll=0x7ff870840000, SizeOfImage=0x1b8000, EntryPoint=0x7ff8708ae630)) returned 1 [0078.112] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.112] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870840000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="urlmon.dll") returned 0xa [0078.118] CoTaskMemFree (pv=0x54a0f0) [0078.118] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.118] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870840000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")) returned 0x1e [0078.121] CoTaskMemFree (pv=0x54a0f0) [0078.122] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c060000, lpmodinfo=0x23efdb8, cb=0x18 | out: lpmodinfo=0x23efdb8*(lpBaseOfDll=0x7ff86c060000, SizeOfImage=0x55000, EntryPoint=0x7ff86c071250)) returned 1 [0078.125] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.125] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c060000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="Windows.Storage.ApplicationData.dll") returned 0x23 [0078.128] CoTaskMemFree (pv=0x54a0f0) [0078.128] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.129] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c060000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll" (normalized: "c:\\windows\\system32\\windows.storage.applicationdata.dll")) returned 0x37 [0078.132] CoTaskMemFree (pv=0x54a0f0) [0078.132] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff877aa0000, lpmodinfo=0x23f1fc0, cb=0x18 | out: lpmodinfo=0x23f1fc0*(lpBaseOfDll=0x7ff877aa0000, SizeOfImage=0x10e000, EntryPoint=0x7ff877aeeaa0)) returned 1 [0078.136] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.136] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff877aa0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="MrmCoreR.dll") returned 0xc [0078.140] CoTaskMemFree (pv=0x54a0f0) [0078.140] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.140] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff877aa0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")) returned 0x20 [0078.143] CoTaskMemFree (pv=0x54a0f0) [0078.143] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8779f0000, lpmodinfo=0x23f4178, cb=0x18 | out: lpmodinfo=0x23f4178*(lpBaseOfDll=0x7ff8779f0000, SizeOfImage=0xa9000, EntryPoint=0x7ff877a19010)) returned 1 [0078.147] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.147] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8779f0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="Windows.UI.dll") returned 0xe [0078.151] CoTaskMemFree (pv=0x54a0f0) [0078.151] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.151] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8779f0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll")) returned 0x22 [0078.157] CoTaskMemFree (pv=0x54a0f0) [0078.157] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87af40000, lpmodinfo=0x23f6330, cb=0x18 | out: lpmodinfo=0x23f6330*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0078.160] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.160] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0078.164] CoTaskMemFree (pv=0x54a0f0) [0078.164] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.164] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0078.168] CoTaskMemFree (pv=0x54a0f0) [0078.168] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e570000, lpmodinfo=0x23f84d8, cb=0x18 | out: lpmodinfo=0x23f84d8*(lpBaseOfDll=0x7ff86e570000, SizeOfImage=0x1a000, EntryPoint=0x7ff86e573550)) returned 1 [0078.171] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.171] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e570000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="BingIdentityManagerInternal.DLL") returned 0x1f [0078.175] CoTaskMemFree (pv=0x54a0f0) [0078.175] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.175] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e570000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\BingIdentityManagerInternal.DLL" (normalized: "c:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\bingidentitymanagerinternal.dll")) returned 0x5d [0078.179] CoTaskMemFree (pv=0x54a0f0) [0078.179] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8751b0000, lpmodinfo=0x23fa728, cb=0x18 | out: lpmodinfo=0x23fa728*(lpBaseOfDll=0x7ff8751b0000, SizeOfImage=0x15000, EntryPoint=0x7ff8751b6430)) returned 1 [0078.183] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.183] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8751b0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="threadpoolwinrt.dll") returned 0x13 [0078.187] CoTaskMemFree (pv=0x54a0f0) [0078.187] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.187] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8751b0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\threadpoolwinrt.dll" (normalized: "c:\\windows\\system32\\threadpoolwinrt.dll")) returned 0x27 [0078.194] CoTaskMemFree (pv=0x54a0f0) [0078.194] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86a110000, lpmodinfo=0x23fc8f0, cb=0x18 | out: lpmodinfo=0x23fc8f0*(lpBaseOfDll=0x7ff86a110000, SizeOfImage=0x15e000, EntryPoint=0x7ff86a15dcb0)) returned 1 [0078.198] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.198] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86a110000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="Windows.Web.Http.dll") returned 0x14 [0078.202] CoTaskMemFree (pv=0x54a0f0) [0078.208] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.208] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86a110000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Web.Http.dll" (normalized: "c:\\windows\\system32\\windows.web.http.dll")) returned 0x28 [0078.219] CoTaskMemFree (pv=0x54a0f0) [0078.219] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86a320000, lpmodinfo=0x220edc0, cb=0x18 | out: lpmodinfo=0x220edc0*(lpBaseOfDll=0x7ff86a320000, SizeOfImage=0x34000, EntryPoint=0x7ff86a325d00)) returned 1 [0078.223] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.223] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86a320000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="Windows.ApplicationModel.dll") returned 0x1c [0078.227] CoTaskMemFree (pv=0x54a0f0) [0078.227] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.227] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86a320000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.ApplicationModel.dll" (normalized: "c:\\windows\\system32\\windows.applicationmodel.dll")) returned 0x30 [0078.231] CoTaskMemFree (pv=0x54a0f0) [0078.231] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875f30000, lpmodinfo=0x2210fb8, cb=0x18 | out: lpmodinfo=0x2210fb8*(lpBaseOfDll=0x7ff875f30000, SizeOfImage=0x185000, EntryPoint=0x7ff875f76180)) returned 1 [0078.240] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.240] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875f30000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="Windows.Globalization.dll") returned 0x19 [0078.244] CoTaskMemFree (pv=0x54a0f0) [0078.244] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.244] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875f30000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Globalization.dll" (normalized: "c:\\windows\\system32\\windows.globalization.dll")) returned 0x2d [0078.248] CoTaskMemFree (pv=0x54a0f0) [0078.248] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879c90000, lpmodinfo=0x22131a0, cb=0x18 | out: lpmodinfo=0x22131a0*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0078.252] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.253] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0078.257] CoTaskMemFree (pv=0x54a0f0) [0078.257] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.257] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0078.262] CoTaskMemFree (pv=0x54a0f0) [0078.262] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a590000, lpmodinfo=0x2215358, cb=0x18 | out: lpmodinfo=0x2215358*(lpBaseOfDll=0x7ff87a590000, SizeOfImage=0x22000, EntryPoint=0x7ff87a591a40)) returned 1 [0078.266] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.266] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a590000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0078.270] CoTaskMemFree (pv=0x54a0f0) [0078.270] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.270] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a590000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0078.289] CoTaskMemFree (pv=0x54a0f0) [0078.289] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a230000, lpmodinfo=0x2217500, cb=0x18 | out: lpmodinfo=0x2217500*(lpBaseOfDll=0x7ff87a230000, SizeOfImage=0xa2000, EntryPoint=0x7ff87a250a40)) returned 1 [0078.295] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.296] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a230000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="dxgi.dll") returned 0x8 [0078.301] CoTaskMemFree (pv=0x54a0f0) [0078.301] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.301] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a230000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")) returned 0x1c [0078.306] CoTaskMemFree (pv=0x54a0f0) [0078.306] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86a0d0000, lpmodinfo=0x22196a8, cb=0x18 | out: lpmodinfo=0x22196a8*(lpBaseOfDll=0x7ff86a0d0000, SizeOfImage=0x34000, EntryPoint=0x7ff86a0e94e0)) returned 1 [0078.310] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.310] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86a0d0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="PersonaX.dll") returned 0xc [0078.315] CoTaskMemFree (pv=0x54a0f0) [0078.315] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.315] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86a0d0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PersonaX.dll" (normalized: "c:\\windows\\system32\\personax.dll")) returned 0x20 [0078.319] CoTaskMemFree (pv=0x54a0f0) [0078.319] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874220000, lpmodinfo=0x221b860, cb=0x18 | out: lpmodinfo=0x221b860*(lpBaseOfDll=0x7ff874220000, SizeOfImage=0x288000, EntryPoint=0x7ff87427f670)) returned 1 [0078.324] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.324] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874220000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="CoreUIComponents.dll") returned 0x14 [0078.343] CoTaskMemFree (pv=0x54a0f0) [0078.343] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.343] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874220000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll")) returned 0x28 [0078.347] CoTaskMemFree (pv=0x54a0f0) [0078.347] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a2e0000, lpmodinfo=0x221da38, cb=0x18 | out: lpmodinfo=0x221da38*(lpBaseOfDll=0x7ff87a2e0000, SizeOfImage=0x2a8000, EntryPoint=0x7ff87a373250)) returned 1 [0078.352] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.352] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a2e0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="d3d11.dll") returned 0x9 [0078.377] CoTaskMemFree (pv=0x54a0f0) [0078.377] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.377] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a2e0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll")) returned 0x1d [0078.382] CoTaskMemFree (pv=0x54a0f0) [0078.382] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879580000, lpmodinfo=0x221fbe0, cb=0x18 | out: lpmodinfo=0x221fbe0*(lpBaseOfDll=0x7ff879580000, SizeOfImage=0x26f000, EntryPoint=0x7ff8796322b0)) returned 1 [0078.386] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.386] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879580000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="d3d10warp.dll") returned 0xd [0078.392] CoTaskMemFree (pv=0x54a0f0) [0078.392] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.392] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879580000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll")) returned 0x21 [0078.406] CoTaskMemFree (pv=0x54a0f0) [0078.406] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879030000, lpmodinfo=0x2221d98, cb=0x18 | out: lpmodinfo=0x2221d98*(lpBaseOfDll=0x7ff879030000, SizeOfImage=0x545000, EntryPoint=0x7ff8791ca450)) returned 1 [0078.411] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.411] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879030000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="d2d1.dll") returned 0x8 [0078.415] CoTaskMemFree (pv=0x54a0f0) [0078.415] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.415] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879030000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll")) returned 0x1c [0078.420] CoTaskMemFree (pv=0x54a0f0) [0078.420] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a6a0000, lpmodinfo=0x2223f40, cb=0x18 | out: lpmodinfo=0x2223f40*(lpBaseOfDll=0x7ff87a6a0000, SizeOfImage=0xe3000, EntryPoint=0x7ff87a6d7da0)) returned 1 [0078.425] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.425] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a6a0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="dcomp.dll") returned 0x9 [0078.430] CoTaskMemFree (pv=0x54a0f0) [0078.430] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.430] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a6a0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll")) returned 0x1d [0078.434] CoTaskMemFree (pv=0x54a0f0) [0078.434] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fbb0000, lpmodinfo=0x22260e8, cb=0x18 | out: lpmodinfo=0x22260e8*(lpBaseOfDll=0x7ff87fbb0000, SizeOfImage=0x15a000, EntryPoint=0x7ff87fbf38e0)) returned 1 [0078.443] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.443] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fbb0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0078.448] CoTaskMemFree (pv=0x54a0f0) [0078.448] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.448] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fbb0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0078.462] CoTaskMemFree (pv=0x54a0f0) [0078.462] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c320000, lpmodinfo=0x2228290, cb=0x18 | out: lpmodinfo=0x2228290*(lpBaseOfDll=0x7ff86c320000, SizeOfImage=0x1f000, EntryPoint=0x7ff86c321500)) returned 1 [0078.467] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.467] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c320000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="Windows.Cortana.ProxyStub.dll") returned 0x1d [0078.472] CoTaskMemFree (pv=0x54a0f0) [0078.472] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.472] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c320000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Cortana.ProxyStub.dll" (normalized: "c:\\windows\\system32\\windows.cortana.proxystub.dll")) returned 0x31 [0078.477] CoTaskMemFree (pv=0x54a0f0) [0078.479] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e390000, lpmodinfo=0x222a488, cb=0x18 | out: lpmodinfo=0x222a488*(lpBaseOfDll=0x7ff86e390000, SizeOfImage=0x4a000, EntryPoint=0x7ff86e395800)) returned 1 [0078.484] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.484] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e390000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="DataExchange.dll") returned 0x10 [0078.493] CoTaskMemFree (pv=0x54a0f0) [0078.493] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.493] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e390000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll")) returned 0x24 [0078.501] CoTaskMemFree (pv=0x54a0f0) [0078.501] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c060000, lpmodinfo=0x222c650, cb=0x18 | out: lpmodinfo=0x222c650*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0078.506] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.506] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0078.511] CoTaskMemFree (pv=0x54a0f0) [0078.511] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.511] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0078.516] CoTaskMemFree (pv=0x54a0f0) [0078.516] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpmodinfo=0x222e808, cb=0x18 | out: lpmodinfo=0x222e808*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0078.521] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.521] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0078.526] CoTaskMemFree (pv=0x54a0f0) [0078.526] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.526] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0078.535] CoTaskMemFree (pv=0x54a0f0) [0078.535] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpmodinfo=0x22309b0, cb=0x18 | out: lpmodinfo=0x22309b0*(lpBaseOfDll=0x7ff878ff0000, SizeOfImage=0x36000, EntryPoint=0x7ff879000070)) returned 1 [0078.540] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.540] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0078.545] CoTaskMemFree (pv=0x54a0f0) [0078.545] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.545] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0078.551] CoTaskMemFree (pv=0x54a0f0) [0078.551] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f290000, lpmodinfo=0x2232b58, cb=0x18 | out: lpmodinfo=0x2232b58*(lpBaseOfDll=0x7ff86f290000, SizeOfImage=0xb1000, EntryPoint=0x7ff86f2a08f0)) returned 1 [0078.556] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.556] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f290000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="twinapi.dll") returned 0xb [0078.561] CoTaskMemFree (pv=0x54a0f0) [0078.561] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.561] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f290000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll")) returned 0x1f [0078.567] CoTaskMemFree (pv=0x54a0f0) [0078.567] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8760c0000, lpmodinfo=0x2234d00, cb=0x18 | out: lpmodinfo=0x2234d00*(lpBaseOfDll=0x7ff8760c0000, SizeOfImage=0x260000, EntryPoint=0x7ff87616b5b0)) returned 1 [0078.576] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.576] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8760c0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="dwrite.dll") returned 0xa [0078.583] CoTaskMemFree (pv=0x54a0f0) [0078.583] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.583] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8760c0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dwrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll")) returned 0x1e [0078.588] CoTaskMemFree (pv=0x54a0f0) [0078.588] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86a270000, lpmodinfo=0x2236ea8, cb=0x18 | out: lpmodinfo=0x2236ea8*(lpBaseOfDll=0x7ff86a270000, SizeOfImage=0x5f000, EntryPoint=0x7ff86a281560)) returned 1 [0078.594] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.594] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86a270000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="Windows.Graphics.dll") returned 0x14 [0078.599] CoTaskMemFree (pv=0x54a0f0) [0078.599] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.599] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86a270000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Graphics.dll" (normalized: "c:\\windows\\system32\\windows.graphics.dll")) returned 0x28 [0078.605] CoTaskMemFree (pv=0x54a0f0) [0078.605] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86bdd0000, lpmodinfo=0x2239080, cb=0x18 | out: lpmodinfo=0x2239080*(lpBaseOfDll=0x7ff86bdd0000, SizeOfImage=0x262000, EntryPoint=0x7ff86be2ad50)) returned 1 [0078.612] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.612] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86bdd0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="Cortana.BackgroundTask.dll") returned 0x1a [0078.618] CoTaskMemFree (pv=0x54a0f0) [0078.618] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.618] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86bdd0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\Cortana.BackgroundTask.dll" (normalized: "c:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\cortana.backgroundtask.dll")) returned 0x58 [0078.624] CoTaskMemFree (pv=0x54a0f0) [0078.624] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86b0b0000, lpmodinfo=0x223b2c0, cb=0x18 | out: lpmodinfo=0x223b2c0*(lpBaseOfDll=0x7ff86b0b0000, SizeOfImage=0xc5000, EntryPoint=0x7ff86b0be740)) returned 1 [0078.630] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.630] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86b0b0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="Windows.Web.dll") returned 0xf [0078.635] CoTaskMemFree (pv=0x54a0f0) [0078.635] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.635] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86b0b0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Web.dll" (normalized: "c:\\windows\\system32\\windows.web.dll")) returned 0x23 [0078.641] CoTaskMemFree (pv=0x54a0f0) [0078.641] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d650000, lpmodinfo=0x223d890, cb=0x18 | out: lpmodinfo=0x223d890*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0078.649] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.649] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d650000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0078.655] CoTaskMemFree (pv=0x54a0f0) [0078.655] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.655] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d650000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0078.660] CoTaskMemFree (pv=0x54a0f0) [0078.660] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875ea0000, lpmodinfo=0x223fa38, cb=0x18 | out: lpmodinfo=0x223fa38*(lpBaseOfDll=0x7ff875ea0000, SizeOfImage=0x8b000, EntryPoint=0x7ff875ed3660)) returned 1 [0078.665] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.666] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875ea0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="directmanipulation.dll") returned 0x16 [0078.671] CoTaskMemFree (pv=0x54a0f0) [0078.671] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.671] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875ea0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\directmanipulation.dll" (normalized: "c:\\windows\\system32\\directmanipulation.dll")) returned 0x2a [0078.677] CoTaskMemFree (pv=0x54a0f0) [0078.677] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpmodinfo=0x2241c10, cb=0x18 | out: lpmodinfo=0x2241c10*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0078.684] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.684] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0078.691] CoTaskMemFree (pv=0x54a0f0) [0078.691] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.691] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0078.697] CoTaskMemFree (pv=0x54a0f0) [0078.697] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff869d30000, lpmodinfo=0x2243db8, cb=0x18 | out: lpmodinfo=0x2243db8*(lpBaseOfDll=0x7ff869d30000, SizeOfImage=0x339000, EntryPoint=0x7ff869dfeb30)) returned 1 [0078.703] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.703] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff869d30000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="msftedit.dll") returned 0xc [0078.709] CoTaskMemFree (pv=0x54a0f0) [0078.709] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.709] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff869d30000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msftedit.dll" (normalized: "c:\\windows\\system32\\msftedit.dll")) returned 0x20 [0078.715] CoTaskMemFree (pv=0x54a0f0) [0078.715] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879bf0000, lpmodinfo=0x2245f70, cb=0x18 | out: lpmodinfo=0x2245f70*(lpBaseOfDll=0x7ff879bf0000, SizeOfImage=0x30000, EntryPoint=0x7ff879c09b10)) returned 1 [0078.724] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.724] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879bf0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="globinputhost.dll") returned 0x11 [0078.729] CoTaskMemFree (pv=0x54a0f0) [0078.729] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.729] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879bf0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\globinputhost.dll" (normalized: "c:\\windows\\system32\\globinputhost.dll")) returned 0x25 [0078.736] CoTaskMemFree (pv=0x54a0f0) [0078.736] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c490000, lpmodinfo=0x2248138, cb=0x18 | out: lpmodinfo=0x2248138*(lpBaseOfDll=0x7ff86c490000, SizeOfImage=0x5c000, EntryPoint=0x7ff86c4a7190)) returned 1 [0078.742] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.742] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c490000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="NInput.dll") returned 0xa [0078.748] CoTaskMemFree (pv=0x54a0f0) [0078.748] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.748] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c490000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NInput.dll" (normalized: "c:\\windows\\system32\\ninput.dll")) returned 0x1e [0078.755] CoTaskMemFree (pv=0x54a0f0) [0078.755] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff869940000, lpmodinfo=0x224a2e0, cb=0x18 | out: lpmodinfo=0x224a2e0*(lpBaseOfDll=0x7ff869940000, SizeOfImage=0x3ec000, EntryPoint=0x7ff869948780)) returned 1 [0078.762] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.762] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff869940000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="RemindersUI.dll") returned 0xf [0078.768] CoTaskMemFree (pv=0x54a0f0) [0078.768] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.768] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff869940000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\RemindersUI.dll" (normalized: "c:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\remindersui.dll")) returned 0x4d [0078.774] CoTaskMemFree (pv=0x54a0f0) [0078.774] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86a2e0000, lpmodinfo=0x224c4f0, cb=0x18 | out: lpmodinfo=0x224c4f0*(lpBaseOfDll=0x7ff86a2e0000, SizeOfImage=0x18000, EntryPoint=0x7ff86a2e3a50)) returned 1 [0078.781] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.781] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86a2e0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="Windows.Globalization.Fontgroups.dll") returned 0x24 [0078.787] CoTaskMemFree (pv=0x54a0f0) [0078.787] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.787] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86a2e0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Globalization.Fontgroups.dll" (normalized: "c:\\windows\\system32\\windows.globalization.fontgroups.dll")) returned 0x38 [0078.793] CoTaskMemFree (pv=0x54a0f0) [0078.793] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878e40000, lpmodinfo=0x224e708, cb=0x18 | out: lpmodinfo=0x224e708*(lpBaseOfDll=0x7ff878e40000, SizeOfImage=0x33000, EntryPoint=0x7ff878e4d5a0)) returned 1 [0078.803] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.803] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878e40000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="biwinrt.dll") returned 0xb [0078.809] CoTaskMemFree (pv=0x54a0f0) [0078.810] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.810] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878e40000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\biwinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll")) returned 0x1f [0078.816] CoTaskMemFree (pv=0x54a0f0) [0078.816] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86a2d0000, lpmodinfo=0x22508b0, cb=0x18 | out: lpmodinfo=0x22508b0*(lpBaseOfDll=0x7ff86a2d0000, SizeOfImage=0xa000, EntryPoint=0x7ff86a2d1150)) returned 1 [0078.822] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.822] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86a2d0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="fontgroupsoverride.dll") returned 0x16 [0078.829] CoTaskMemFree (pv=0x54a0f0) [0078.829] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.829] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86a2d0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\fontgroupsoverride.dll" (normalized: "c:\\windows\\system32\\fontgroupsoverride.dll")) returned 0x2a [0078.955] CoTaskMemFree (pv=0x54a0f0) [0078.955] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8683c0000, lpmodinfo=0x2252a88, cb=0x18 | out: lpmodinfo=0x2252a88*(lpBaseOfDll=0x7ff8683c0000, SizeOfImage=0x157a000, EntryPoint=0x7ff86890a540)) returned 1 [0078.961] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.961] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8683c0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="edgehtml.dll") returned 0xc [0078.968] CoTaskMemFree (pv=0x54a0f0) [0078.968] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.968] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8683c0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\edgehtml.dll" (normalized: "c:\\windows\\system32\\edgehtml.dll")) returned 0x20 [0078.975] CoTaskMemFree (pv=0x54a0f0) [0078.975] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpmodinfo=0x2254c40, cb=0x18 | out: lpmodinfo=0x2254c40*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0078.982] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.982] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="cryptsp.dll") returned 0xb [0078.991] CoTaskMemFree (pv=0x54a0f0) [0078.991] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0078.991] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0078.997] CoTaskMemFree (pv=0x54a0f0) [0078.997] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff867500000, lpmodinfo=0x2256de8, cb=0x18 | out: lpmodinfo=0x2256de8*(lpBaseOfDll=0x7ff867500000, SizeOfImage=0x782000, EntryPoint=0x7ff8677753e0)) returned 1 [0079.004] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.004] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff867500000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="chakra.dll") returned 0xa [0079.012] CoTaskMemFree (pv=0x54a0f0) [0079.012] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.012] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff867500000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\chakra.dll" (normalized: "c:\\windows\\system32\\chakra.dll")) returned 0x1e [0079.019] CoTaskMemFree (pv=0x54a0f0) [0079.019] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c2e0000, lpmodinfo=0x2258f90, cb=0x18 | out: lpmodinfo=0x2258f90*(lpBaseOfDll=0x7ff86c2e0000, SizeOfImage=0x3e000, EntryPoint=0x7ff86c2e9650)) returned 1 [0079.029] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.030] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c2e0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="MLANG.dll") returned 0x9 [0079.036] CoTaskMemFree (pv=0x54a0f0) [0079.037] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.037] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c2e0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MLANG.dll" (normalized: "c:\\windows\\system32\\mlang.dll")) returned 0x1d [0079.043] CoTaskMemFree (pv=0x54a0f0) [0079.043] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879920000, lpmodinfo=0x225b138, cb=0x18 | out: lpmodinfo=0x225b138*(lpBaseOfDll=0x7ff879920000, SizeOfImage=0x1b1000, EntryPoint=0x7ff8799b61a0)) returned 1 [0079.050] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.050] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879920000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="windowscodecs.dll") returned 0x11 [0079.057] CoTaskMemFree (pv=0x54a0f0) [0079.057] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.057] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879920000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windowscodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")) returned 0x25 [0079.065] CoTaskMemFree (pv=0x54a0f0) [0079.065] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c2b0000, lpmodinfo=0x225d300, cb=0x18 | out: lpmodinfo=0x225d300*(lpBaseOfDll=0x7ff86c2b0000, SizeOfImage=0x21000, EntryPoint=0x7ff86c2be0a0)) returned 1 [0079.072] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.072] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c2b0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="srpapi.dll") returned 0xa [0079.079] CoTaskMemFree (pv=0x54a0f0) [0079.079] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.079] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c2b0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\srpapi.dll" (normalized: "c:\\windows\\system32\\srpapi.dll")) returned 0x1e [0079.086] CoTaskMemFree (pv=0x54a0f0) [0079.086] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d170000, lpmodinfo=0x225f4a8, cb=0x18 | out: lpmodinfo=0x225f4a8*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0079.093] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.093] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0079.101] CoTaskMemFree (pv=0x54a0f0) [0079.101] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.101] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0079.109] CoTaskMemFree (pv=0x54a0f0) [0079.109] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpmodinfo=0x2261650, cb=0x18 | out: lpmodinfo=0x2261650*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0079.116] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.116] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0079.123] CoTaskMemFree (pv=0x54a0f0) [0079.123] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.123] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0079.131] CoTaskMemFree (pv=0x54a0f0) [0079.131] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x22637f8, cb=0x18 | out: lpmodinfo=0x22637f8*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0079.140] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.141] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0079.148] CoTaskMemFree (pv=0x54a0f0) [0079.148] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.148] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0079.155] CoTaskMemFree (pv=0x54a0f0) [0079.155] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86ec70000, lpmodinfo=0x22659a0, cb=0x18 | out: lpmodinfo=0x22659a0*(lpBaseOfDll=0x7ff86ec70000, SizeOfImage=0x10000, EntryPoint=0x7ff86ec72200)) returned 1 [0079.162] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.162] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86ec70000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="msimtf.dll") returned 0xa [0079.170] CoTaskMemFree (pv=0x54a0f0) [0079.170] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.170] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86ec70000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msimtf.dll" (normalized: "c:\\windows\\system32\\msimtf.dll")) returned 0x1e [0079.179] CoTaskMemFree (pv=0x54a0f0) [0079.179] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86ec80000, lpmodinfo=0x2267b48, cb=0x18 | out: lpmodinfo=0x2267b48*(lpBaseOfDll=0x7ff86ec80000, SizeOfImage=0x28e000, EntryPoint=0x7ff86ed50f00)) returned 1 [0079.186] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.186] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86ec80000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="WININET.dll") returned 0xb [0079.193] CoTaskMemFree (pv=0x54a0f0) [0079.193] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.193] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86ec80000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WININET.dll" (normalized: "c:\\windows\\system32\\wininet.dll")) returned 0x1f [0079.201] CoTaskMemFree (pv=0x54a0f0) [0079.201] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c2a0000, lpmodinfo=0x2269cf0, cb=0x18 | out: lpmodinfo=0x2269cf0*(lpBaseOfDll=0x7ff86c2a0000, SizeOfImage=0xe000, EntryPoint=0x7ff86c2a4c60)) returned 1 [0079.210] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.210] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c2a0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="tokenbinding.dll") returned 0x10 [0079.224] CoTaskMemFree (pv=0x54a0f0) [0079.224] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.224] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c2a0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\tokenbinding.dll" (normalized: "c:\\windows\\system32\\tokenbinding.dll")) returned 0x24 [0079.232] CoTaskMemFree (pv=0x54a0f0) [0079.232] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpmodinfo=0x226beb8, cb=0x18 | out: lpmodinfo=0x226beb8*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0079.239] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.240] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0079.247] CoTaskMemFree (pv=0x54a0f0) [0079.247] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.247] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0079.257] CoTaskMemFree (pv=0x54a0f0) [0079.257] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874ab0000, lpmodinfo=0x226e060, cb=0x18 | out: lpmodinfo=0x226e060*(lpBaseOfDll=0x7ff874ab0000, SizeOfImage=0x15000, EntryPoint=0x7ff874ab2dc0)) returned 1 [0079.265] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.265] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874ab0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0079.272] CoTaskMemFree (pv=0x54a0f0) [0079.273] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.273] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874ab0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0079.280] CoTaskMemFree (pv=0x54a0f0) [0079.280] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875480000, lpmodinfo=0x2270248, cb=0x18 | out: lpmodinfo=0x2270248*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0079.287] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.287] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875480000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0079.299] CoTaskMemFree (pv=0x54a0f0) [0079.299] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.299] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875480000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0079.306] CoTaskMemFree (pv=0x54a0f0) [0079.306] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878b20000, lpmodinfo=0x2272400, cb=0x18 | out: lpmodinfo=0x2272400*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0079.314] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.314] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878b20000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0079.322] CoTaskMemFree (pv=0x54a0f0) [0079.322] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.322] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878b20000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0079.331] CoTaskMemFree (pv=0x54a0f0) [0079.331] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87be90000, lpmodinfo=0x22745a8, cb=0x18 | out: lpmodinfo=0x22745a8*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0079.340] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.340] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0079.347] CoTaskMemFree (pv=0x54a0f0) [0079.347] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.347] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0079.355] CoTaskMemFree (pv=0x54a0f0) [0079.355] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpmodinfo=0x2276750, cb=0x18 | out: lpmodinfo=0x2276750*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0079.412] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.412] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0079.421] CoTaskMemFree (pv=0x54a0f0) [0079.421] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.422] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0079.430] CoTaskMemFree (pv=0x54a0f0) [0079.430] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpmodinfo=0x22788f8, cb=0x18 | out: lpmodinfo=0x22788f8*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0079.438] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.438] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0079.445] CoTaskMemFree (pv=0x54a0f0) [0079.463] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.463] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0079.472] CoTaskMemFree (pv=0x54a0f0) [0079.472] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b030000, lpmodinfo=0x227aa90, cb=0x18 | out: lpmodinfo=0x227aa90*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0079.480] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.480] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b030000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0079.487] CoTaskMemFree (pv=0x54a0f0) [0079.488] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.488] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b030000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0079.496] CoTaskMemFree (pv=0x54a0f0) [0079.496] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpmodinfo=0x227cc38, cb=0x18 | out: lpmodinfo=0x227cc38*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0079.506] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.506] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="userenv.dll") returned 0xb [0079.513] CoTaskMemFree (pv=0x54a0f0) [0079.513] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.513] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0079.521] CoTaskMemFree (pv=0x54a0f0) [0079.521] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86d200000, lpmodinfo=0x227ede0, cb=0x18 | out: lpmodinfo=0x227ede0*(lpBaseOfDll=0x7ff86d200000, SizeOfImage=0x15000, EntryPoint=0x7ff86d205740)) returned 1 [0079.530] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.530] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86d200000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="profext.dll") returned 0xb [0079.542] CoTaskMemFree (pv=0x54a0f0) [0079.542] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.542] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86d200000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll")) returned 0x1f [0079.550] CoTaskMemFree (pv=0x54a0f0) [0079.550] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpmodinfo=0x2280f88, cb=0x18 | out: lpmodinfo=0x2280f88*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0079.558] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.558] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0079.567] CoTaskMemFree (pv=0x54a0f0) [0079.567] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.567] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0079.580] CoTaskMemFree (pv=0x54a0f0) [0079.580] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c290000, lpmodinfo=0x2283130, cb=0x18 | out: lpmodinfo=0x2283130*(lpBaseOfDll=0x7ff86c290000, SizeOfImage=0xc000, EntryPoint=0x7ff86c294040)) returned 1 [0079.589] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.589] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c290000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="Windows.ApplicationModel.Background.TimeBroker.dll") returned 0x32 [0079.599] CoTaskMemFree (pv=0x54a0f0) [0079.599] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.599] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c290000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.ApplicationModel.Background.TimeBroker.dll" (normalized: "c:\\windows\\system32\\windows.applicationmodel.background.timebroker.dll")) returned 0x46 [0079.607] CoTaskMemFree (pv=0x54a0f0) [0079.607] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b380000, lpmodinfo=0x2285378, cb=0x18 | out: lpmodinfo=0x2285378*(lpBaseOfDll=0x7ff87b380000, SizeOfImage=0x2a000, EntryPoint=0x7ff87b388b90)) returned 1 [0079.618] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.618] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b380000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="rmclient.dll") returned 0xc [0079.627] CoTaskMemFree (pv=0x54a0f0) [0079.629] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.629] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b380000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")) returned 0x20 [0079.637] CoTaskMemFree (pv=0x54a0f0) [0079.637] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c250000, lpmodinfo=0x2287530, cb=0x18 | out: lpmodinfo=0x2287530*(lpBaseOfDll=0x7ff86c250000, SizeOfImage=0x38000, EntryPoint=0x7ff86c272120)) returned 1 [0079.652] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.652] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c250000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="rometadata.dll") returned 0xe [0079.662] CoTaskMemFree (pv=0x54a0f0) [0079.662] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.662] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c250000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rometadata.dll" (normalized: "c:\\windows\\system32\\rometadata.dll")) returned 0x22 [0079.671] CoTaskMemFree (pv=0x54a0f0) [0079.671] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874830000, lpmodinfo=0x22896e8, cb=0x18 | out: lpmodinfo=0x22896e8*(lpBaseOfDll=0x7ff874830000, SizeOfImage=0xa000, EntryPoint=0x7ff8748314c0)) returned 1 [0079.680] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.680] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874830000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0079.688] CoTaskMemFree (pv=0x54a0f0) [0079.689] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.689] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874830000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0079.698] CoTaskMemFree (pv=0x54a0f0) [0079.698] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpmodinfo=0x228b8a0, cb=0x18 | out: lpmodinfo=0x228b8a0*(lpBaseOfDll=0x7ff874fc0000, SizeOfImage=0x67000, EntryPoint=0x7ff874fc63e0)) returned 1 [0079.716] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.716] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0079.729] CoTaskMemFree (pv=0x54a0f0) [0079.729] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.729] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0079.738] CoTaskMemFree (pv=0x54a0f0) [0079.738] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bb10000, lpmodinfo=0x228da58, cb=0x18 | out: lpmodinfo=0x228da58*(lpBaseOfDll=0x7ff87bb10000, SizeOfImage=0x7a000, EntryPoint=0x7ff87bb31a50)) returned 1 [0079.750] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.750] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bb10000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0079.760] CoTaskMemFree (pv=0x54a0f0) [0079.761] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.761] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bb10000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0079.769] CoTaskMemFree (pv=0x54a0f0) [0079.769] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c8b0000, lpmodinfo=0x228fc10, cb=0x18 | out: lpmodinfo=0x228fc10*(lpBaseOfDll=0x7ff86c8b0000, SizeOfImage=0x14000, EntryPoint=0x7ff86c8b3710)) returned 1 [0079.779] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.779] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c8b0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0079.789] CoTaskMemFree (pv=0x54a0f0) [0079.789] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.789] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c8b0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0079.798] CoTaskMemFree (pv=0x54a0f0) [0079.798] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c130000, lpmodinfo=0x2291dd8, cb=0x18 | out: lpmodinfo=0x2291dd8*(lpBaseOfDll=0x7ff87c130000, SizeOfImage=0x27000, EntryPoint=0x7ff87c140aa0)) returned 1 [0079.807] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.807] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c130000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0079.863] CoTaskMemFree (pv=0x54a0f0) [0079.863] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.863] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c130000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0079.872] CoTaskMemFree (pv=0x54a0f0) [0079.872] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c0f0000, lpmodinfo=0x2293f80, cb=0x18 | out: lpmodinfo=0x2293f80*(lpBaseOfDll=0x7ff87c0f0000, SizeOfImage=0x3a000, EntryPoint=0x7ff87c0f8d20)) returned 1 [0079.881] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.881] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c0f0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0079.890] CoTaskMemFree (pv=0x54a0f0) [0079.890] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.890] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c0f0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0079.905] CoTaskMemFree (pv=0x54a0f0) [0079.905] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c960000, lpmodinfo=0x2296128, cb=0x18 | out: lpmodinfo=0x2296128*(lpBaseOfDll=0x7ff86c960000, SizeOfImage=0x1e000, EntryPoint=0x7ff86c96ef80)) returned 1 [0079.915] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.915] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c960000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0079.924] CoTaskMemFree (pv=0x54a0f0) [0079.924] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.924] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c960000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0079.933] CoTaskMemFree (pv=0x54a0f0) [0079.933] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpmodinfo=0x22982e0, cb=0x18 | out: lpmodinfo=0x22982e0*(lpBaseOfDll=0x7ff87bc10000, SizeOfImage=0xa000, EntryPoint=0x7ff87bc11830)) returned 1 [0079.945] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.945] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="DPAPI.DLL") returned 0x9 [0079.956] CoTaskMemFree (pv=0x54a0f0) [0079.956] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.956] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DPAPI.DLL" (normalized: "c:\\windows\\system32\\dpapi.dll")) returned 0x1d [0079.965] CoTaskMemFree (pv=0x54a0f0) [0079.965] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d340000, lpmodinfo=0x229a488, cb=0x18 | out: lpmodinfo=0x229a488*(lpBaseOfDll=0x7ff87d340000, SizeOfImage=0x55000, EntryPoint=0x7ff87d357970)) returned 1 [0079.978] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.978] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d340000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0079.988] CoTaskMemFree (pv=0x54a0f0) [0079.988] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0079.988] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d340000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0079.997] CoTaskMemFree (pv=0x54a0f0) [0079.997] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpmodinfo=0x229c640, cb=0x18 | out: lpmodinfo=0x229c640*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0080.006] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0080.006] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpBaseName=0x54a0f0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0080.020] CoTaskMemFree (pv=0x54a0f0) [0080.020] CoTaskMemAlloc (cb=0x804) returned 0x54a0f0 [0080.020] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpFilename=0x54a0f0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0080.033] CoTaskMemFree (pv=0x54a0f0) [0080.033] CloseHandle (hObject=0x25c) returned 1 [0080.034] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0080.035] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1194) returned 0x25c [0080.035] EnumProcessModules (in: hProcess=0x25c, lphModule=0x22a1220, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22a1220, lpcbNeeded=0x14ef68) returned 1 [0080.036] GetModuleInformation (in: hProcess=0x25c, hModule=0xd40000, lpmodinfo=0x22a1490, cb=0x18 | out: lpmodinfo=0x22a1490*(lpBaseOfDll=0xd40000, SizeOfImage=0x17000, EntryPoint=0xd414a1)) returned 1 [0080.036] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.036] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xd40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="omnipos.exe") returned 0xb [0080.037] CoTaskMemFree (pv=0x548dc0) [0080.037] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.037] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xd40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\MSBuild\\omnipos.exe" (normalized: "c:\\program files (x86)\\msbuild\\omnipos.exe")) returned 0x2a [0080.037] CoTaskMemFree (pv=0x548dc0) [0080.037] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x22a3688, cb=0x18 | out: lpmodinfo=0x22a3688*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0080.038] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.038] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0080.038] CoTaskMemFree (pv=0x548dc0) [0080.038] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.038] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0080.040] CoTaskMemFree (pv=0x548dc0) [0080.040] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x22a5830, cb=0x18 | out: lpmodinfo=0x22a5830*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0080.040] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.040] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0080.041] CoTaskMemFree (pv=0x548dc0) [0080.041] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.041] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0080.042] CoTaskMemFree (pv=0x548dc0) [0080.042] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x22a79d8, cb=0x18 | out: lpmodinfo=0x22a79d8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0080.042] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.042] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0080.043] CoTaskMemFree (pv=0x548dc0) [0080.043] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.043] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0080.044] CoTaskMemFree (pv=0x548dc0) [0080.044] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x22a9b90, cb=0x18 | out: lpmodinfo=0x22a9b90*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0080.044] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.044] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0080.045] CoTaskMemFree (pv=0x548dc0) [0080.045] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.045] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0080.046] CoTaskMemFree (pv=0x548dc0) [0080.046] CloseHandle (hObject=0x25c) returned 1 [0080.046] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0080.046] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2f4) returned 0x25c [0080.046] EnumProcessModules (in: hProcess=0x25c, lphModule=0x22ac368, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22ac368, lpcbNeeded=0x14ef68) returned 1 [0080.051] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff7531e0000, lpmodinfo=0x22ac5d8, cb=0x18 | out: lpmodinfo=0x22ac5d8*(lpBaseOfDll=0x7ff7531e0000, SizeOfImage=0x80000, EntryPoint=0x7ff7531f5f50)) returned 1 [0080.051] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.051] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff7531e0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wmiprvse.exe") returned 0xc [0080.052] CoTaskMemFree (pv=0x548dc0) [0080.052] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.052] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff7531e0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiprvse.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")) returned 0x25 [0080.052] CoTaskMemFree (pv=0x548dc0) [0080.052] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x22ae7d0, cb=0x18 | out: lpmodinfo=0x22ae7d0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0080.053] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.053] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0080.053] CoTaskMemFree (pv=0x548dc0) [0080.053] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.053] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0080.054] CoTaskMemFree (pv=0x548dc0) [0080.054] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x22b0978, cb=0x18 | out: lpmodinfo=0x22b0978*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0080.054] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.054] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0080.168] CoTaskMemFree (pv=0x548dc0) [0080.168] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.168] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0080.169] CoTaskMemFree (pv=0x548dc0) [0080.169] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x22b2b30, cb=0x18 | out: lpmodinfo=0x22b2b30*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0080.170] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.170] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0080.170] CoTaskMemFree (pv=0x548dc0) [0080.170] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.170] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0080.171] CoTaskMemFree (pv=0x548dc0) [0080.171] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x22b4ce8, cb=0x18 | out: lpmodinfo=0x22b4ce8*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0080.172] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.172] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0080.173] CoTaskMemFree (pv=0x548dc0) [0080.173] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.173] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0080.174] CoTaskMemFree (pv=0x548dc0) [0080.174] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e990000, lpmodinfo=0x22b6ee8, cb=0x18 | out: lpmodinfo=0x22b6ee8*(lpBaseOfDll=0x7ff86e990000, SizeOfImage=0xf6000, EntryPoint=0x7ff86e9c9590)) returned 1 [0080.174] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.174] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e990000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="FastProx.dll") returned 0xc [0080.175] CoTaskMemFree (pv=0x548dc0) [0080.175] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.175] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e990000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\FastProx.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0080.176] CoTaskMemFree (pv=0x548dc0) [0080.176] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x22b90a8, cb=0x18 | out: lpmodinfo=0x22b90a8*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0080.177] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.177] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0080.178] CoTaskMemFree (pv=0x548dc0) [0080.178] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.178] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0080.179] CoTaskMemFree (pv=0x548dc0) [0080.179] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x22bb250, cb=0x18 | out: lpmodinfo=0x22bb250*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0080.180] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.180] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0080.181] CoTaskMemFree (pv=0x548dc0) [0080.181] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.181] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0080.182] CoTaskMemFree (pv=0x548dc0) [0080.182] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x22bd3f8, cb=0x18 | out: lpmodinfo=0x22bd3f8*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0080.183] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.183] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0080.184] CoTaskMemFree (pv=0x548dc0) [0080.184] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.184] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0080.185] CoTaskMemFree (pv=0x548dc0) [0080.185] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e590000, lpmodinfo=0x22bf668, cb=0x18 | out: lpmodinfo=0x22bf668*(lpBaseOfDll=0x7ff86e590000, SizeOfImage=0x16000, EntryPoint=0x7ff86e5955e0)) returned 1 [0080.186] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.186] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e590000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="NCObjAPI.DLL") returned 0xc [0080.188] CoTaskMemFree (pv=0x548dc0) [0080.188] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.188] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e590000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NCObjAPI.DLL" (normalized: "c:\\windows\\system32\\ncobjapi.dll")) returned 0x20 [0080.189] CoTaskMemFree (pv=0x548dc0) [0080.189] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870c70000, lpmodinfo=0x22c1820, cb=0x18 | out: lpmodinfo=0x22c1820*(lpBaseOfDll=0x7ff870c70000, SizeOfImage=0x7f000, EntryPoint=0x7ff870c87110)) returned 1 [0080.190] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.190] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870c70000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wbemcomn.dll") returned 0xc [0080.191] CoTaskMemFree (pv=0x548dc0) [0080.191] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.191] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870c70000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")) returned 0x20 [0080.193] CoTaskMemFree (pv=0x548dc0) [0080.193] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpmodinfo=0x22c39d8, cb=0x18 | out: lpmodinfo=0x22c39d8*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0080.194] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.194] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0080.196] CoTaskMemFree (pv=0x548dc0) [0080.196] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.196] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0080.197] CoTaskMemFree (pv=0x548dc0) [0080.197] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x22c5b80, cb=0x18 | out: lpmodinfo=0x22c5b80*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0080.198] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.198] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0080.200] CoTaskMemFree (pv=0x548dc0) [0080.200] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.200] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0080.201] CoTaskMemFree (pv=0x548dc0) [0080.201] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x22c7d28, cb=0x18 | out: lpmodinfo=0x22c7d28*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0080.220] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.220] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0080.221] CoTaskMemFree (pv=0x548dc0) [0080.221] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.221] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0080.223] CoTaskMemFree (pv=0x548dc0) [0080.223] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x22c9ed0, cb=0x18 | out: lpmodinfo=0x22c9ed0*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0080.224] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.224] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0080.226] CoTaskMemFree (pv=0x548dc0) [0080.226] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.226] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0080.227] CoTaskMemFree (pv=0x548dc0) [0080.227] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x22cc088, cb=0x18 | out: lpmodinfo=0x22cc088*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0080.229] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.229] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0080.231] CoTaskMemFree (pv=0x548dc0) [0080.231] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.231] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0080.233] CoTaskMemFree (pv=0x548dc0) [0080.233] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x22ce230, cb=0x18 | out: lpmodinfo=0x22ce230*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0080.235] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.235] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0080.237] CoTaskMemFree (pv=0x548dc0) [0080.237] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.237] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0080.239] CoTaskMemFree (pv=0x548dc0) [0080.239] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x22d04f0, cb=0x18 | out: lpmodinfo=0x22d04f0*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0080.240] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.240] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0080.242] CoTaskMemFree (pv=0x548dc0) [0080.242] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.242] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0080.244] CoTaskMemFree (pv=0x548dc0) [0080.244] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x22d26b8, cb=0x18 | out: lpmodinfo=0x22d26b8*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0080.246] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.246] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0080.249] CoTaskMemFree (pv=0x548dc0) [0080.249] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.249] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0080.251] CoTaskMemFree (pv=0x548dc0) [0080.251] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86efa0000, lpmodinfo=0x22d4860, cb=0x18 | out: lpmodinfo=0x22d4860*(lpBaseOfDll=0x7ff86efa0000, SizeOfImage=0x11000, EntryPoint=0x7ff86efa2fc0)) returned 1 [0080.253] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.253] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86efa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0080.255] CoTaskMemFree (pv=0x548dc0) [0080.255] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.255] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86efa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0080.282] CoTaskMemFree (pv=0x548dc0) [0080.282] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x22d6a20, cb=0x18 | out: lpmodinfo=0x22d6a20*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0080.284] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.284] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0080.286] CoTaskMemFree (pv=0x548dc0) [0080.286] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.286] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0080.288] CoTaskMemFree (pv=0x548dc0) [0080.288] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e970000, lpmodinfo=0x22d8bd8, cb=0x18 | out: lpmodinfo=0x22d8bd8*(lpBaseOfDll=0x7ff86e970000, SizeOfImage=0x14000, EntryPoint=0x7ff86e971800)) returned 1 [0080.290] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.290] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e970000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0080.292] CoTaskMemFree (pv=0x548dc0) [0080.292] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.292] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e970000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0080.294] CoTaskMemFree (pv=0x548dc0) [0080.294] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e940000, lpmodinfo=0x22dad90, cb=0x18 | out: lpmodinfo=0x22dad90*(lpBaseOfDll=0x7ff86e940000, SizeOfImage=0x25000, EntryPoint=0x7ff86e949900)) returned 1 [0080.296] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.296] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e940000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wmiutils.dll") returned 0xc [0080.298] CoTaskMemFree (pv=0x548dc0) [0080.299] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.299] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e940000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")) returned 0x25 [0080.301] CoTaskMemFree (pv=0x548dc0) [0080.301] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff866340000, lpmodinfo=0x22dcf50, cb=0x18 | out: lpmodinfo=0x22dcf50*(lpBaseOfDll=0x7ff866340000, SizeOfImage=0x1cf000, EntryPoint=0x7ff866367df0)) returned 1 [0080.303] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.303] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff866340000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="cimwin32.dll") returned 0xc [0080.305] CoTaskMemFree (pv=0x548dc0) [0080.305] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.305] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff866340000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll")) returned 0x25 [0080.308] CoTaskMemFree (pv=0x548dc0) [0080.308] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x22df110, cb=0x18 | out: lpmodinfo=0x22df110*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0080.310] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.310] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0080.312] CoTaskMemFree (pv=0x548dc0) [0080.312] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.312] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0080.315] CoTaskMemFree (pv=0x548dc0) [0080.315] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8755b0000, lpmodinfo=0x22e12c8, cb=0x18 | out: lpmodinfo=0x22e12c8*(lpBaseOfDll=0x7ff8755b0000, SizeOfImage=0x4e000, EntryPoint=0x7ff8755c1ce0)) returned 1 [0080.322] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.322] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8755b0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="framedynos.dll") returned 0xe [0080.324] CoTaskMemFree (pv=0x548dc0) [0080.324] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.324] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8755b0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")) returned 0x22 [0080.327] CoTaskMemFree (pv=0x548dc0) [0080.327] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x22e3480, cb=0x18 | out: lpmodinfo=0x22e3480*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0080.329] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.329] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0080.332] CoTaskMemFree (pv=0x548dc0) [0080.332] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.332] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0080.334] CoTaskMemFree (pv=0x548dc0) [0080.334] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpmodinfo=0x22e5628, cb=0x18 | out: lpmodinfo=0x22e5628*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0080.337] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.337] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0080.339] CoTaskMemFree (pv=0x548dc0) [0080.339] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.339] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0080.342] CoTaskMemFree (pv=0x548dc0) [0080.342] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpmodinfo=0x22e77e0, cb=0x18 | out: lpmodinfo=0x22e77e0*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0080.348] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.348] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0080.352] CoTaskMemFree (pv=0x548dc0) [0080.352] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.352] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0080.355] CoTaskMemFree (pv=0x548dc0) [0080.355] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpmodinfo=0x22e9988, cb=0x18 | out: lpmodinfo=0x22e9988*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0080.404] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.404] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0080.408] CoTaskMemFree (pv=0x548dc0) [0080.408] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.408] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0080.411] CoTaskMemFree (pv=0x548dc0) [0080.411] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x22ebb30, cb=0x18 | out: lpmodinfo=0x22ebb30*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0080.414] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.414] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0080.417] CoTaskMemFree (pv=0x548dc0) [0080.417] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.417] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0080.423] CoTaskMemFree (pv=0x548dc0) [0080.423] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d0a0000, lpmodinfo=0x22edce8, cb=0x18 | out: lpmodinfo=0x22edce8*(lpBaseOfDll=0x7ff87d0a0000, SizeOfImage=0x17000, EntryPoint=0x7ff87d0a1390)) returned 1 [0080.426] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.426] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d0a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="NETAPI32.DLL") returned 0xc [0080.429] CoTaskMemFree (pv=0x548dc0) [0080.429] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.429] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d0a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NETAPI32.DLL" (normalized: "c:\\windows\\system32\\netapi32.dll")) returned 0x20 [0080.432] CoTaskMemFree (pv=0x548dc0) [0080.432] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875a10000, lpmodinfo=0x22efea0, cb=0x18 | out: lpmodinfo=0x22efea0*(lpBaseOfDll=0x7ff875a10000, SizeOfImage=0x19000, EntryPoint=0x7ff875a14520)) returned 1 [0080.435] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.435] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875a10000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SAMCLI.DLL") returned 0xa [0080.438] CoTaskMemFree (pv=0x548dc0) [0080.438] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.438] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875a10000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SAMCLI.DLL" (normalized: "c:\\windows\\system32\\samcli.dll")) returned 0x1e [0080.441] CoTaskMemFree (pv=0x548dc0) [0080.441] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86d070000, lpmodinfo=0x22f2260, cb=0x18 | out: lpmodinfo=0x22f2260*(lpBaseOfDll=0x7ff86d070000, SizeOfImage=0x26000, EntryPoint=0x7ff86d071cf0)) returned 1 [0080.446] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.446] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86d070000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SRVCLI.DLL") returned 0xa [0080.449] CoTaskMemFree (pv=0x548dc0) [0080.449] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.449] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86d070000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SRVCLI.DLL" (normalized: "c:\\windows\\system32\\srvcli.dll")) returned 0x1e [0080.453] CoTaskMemFree (pv=0x548dc0) [0080.453] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpmodinfo=0x22f4408, cb=0x18 | out: lpmodinfo=0x22f4408*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0080.457] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.457] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="NETUTILS.DLL") returned 0xc [0080.461] CoTaskMemFree (pv=0x548dc0) [0080.461] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.461] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NETUTILS.DLL" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0080.464] CoTaskMemFree (pv=0x548dc0) [0080.464] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878510000, lpmodinfo=0x22f65c0, cb=0x18 | out: lpmodinfo=0x22f65c0*(lpBaseOfDll=0x7ff878510000, SizeOfImage=0x3e000, EntryPoint=0x7ff87851a050)) returned 1 [0080.467] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.467] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878510000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="LOGONCLI.DLL") returned 0xc [0080.470] CoTaskMemFree (pv=0x548dc0) [0080.471] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.471] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878510000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\LOGONCLI.DLL" (normalized: "c:\\windows\\system32\\logoncli.dll")) returned 0x20 [0080.474] CoTaskMemFree (pv=0x548dc0) [0080.474] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8617b0000, lpmodinfo=0x22f8778, cb=0x18 | out: lpmodinfo=0x22f8778*(lpBaseOfDll=0x7ff8617b0000, SizeOfImage=0x14000, EntryPoint=0x7ff8617b1310)) returned 1 [0080.477] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.477] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8617b0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="BROWCLI.DLL") returned 0xb [0080.482] CoTaskMemFree (pv=0x548dc0) [0080.482] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.482] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8617b0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\BROWCLI.DLL" (normalized: "c:\\windows\\system32\\browcli.dll")) returned 0x1f [0080.489] CoTaskMemFree (pv=0x548dc0) [0080.489] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c5a0000, lpmodinfo=0x22fa920, cb=0x18 | out: lpmodinfo=0x22fa920*(lpBaseOfDll=0x7ff86c5a0000, SizeOfImage=0xb000, EntryPoint=0x7ff86c5a12b0)) returned 1 [0080.492] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.492] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c5a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SCHEDCLI.DLL") returned 0xc [0080.496] CoTaskMemFree (pv=0x548dc0) [0080.496] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.496] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c5a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SCHEDCLI.DLL" (normalized: "c:\\windows\\system32\\schedcli.dll")) returned 0x20 [0080.499] CoTaskMemFree (pv=0x548dc0) [0080.499] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875230000, lpmodinfo=0x22fcad8, cb=0x18 | out: lpmodinfo=0x22fcad8*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff875231b60)) returned 1 [0080.503] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.503] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875230000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WKSCLI.DLL") returned 0xa [0080.506] CoTaskMemFree (pv=0x548dc0) [0080.506] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.506] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875230000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WKSCLI.DLL" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0080.510] CoTaskMemFree (pv=0x548dc0) [0080.510] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8786a0000, lpmodinfo=0x22fec80, cb=0x18 | out: lpmodinfo=0x22fec80*(lpBaseOfDll=0x7ff8786a0000, SizeOfImage=0xa000, EntryPoint=0x7ff8786a1660)) returned 1 [0080.513] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.513] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8786a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="DSROLE.DLL") returned 0xa [0080.517] CoTaskMemFree (pv=0x548dc0) [0080.517] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.517] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8786a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DSROLE.DLL" (normalized: "c:\\windows\\system32\\dsrole.dll")) returned 0x1e [0080.533] CoTaskMemFree (pv=0x548dc0) [0080.533] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8615e0000, lpmodinfo=0x2300e28, cb=0x18 | out: lpmodinfo=0x2300e28*(lpBaseOfDll=0x7ff8615e0000, SizeOfImage=0xe000, EntryPoint=0x7ff8615e1da0)) returned 1 [0080.537] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.537] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8615e0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="winbrand.dll") returned 0xc [0080.541] CoTaskMemFree (pv=0x548dc0) [0080.541] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.541] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8615e0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll")) returned 0x20 [0080.544] CoTaskMemFree (pv=0x548dc0) [0080.544] GetModuleInformation (in: hProcess=0x25c, hModule=0x180000000, lpmodinfo=0x2302fe0, cb=0x18 | out: lpmodinfo=0x2302fe0*(lpBaseOfDll=0x180000000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0080.551] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.552] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x180000000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SECURITY.DLL") returned 0xc [0080.555] CoTaskMemFree (pv=0x548dc0) [0080.555] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.555] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x180000000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SECURITY.DLL" (normalized: "c:\\windows\\system32\\security.dll")) returned 0x20 [0080.559] CoTaskMemFree (pv=0x548dc0) [0080.559] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870dc0000, lpmodinfo=0x2305198, cb=0x18 | out: lpmodinfo=0x2305198*(lpBaseOfDll=0x7ff870dc0000, SizeOfImage=0xc000, EntryPoint=0x7ff870dc35c0)) returned 1 [0080.564] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.564] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870dc0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SECUR32.DLL") returned 0xb [0080.568] CoTaskMemFree (pv=0x548dc0) [0080.568] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.568] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870dc0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SECUR32.DLL" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0080.604] CoTaskMemFree (pv=0x548dc0) [0080.604] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bb10000, lpmodinfo=0x2307340, cb=0x18 | out: lpmodinfo=0x2307340*(lpBaseOfDll=0x7ff87bb10000, SizeOfImage=0x7a000, EntryPoint=0x7ff87bb31a50)) returned 1 [0080.607] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.607] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bb10000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0080.611] CoTaskMemFree (pv=0x548dc0) [0080.611] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.611] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bb10000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0080.620] CoTaskMemFree (pv=0x548dc0) [0080.620] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d170000, lpmodinfo=0x23094f8, cb=0x18 | out: lpmodinfo=0x23094f8*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0080.624] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.624] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0080.629] CoTaskMemFree (pv=0x548dc0) [0080.629] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.629] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0080.633] CoTaskMemFree (pv=0x548dc0) [0080.633] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpmodinfo=0x230b6a0, cb=0x18 | out: lpmodinfo=0x230b6a0*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0080.643] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.643] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0080.715] CoTaskMemFree (pv=0x548dc0) [0080.716] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.716] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0080.720] CoTaskMemFree (pv=0x548dc0) [0080.720] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8744b0000, lpmodinfo=0x230d848, cb=0x18 | out: lpmodinfo=0x230d848*(lpBaseOfDll=0x7ff8744b0000, SizeOfImage=0x12000, EntryPoint=0x7ff8744b3580)) returned 1 [0080.724] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.724] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8744b0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="cscapi.dll") returned 0xa [0080.728] CoTaskMemFree (pv=0x548dc0) [0080.728] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.728] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8744b0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")) returned 0x1e [0080.732] CoTaskMemFree (pv=0x548dc0) [0080.732] CloseHandle (hObject=0x25c) returned 1 [0080.733] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0080.733] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9e0) returned 0x25c [0080.733] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2310e28, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2310e28, lpcbNeeded=0x14ef68) returned 1 [0080.734] GetModuleInformation (in: hProcess=0x25c, hModule=0x860000, lpmodinfo=0x2311098, cb=0x18 | out: lpmodinfo=0x2311098*(lpBaseOfDll=0x860000, SizeOfImage=0x17000, EntryPoint=0x8614a1)) returned 1 [0080.734] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.734] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x860000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="material_sing.exe") returned 0x11 [0080.734] CoTaskMemFree (pv=0x548dc0) [0080.734] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.734] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x860000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Reference Assemblies\\material_sing.exe" (normalized: "c:\\program files\\reference assemblies\\material_sing.exe")) returned 0x37 [0080.735] CoTaskMemFree (pv=0x548dc0) [0080.735] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x23132b8, cb=0x18 | out: lpmodinfo=0x23132b8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0080.735] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.735] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0080.736] CoTaskMemFree (pv=0x548dc0) [0080.736] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.736] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0080.736] CoTaskMemFree (pv=0x548dc0) [0080.736] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2315460, cb=0x18 | out: lpmodinfo=0x2315460*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0080.737] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.737] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0080.738] CoTaskMemFree (pv=0x548dc0) [0080.738] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.738] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0080.738] CoTaskMemFree (pv=0x548dc0) [0080.738] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2317608, cb=0x18 | out: lpmodinfo=0x2317608*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0080.739] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.739] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0080.740] CoTaskMemFree (pv=0x548dc0) [0080.740] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.740] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0080.740] CoTaskMemFree (pv=0x548dc0) [0080.741] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x23197c0, cb=0x18 | out: lpmodinfo=0x23197c0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0080.741] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.741] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0080.742] CoTaskMemFree (pv=0x548dc0) [0080.742] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.742] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0080.743] CoTaskMemFree (pv=0x548dc0) [0080.743] CloseHandle (hObject=0x25c) returned 1 [0080.743] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0080.743] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdc4) returned 0x25c [0080.743] EnumProcessModules (in: hProcess=0x25c, lphModule=0x231bf98, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x231bf98, lpcbNeeded=0x14ef68) returned 1 [0080.755] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff791330000, lpmodinfo=0x231c208, cb=0x18 | out: lpmodinfo=0x231c208*(lpBaseOfDll=0x7ff791330000, SizeOfImage=0x2f000, EntryPoint=0x7ff791345d50)) returned 1 [0080.816] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.816] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff791330000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WMIADAP.EXE") returned 0xb [0080.816] CoTaskMemFree (pv=0x548dc0) [0080.817] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.817] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff791330000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="\\\\?\\C:\\Windows\\system32\\wbem\\WMIADAP.EXE" (normalized: "c:\\windows\\system32\\wbem\\wmiadap.exe")) returned 0x28 [0080.817] CoTaskMemFree (pv=0x548dc0) [0080.817] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x231e468, cb=0x18 | out: lpmodinfo=0x231e468*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0080.818] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.818] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0080.819] CoTaskMemFree (pv=0x548dc0) [0080.819] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.819] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0080.819] CoTaskMemFree (pv=0x548dc0) [0080.819] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x2320610, cb=0x18 | out: lpmodinfo=0x2320610*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0080.820] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.820] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0080.821] CoTaskMemFree (pv=0x548dc0) [0080.821] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.821] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0080.822] CoTaskMemFree (pv=0x548dc0) [0080.822] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x23227c8, cb=0x18 | out: lpmodinfo=0x23227c8*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0080.822] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.823] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0080.824] CoTaskMemFree (pv=0x548dc0) [0080.824] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.824] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0080.825] CoTaskMemFree (pv=0x548dc0) [0080.825] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x2324980, cb=0x18 | out: lpmodinfo=0x2324980*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0080.826] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.826] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0080.827] CoTaskMemFree (pv=0x548dc0) [0080.827] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.827] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0080.828] CoTaskMemFree (pv=0x548dc0) [0080.828] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x2326b80, cb=0x18 | out: lpmodinfo=0x2326b80*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0080.829] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.829] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0080.830] CoTaskMemFree (pv=0x548dc0) [0080.830] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.830] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0080.831] CoTaskMemFree (pv=0x548dc0) [0080.831] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x2328d28, cb=0x18 | out: lpmodinfo=0x2328d28*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0080.832] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.832] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0080.834] CoTaskMemFree (pv=0x548dc0) [0080.834] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.834] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0080.835] CoTaskMemFree (pv=0x548dc0) [0080.835] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x232aed0, cb=0x18 | out: lpmodinfo=0x232aed0*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0080.836] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.836] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0080.837] CoTaskMemFree (pv=0x548dc0) [0080.837] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.837] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0080.839] CoTaskMemFree (pv=0x548dc0) [0080.839] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x232d0a8, cb=0x18 | out: lpmodinfo=0x232d0a8*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0080.840] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.840] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0080.841] CoTaskMemFree (pv=0x548dc0) [0080.841] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.841] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0080.842] CoTaskMemFree (pv=0x548dc0) [0080.842] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870c70000, lpmodinfo=0x232f2e8, cb=0x18 | out: lpmodinfo=0x232f2e8*(lpBaseOfDll=0x7ff870c70000, SizeOfImage=0x7f000, EntryPoint=0x7ff870c87110)) returned 1 [0080.844] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.844] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870c70000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wbemcomn.dll") returned 0xc [0080.845] CoTaskMemFree (pv=0x548dc0) [0080.845] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.845] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870c70000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")) returned 0x20 [0080.847] CoTaskMemFree (pv=0x548dc0) [0080.847] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpmodinfo=0x23314a0, cb=0x18 | out: lpmodinfo=0x23314a0*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0080.848] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.848] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0080.850] CoTaskMemFree (pv=0x548dc0) [0080.850] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.850] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0080.901] CoTaskMemFree (pv=0x548dc0) [0080.901] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875cf0000, lpmodinfo=0x2333648, cb=0x18 | out: lpmodinfo=0x2333648*(lpBaseOfDll=0x7ff875cf0000, SizeOfImage=0x25000, EntryPoint=0x7ff875cfb320)) returned 1 [0080.903] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.903] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875cf0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="loadperf.dll") returned 0xc [0080.905] CoTaskMemFree (pv=0x548dc0) [0080.905] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.905] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875cf0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\loadperf.dll" (normalized: "c:\\windows\\system32\\loadperf.dll")) returned 0x20 [0080.906] CoTaskMemFree (pv=0x548dc0) [0080.906] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x2335800, cb=0x18 | out: lpmodinfo=0x2335800*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0080.908] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.908] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0080.910] CoTaskMemFree (pv=0x548dc0) [0080.910] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.910] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0080.912] CoTaskMemFree (pv=0x548dc0) [0080.912] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x23379a8, cb=0x18 | out: lpmodinfo=0x23379a8*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0080.914] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.914] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0080.916] CoTaskMemFree (pv=0x548dc0) [0080.916] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.916] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0080.918] CoTaskMemFree (pv=0x548dc0) [0080.918] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x2339b50, cb=0x18 | out: lpmodinfo=0x2339b50*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0080.920] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.920] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0080.922] CoTaskMemFree (pv=0x548dc0) [0080.922] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.922] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0080.924] CoTaskMemFree (pv=0x548dc0) [0080.925] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x233bcf8, cb=0x18 | out: lpmodinfo=0x233bcf8*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0080.927] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.927] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0080.929] CoTaskMemFree (pv=0x548dc0) [0080.929] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.929] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0080.931] CoTaskMemFree (pv=0x548dc0) [0080.931] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x233dec0, cb=0x18 | out: lpmodinfo=0x233dec0*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0080.933] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.933] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0080.936] CoTaskMemFree (pv=0x548dc0) [0080.936] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.936] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0080.986] CoTaskMemFree (pv=0x548dc0) [0080.986] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86efa0000, lpmodinfo=0x2340180, cb=0x18 | out: lpmodinfo=0x2340180*(lpBaseOfDll=0x7ff86efa0000, SizeOfImage=0x11000, EntryPoint=0x7ff86efa2fc0)) returned 1 [0080.988] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.988] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86efa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0080.990] CoTaskMemFree (pv=0x548dc0) [0080.990] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.990] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86efa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0080.993] CoTaskMemFree (pv=0x548dc0) [0080.993] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x2342340, cb=0x18 | out: lpmodinfo=0x2342340*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0080.994] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.994] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0080.996] CoTaskMemFree (pv=0x548dc0) [0080.996] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0080.996] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0080.999] CoTaskMemFree (pv=0x548dc0) [0080.999] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e970000, lpmodinfo=0x23444f8, cb=0x18 | out: lpmodinfo=0x23444f8*(lpBaseOfDll=0x7ff86e970000, SizeOfImage=0x14000, EntryPoint=0x7ff86e971800)) returned 1 [0081.000] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.000] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e970000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0081.002] CoTaskMemFree (pv=0x548dc0) [0081.002] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.002] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e970000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0081.004] CoTaskMemFree (pv=0x548dc0) [0081.004] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e990000, lpmodinfo=0x23466b0, cb=0x18 | out: lpmodinfo=0x23466b0*(lpBaseOfDll=0x7ff86e990000, SizeOfImage=0xf6000, EntryPoint=0x7ff86e9c9590)) returned 1 [0081.006] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.006] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e990000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="fastprox.dll") returned 0xc [0081.008] CoTaskMemFree (pv=0x548dc0) [0081.008] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.008] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e990000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0081.010] CoTaskMemFree (pv=0x548dc0) [0081.010] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87eec0000, lpmodinfo=0x2348870, cb=0x18 | out: lpmodinfo=0x2348870*(lpBaseOfDll=0x7ff87eec0000, SizeOfImage=0x8000, EntryPoint=0x7ff87eec10b0)) returned 1 [0081.012] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.012] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87eec0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="PSAPI.DLL") returned 0x9 [0081.015] CoTaskMemFree (pv=0x548dc0) [0081.015] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.015] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87eec0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PSAPI.DLL" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0081.017] CoTaskMemFree (pv=0x548dc0) [0081.017] CloseHandle (hObject=0x25c) returned 1 [0081.017] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0081.017] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1004) returned 0x25c [0081.018] EnumProcessModules (in: hProcess=0x25c, lphModule=0x234b5b8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x234b5b8, lpcbNeeded=0x14ef68) returned 1 [0081.018] GetModuleInformation (in: hProcess=0x25c, hModule=0x1360000, lpmodinfo=0x234b828, cb=0x18 | out: lpmodinfo=0x234b828*(lpBaseOfDll=0x1360000, SizeOfImage=0x17000, EntryPoint=0x13614a1)) returned 1 [0081.022] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.023] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x1360000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="flashfxp.exe") returned 0xc [0081.023] CoTaskMemFree (pv=0x548dc0) [0081.023] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.023] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x1360000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Common Files\\flashfxp.exe" (normalized: "c:\\program files (x86)\\common files\\flashfxp.exe")) returned 0x30 [0081.023] CoTaskMemFree (pv=0x548dc0) [0081.023] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x234da38, cb=0x18 | out: lpmodinfo=0x234da38*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0081.024] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.024] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0081.024] CoTaskMemFree (pv=0x548dc0) [0081.024] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.024] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0081.025] CoTaskMemFree (pv=0x548dc0) [0081.025] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x234fbe0, cb=0x18 | out: lpmodinfo=0x234fbe0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0081.026] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.026] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0081.026] CoTaskMemFree (pv=0x548dc0) [0081.026] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.026] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0081.027] CoTaskMemFree (pv=0x548dc0) [0081.027] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2351d88, cb=0x18 | out: lpmodinfo=0x2351d88*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0081.027] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.027] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0081.028] CoTaskMemFree (pv=0x548dc0) [0081.028] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.028] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0081.029] CoTaskMemFree (pv=0x548dc0) [0081.029] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x2353f40, cb=0x18 | out: lpmodinfo=0x2353f40*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0081.030] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.030] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0081.030] CoTaskMemFree (pv=0x548dc0) [0081.030] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.030] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0081.031] CoTaskMemFree (pv=0x548dc0) [0081.031] CloseHandle (hObject=0x25c) returned 1 [0081.032] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0081.032] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10d4) returned 0x25c [0081.032] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2356718, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2356718, lpcbNeeded=0x14ef68) returned 1 [0081.032] GetModuleInformation (in: hProcess=0x25c, hModule=0x8a0000, lpmodinfo=0x2356988, cb=0x18 | out: lpmodinfo=0x2356988*(lpBaseOfDll=0x8a0000, SizeOfImage=0x17000, EntryPoint=0x8a14a1)) returned 1 [0081.033] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.033] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x8a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="webdrive.exe") returned 0xc [0081.033] CoTaskMemFree (pv=0x548dc0) [0081.033] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.033] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x8a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\webdrive.exe" (normalized: "c:\\program files (x86)\\windows media player\\webdrive.exe")) returned 0x38 [0081.034] CoTaskMemFree (pv=0x548dc0) [0081.034] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2358ba8, cb=0x18 | out: lpmodinfo=0x2358ba8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0081.034] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.034] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0081.035] CoTaskMemFree (pv=0x548dc0) [0081.035] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.035] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0081.035] CoTaskMemFree (pv=0x548dc0) [0081.035] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x235ad50, cb=0x18 | out: lpmodinfo=0x235ad50*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0081.036] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.036] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0081.036] CoTaskMemFree (pv=0x548dc0) [0081.036] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.036] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0081.037] CoTaskMemFree (pv=0x548dc0) [0081.037] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x235cef8, cb=0x18 | out: lpmodinfo=0x235cef8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0081.038] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.038] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0081.038] CoTaskMemFree (pv=0x548dc0) [0081.038] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.038] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0081.039] CoTaskMemFree (pv=0x548dc0) [0081.039] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x235f0b0, cb=0x18 | out: lpmodinfo=0x235f0b0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0081.040] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.040] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0081.041] CoTaskMemFree (pv=0x548dc0) [0081.041] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.041] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0081.041] CoTaskMemFree (pv=0x548dc0) [0081.041] CloseHandle (hObject=0x25c) returned 1 [0081.042] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0081.042] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x118c) returned 0x25c [0081.042] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2361888, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2361888, lpcbNeeded=0x14ef68) returned 1 [0081.043] GetModuleInformation (in: hProcess=0x25c, hModule=0x200000, lpmodinfo=0x2361af8, cb=0x18 | out: lpmodinfo=0x2361af8*(lpBaseOfDll=0x200000, SizeOfImage=0x17000, EntryPoint=0x2014a1)) returned 1 [0081.043] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.043] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x200000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="spcwin.exe") returned 0xa [0081.044] CoTaskMemFree (pv=0x548dc0) [0081.044] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.044] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x200000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Multimedia Platform\\spcwin.exe" (normalized: "c:\\program files\\windows multimedia platform\\spcwin.exe")) returned 0x37 [0081.044] CoTaskMemFree (pv=0x548dc0) [0081.044] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2363d08, cb=0x18 | out: lpmodinfo=0x2363d08*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0081.045] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.045] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0081.045] CoTaskMemFree (pv=0x548dc0) [0081.045] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.045] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0081.046] CoTaskMemFree (pv=0x548dc0) [0081.046] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2365eb0, cb=0x18 | out: lpmodinfo=0x2365eb0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0081.046] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.046] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0081.047] CoTaskMemFree (pv=0x548dc0) [0081.047] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.047] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0081.048] CoTaskMemFree (pv=0x548dc0) [0081.048] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2368058, cb=0x18 | out: lpmodinfo=0x2368058*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0081.048] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.048] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0081.049] CoTaskMemFree (pv=0x548dc0) [0081.049] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.049] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0081.050] CoTaskMemFree (pv=0x548dc0) [0081.050] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x236a210, cb=0x18 | out: lpmodinfo=0x236a210*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0081.051] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.051] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0081.051] CoTaskMemFree (pv=0x548dc0) [0081.051] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.051] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0081.052] CoTaskMemFree (pv=0x548dc0) [0081.052] CloseHandle (hObject=0x25c) returned 1 [0081.053] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0081.053] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb44) returned 0x25c [0081.053] EnumProcessModules (in: hProcess=0x25c, lphModule=0x236c9e8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x236c9e8, lpcbNeeded=0x14ef68) returned 1 [0081.053] GetModuleInformation (in: hProcess=0x25c, hModule=0xd10000, lpmodinfo=0x236cc58, cb=0x18 | out: lpmodinfo=0x236cc58*(lpBaseOfDll=0xd10000, SizeOfImage=0x17000, EntryPoint=0xd114a1)) returned 1 [0081.054] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.054] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xd10000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="practice.exe") returned 0xc [0081.054] CoTaskMemFree (pv=0x548dc0) [0081.054] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.054] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xd10000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Office\\practice.exe" (normalized: "c:\\program files (x86)\\microsoft office\\practice.exe")) returned 0x34 [0081.055] CoTaskMemFree (pv=0x548dc0) [0081.055] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x236ee70, cb=0x18 | out: lpmodinfo=0x236ee70*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0081.055] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.055] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0081.056] CoTaskMemFree (pv=0x548dc0) [0081.056] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.056] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0081.056] CoTaskMemFree (pv=0x548dc0) [0081.056] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2371018, cb=0x18 | out: lpmodinfo=0x2371018*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0081.057] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.057] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0081.064] CoTaskMemFree (pv=0x548dc0) [0081.064] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.064] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0081.065] CoTaskMemFree (pv=0x548dc0) [0081.065] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x23731c0, cb=0x18 | out: lpmodinfo=0x23731c0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0081.066] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.066] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0081.066] CoTaskMemFree (pv=0x548dc0) [0081.066] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.066] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0081.067] CoTaskMemFree (pv=0x548dc0) [0081.067] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x2375378, cb=0x18 | out: lpmodinfo=0x2375378*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0081.068] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.068] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0081.069] CoTaskMemFree (pv=0x548dc0) [0081.069] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.069] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0081.069] CoTaskMemFree (pv=0x548dc0) [0081.069] CloseHandle (hObject=0x25c) returned 1 [0081.070] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0081.070] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xce8) returned 0x25c [0081.070] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2377b50, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2377b50, lpcbNeeded=0x14ef68) returned 1 [0081.074] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff6c3120000, lpmodinfo=0x2377dc0, cb=0x18 | out: lpmodinfo=0x2377dc0*(lpBaseOfDll=0x7ff6c3120000, SizeOfImage=0xf000, EntryPoint=0x7ff6c3121020)) returned 1 [0081.074] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.074] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff6c3120000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="HxTsr.exe") returned 0x9 [0081.075] CoTaskMemFree (pv=0x548dc0) [0081.075] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.075] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff6c3120000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\microsoft.windowscommunicationsapps_17.6308.42271.0_x64__8wekyb3d8bbwe\\HxTsr.exe" (normalized: "c:\\program files\\windowsapps\\microsoft.windowscommunicationsapps_17.6308.42271.0_x64__8wekyb3d8bbwe\\hxtsr.exe")) returned 0x6d [0081.075] CoTaskMemFree (pv=0x548dc0) [0081.075] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x237a040, cb=0x18 | out: lpmodinfo=0x237a040*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0081.076] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.076] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0081.076] CoTaskMemFree (pv=0x548dc0) [0081.076] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.076] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0081.077] CoTaskMemFree (pv=0x548dc0) [0081.077] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x237c1e8, cb=0x18 | out: lpmodinfo=0x237c1e8*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0081.077] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.077] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0081.078] CoTaskMemFree (pv=0x548dc0) [0081.078] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.078] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0081.079] CoTaskMemFree (pv=0x548dc0) [0081.079] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x237e3a0, cb=0x18 | out: lpmodinfo=0x237e3a0*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0081.079] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.079] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0081.080] CoTaskMemFree (pv=0x548dc0) [0081.080] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.080] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0081.082] CoTaskMemFree (pv=0x548dc0) [0081.082] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x2380558, cb=0x18 | out: lpmodinfo=0x2380558*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0081.082] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.082] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0081.083] CoTaskMemFree (pv=0x548dc0) [0081.083] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.083] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0081.084] CoTaskMemFree (pv=0x548dc0) [0081.084] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x2382758, cb=0x18 | out: lpmodinfo=0x2382758*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0081.085] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.085] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0081.086] CoTaskMemFree (pv=0x548dc0) [0081.086] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.086] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0081.086] CoTaskMemFree (pv=0x548dc0) [0081.086] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x2384900, cb=0x18 | out: lpmodinfo=0x2384900*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0081.087] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.087] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0081.088] CoTaskMemFree (pv=0x548dc0) [0081.088] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.088] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0081.089] CoTaskMemFree (pv=0x548dc0) [0081.089] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x2386aa8, cb=0x18 | out: lpmodinfo=0x2386aa8*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0081.090] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.090] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0081.091] CoTaskMemFree (pv=0x548dc0) [0081.091] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.091] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0081.092] CoTaskMemFree (pv=0x548dc0) [0081.092] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861ba0000, lpmodinfo=0x2388c80, cb=0x18 | out: lpmodinfo=0x2388c80*(lpBaseOfDll=0x7ff861ba0000, SizeOfImage=0x17000, EntryPoint=0x7ff861babed0)) returned 1 [0081.093] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.093] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861ba0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="VCRUNTIME140_APP.dll") returned 0x14 [0081.094] CoTaskMemFree (pv=0x548dc0) [0081.094] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.094] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861ba0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\VCRUNTIME140_APP.dll" (normalized: "c:\\program files\\windowsapps\\microsoft.vclibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\vcruntime140_app.dll")) returned 0x69 [0081.095] CoTaskMemFree (pv=0x548dc0) [0081.095] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b760000, lpmodinfo=0x238af70, cb=0x18 | out: lpmodinfo=0x238af70*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0081.096] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.097] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0081.098] CoTaskMemFree (pv=0x548dc0) [0081.098] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.098] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0081.100] CoTaskMemFree (pv=0x548dc0) [0081.100] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8608f0000, lpmodinfo=0x238d128, cb=0x18 | out: lpmodinfo=0x238d128*(lpBaseOfDll=0x7ff8608f0000, SizeOfImage=0x945000, EntryPoint=0x7ff8608f76d0)) returned 1 [0081.102] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.102] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8608f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="hxcomm.dll") returned 0xa [0081.103] CoTaskMemFree (pv=0x548dc0) [0081.103] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.103] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8608f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\microsoft.windowscommunicationsapps_17.6308.42271.0_x64__8wekyb3d8bbwe\\hxcomm.dll" (normalized: "c:\\program files\\windowsapps\\microsoft.windowscommunicationsapps_17.6308.42271.0_x64__8wekyb3d8bbwe\\hxcomm.dll")) returned 0x6e [0081.104] CoTaskMemFree (pv=0x548dc0) [0081.104] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x238f370, cb=0x18 | out: lpmodinfo=0x238f370*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0081.106] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.106] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0081.107] CoTaskMemFree (pv=0x548dc0) [0081.107] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.107] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0081.108] CoTaskMemFree (pv=0x548dc0) [0081.108] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x2391518, cb=0x18 | out: lpmodinfo=0x2391518*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0081.110] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.110] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0081.111] CoTaskMemFree (pv=0x548dc0) [0081.111] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.111] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0081.113] CoTaskMemFree (pv=0x548dc0) [0081.113] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x23936c0, cb=0x18 | out: lpmodinfo=0x23936c0*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0081.114] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.114] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0081.116] CoTaskMemFree (pv=0x548dc0) [0081.116] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.116] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0081.117] CoTaskMemFree (pv=0x548dc0) [0081.117] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861cb0000, lpmodinfo=0x2395878, cb=0x18 | out: lpmodinfo=0x2395878*(lpBaseOfDll=0x7ff861cb0000, SizeOfImage=0x5e000, EntryPoint=0x7ff861cda050)) returned 1 [0081.119] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.119] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861cb0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="vccorlib140_app.DLL") returned 0x13 [0081.120] CoTaskMemFree (pv=0x548dc0) [0081.120] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.120] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861cb0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\vccorlib140_app.DLL" (normalized: "c:\\program files\\windowsapps\\microsoft.vclibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\vccorlib140_app.dll")) returned 0x68 [0081.122] CoTaskMemFree (pv=0x548dc0) [0081.122] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861c10000, lpmodinfo=0x2397ac8, cb=0x18 | out: lpmodinfo=0x2397ac8*(lpBaseOfDll=0x7ff861c10000, SizeOfImage=0x98000, EntryPoint=0x7ff861c59390)) returned 1 [0081.123] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.124] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861c10000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="MSVCP140_APP.dll") returned 0x10 [0081.125] CoTaskMemFree (pv=0x548dc0) [0081.125] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.125] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861c10000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\MSVCP140_APP.dll" (normalized: "c:\\program files\\windowsapps\\microsoft.vclibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\msvcp140_app.dll")) returned 0x65 [0081.127] CoTaskMemFree (pv=0x548dc0) [0081.127] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861bc0000, lpmodinfo=0x2399d10, cb=0x18 | out: lpmodinfo=0x2399d10*(lpBaseOfDll=0x7ff861bc0000, SizeOfImage=0x4c000, EntryPoint=0x7ff861bea8c0)) returned 1 [0081.129] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.129] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861bc0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="CONCRT140_APP.dll") returned 0x11 [0081.130] CoTaskMemFree (pv=0x548dc0) [0081.130] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.130] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861bc0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\CONCRT140_APP.dll" (normalized: "c:\\program files\\windowsapps\\microsoft.vclibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\concrt140_app.dll")) returned 0x66 [0081.132] CoTaskMemFree (pv=0x548dc0) [0081.132] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8651c0000, lpmodinfo=0x239c070, cb=0x18 | out: lpmodinfo=0x239c070*(lpBaseOfDll=0x7ff8651c0000, SizeOfImage=0x2dc000, EntryPoint=0x7ff8651d87b0)) returned 1 [0081.144] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.144] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8651c0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="Mso20Imm.dll") returned 0xc [0081.146] CoTaskMemFree (pv=0x548dc0) [0081.146] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.146] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8651c0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\microsoft.windowscommunicationsapps_17.6308.42271.0_x64__8wekyb3d8bbwe\\Mso20Imm.dll" (normalized: "c:\\program files\\windowsapps\\microsoft.windowscommunicationsapps_17.6308.42271.0_x64__8wekyb3d8bbwe\\mso20imm.dll")) returned 0x70 [0081.148] CoTaskMemFree (pv=0x548dc0) [0081.148] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f5d0000, lpmodinfo=0x239e2c8, cb=0x18 | out: lpmodinfo=0x239e2c8*(lpBaseOfDll=0x7ff87f5d0000, SizeOfImage=0x6f000, EntryPoint=0x7ff87f5f5f70)) returned 1 [0081.151] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.151] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f5d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="coml2.dll") returned 0x9 [0081.153] CoTaskMemFree (pv=0x548dc0) [0081.153] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.153] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f5d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll")) returned 0x1d [0081.156] CoTaskMemFree (pv=0x548dc0) [0081.156] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x23a0470, cb=0x18 | out: lpmodinfo=0x23a0470*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0081.159] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.159] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0081.161] CoTaskMemFree (pv=0x548dc0) [0081.161] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.161] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0081.163] CoTaskMemFree (pv=0x548dc0) [0081.163] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpmodinfo=0x23a2638, cb=0x18 | out: lpmodinfo=0x23a2638*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0081.165] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.165] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0081.167] CoTaskMemFree (pv=0x548dc0) [0081.167] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.167] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0081.169] CoTaskMemFree (pv=0x548dc0) [0081.169] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x23a4800, cb=0x18 | out: lpmodinfo=0x23a4800*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0081.171] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.171] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0081.174] CoTaskMemFree (pv=0x548dc0) [0081.174] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.174] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0081.176] CoTaskMemFree (pv=0x548dc0) [0081.176] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff876870000, lpmodinfo=0x23a69a8, cb=0x18 | out: lpmodinfo=0x23a69a8*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0081.178] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.178] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff876870000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WinTypes.dll") returned 0xc [0081.188] CoTaskMemFree (pv=0x548dc0) [0081.188] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.189] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff876870000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0081.191] CoTaskMemFree (pv=0x548dc0) [0081.191] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x23a8b60, cb=0x18 | out: lpmodinfo=0x23a8b60*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0081.193] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.193] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0081.195] CoTaskMemFree (pv=0x548dc0) [0081.196] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.196] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0081.198] CoTaskMemFree (pv=0x548dc0) [0081.198] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x23aad08, cb=0x18 | out: lpmodinfo=0x23aad08*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0081.200] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.200] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0081.202] CoTaskMemFree (pv=0x548dc0) [0081.202] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.202] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0081.204] CoTaskMemFree (pv=0x548dc0) [0081.204] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpmodinfo=0x23aceb0, cb=0x18 | out: lpmodinfo=0x23aceb0*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0081.206] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.207] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0081.209] CoTaskMemFree (pv=0x548dc0) [0081.209] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.209] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0081.212] CoTaskMemFree (pv=0x548dc0) [0081.212] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff877aa0000, lpmodinfo=0x23af058, cb=0x18 | out: lpmodinfo=0x23af058*(lpBaseOfDll=0x7ff877aa0000, SizeOfImage=0x10e000, EntryPoint=0x7ff877aeeaa0)) returned 1 [0081.224] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.224] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff877aa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="mrmcorer.dll") returned 0xc [0081.227] CoTaskMemFree (pv=0x548dc0) [0081.227] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.227] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff877aa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mrmcorer.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")) returned 0x20 [0081.229] CoTaskMemFree (pv=0x548dc0) [0081.229] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879c90000, lpmodinfo=0x23b1210, cb=0x18 | out: lpmodinfo=0x23b1210*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0081.258] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.258] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0081.260] CoTaskMemFree (pv=0x548dc0) [0081.260] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.260] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0081.263] CoTaskMemFree (pv=0x548dc0) [0081.263] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878e40000, lpmodinfo=0x23b33c8, cb=0x18 | out: lpmodinfo=0x23b33c8*(lpBaseOfDll=0x7ff878e40000, SizeOfImage=0x33000, EntryPoint=0x7ff878e4d5a0)) returned 1 [0081.265] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.265] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878e40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="biwinrt.dll") returned 0xb [0081.268] CoTaskMemFree (pv=0x548dc0) [0081.268] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.268] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878e40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\biwinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll")) returned 0x1f [0081.271] CoTaskMemFree (pv=0x548dc0) [0081.271] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c060000, lpmodinfo=0x23b5570, cb=0x18 | out: lpmodinfo=0x23b5570*(lpBaseOfDll=0x7ff86c060000, SizeOfImage=0x55000, EntryPoint=0x7ff86c071250)) returned 1 [0081.273] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.273] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c060000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="Windows.Storage.ApplicationData.dll") returned 0x23 [0081.276] CoTaskMemFree (pv=0x548dc0) [0081.276] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.276] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c060000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll" (normalized: "c:\\windows\\system32\\windows.storage.applicationdata.dll")) returned 0x37 [0081.279] CoTaskMemFree (pv=0x548dc0) [0081.279] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878510000, lpmodinfo=0x23b7778, cb=0x18 | out: lpmodinfo=0x23b7778*(lpBaseOfDll=0x7ff878510000, SizeOfImage=0x3e000, EntryPoint=0x7ff87851a050)) returned 1 [0081.282] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.282] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878510000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="logoncli.dll") returned 0xc [0081.285] CoTaskMemFree (pv=0x548dc0) [0081.285] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.285] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878510000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")) returned 0x20 [0081.289] CoTaskMemFree (pv=0x548dc0) [0081.289] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c760000, lpmodinfo=0x23b9930, cb=0x18 | out: lpmodinfo=0x23b9930*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0081.443] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.443] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0081.446] CoTaskMemFree (pv=0x548dc0) [0081.447] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.447] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0081.450] CoTaskMemFree (pv=0x548dc0) [0081.450] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x23bbaf8, cb=0x18 | out: lpmodinfo=0x23bbaf8*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0081.452] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.452] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0081.455] CoTaskMemFree (pv=0x548dc0) [0081.455] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.455] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0081.459] CoTaskMemFree (pv=0x548dc0) [0081.459] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x23bdec8, cb=0x18 | out: lpmodinfo=0x23bdec8*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0081.461] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.461] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0081.464] CoTaskMemFree (pv=0x548dc0) [0081.464] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.464] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0081.468] CoTaskMemFree (pv=0x548dc0) [0081.468] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpmodinfo=0x23c0080, cb=0x18 | out: lpmodinfo=0x23c0080*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0081.471] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.471] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0081.474] CoTaskMemFree (pv=0x548dc0) [0081.474] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.474] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0081.477] CoTaskMemFree (pv=0x548dc0) [0081.477] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x23c2228, cb=0x18 | out: lpmodinfo=0x23c2228*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0081.488] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.488] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0081.491] CoTaskMemFree (pv=0x548dc0) [0081.491] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.491] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0081.494] CoTaskMemFree (pv=0x548dc0) [0081.494] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x23c43e0, cb=0x18 | out: lpmodinfo=0x23c43e0*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0081.498] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.498] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0081.501] CoTaskMemFree (pv=0x548dc0) [0081.501] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.501] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0081.504] CoTaskMemFree (pv=0x548dc0) [0081.504] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpmodinfo=0x23c6588, cb=0x18 | out: lpmodinfo=0x23c6588*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0081.509] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.509] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0081.512] CoTaskMemFree (pv=0x548dc0) [0081.512] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.512] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0081.515] CoTaskMemFree (pv=0x548dc0) [0081.516] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86a270000, lpmodinfo=0x23c8730, cb=0x18 | out: lpmodinfo=0x23c8730*(lpBaseOfDll=0x7ff86a270000, SizeOfImage=0x5f000, EntryPoint=0x7ff86a281560)) returned 1 [0081.628] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.628] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86a270000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="Windows.Graphics.dll") returned 0x14 [0081.631] CoTaskMemFree (pv=0x548dc0) [0081.631] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.631] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86a270000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Graphics.dll" (normalized: "c:\\windows\\system32\\windows.graphics.dll")) returned 0x28 [0081.635] CoTaskMemFree (pv=0x548dc0) [0081.635] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86a320000, lpmodinfo=0x23ca908, cb=0x18 | out: lpmodinfo=0x23ca908*(lpBaseOfDll=0x7ff86a320000, SizeOfImage=0x34000, EntryPoint=0x7ff86a325d00)) returned 1 [0081.638] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.638] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86a320000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="Windows.ApplicationModel.dll") returned 0x1c [0081.642] CoTaskMemFree (pv=0x548dc0) [0081.642] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.642] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86a320000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.ApplicationModel.dll" (normalized: "c:\\windows\\system32\\windows.applicationmodel.dll")) returned 0x30 [0081.646] CoTaskMemFree (pv=0x548dc0) [0081.646] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8779f0000, lpmodinfo=0x23ccb00, cb=0x18 | out: lpmodinfo=0x23ccb00*(lpBaseOfDll=0x7ff8779f0000, SizeOfImage=0xa9000, EntryPoint=0x7ff877a19010)) returned 1 [0081.649] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.649] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8779f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="Windows.UI.dll") returned 0xe [0081.653] CoTaskMemFree (pv=0x548dc0) [0081.653] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.653] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8779f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll")) returned 0x22 [0081.656] CoTaskMemFree (pv=0x548dc0) [0081.656] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a130000, lpmodinfo=0x23cecb8, cb=0x18 | out: lpmodinfo=0x23cecb8*(lpBaseOfDll=0x7ff87a130000, SizeOfImage=0x67000, EntryPoint=0x7ff87a14e710)) returned 1 [0081.660] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.660] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a130000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="Bcp47Langs.dll") returned 0xe [0081.667] CoTaskMemFree (pv=0x548dc0) [0081.667] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.667] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a130000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Bcp47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")) returned 0x22 [0081.671] CoTaskMemFree (pv=0x548dc0) [0081.671] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87af40000, lpmodinfo=0x23d0e70, cb=0x18 | out: lpmodinfo=0x23d0e70*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0081.675] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.675] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0081.679] CoTaskMemFree (pv=0x548dc0) [0081.679] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.679] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0081.684] CoTaskMemFree (pv=0x548dc0) [0081.684] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8751b0000, lpmodinfo=0x23d3018, cb=0x18 | out: lpmodinfo=0x23d3018*(lpBaseOfDll=0x7ff8751b0000, SizeOfImage=0x15000, EntryPoint=0x7ff8751b6430)) returned 1 [0081.688] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.688] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8751b0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="threadpoolwinrt.dll") returned 0x13 [0081.692] CoTaskMemFree (pv=0x548dc0) [0081.692] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.692] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8751b0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\threadpoolwinrt.dll" (normalized: "c:\\windows\\system32\\threadpoolwinrt.dll")) returned 0x27 [0081.696] CoTaskMemFree (pv=0x548dc0) [0081.696] CloseHandle (hObject=0x25c) returned 1 [0081.696] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0081.698] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xab0) returned 0x25c [0081.698] EnumProcessModules (in: hProcess=0x25c, lphModule=0x23d6510, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23d6510, lpcbNeeded=0x14ef68) returned 1 [0081.715] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff63a8f0000, lpmodinfo=0x23d6780, cb=0x18 | out: lpmodinfo=0x23d6780*(lpBaseOfDll=0x7ff63a8f0000, SizeOfImage=0x19000, EntryPoint=0x7ff63a8f59b0)) returned 1 [0081.715] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.715] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff63a8f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="taskhostw.exe") returned 0xd [0081.716] CoTaskMemFree (pv=0x548dc0) [0081.716] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.716] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff63a8f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe")) returned 0x21 [0081.716] CoTaskMemFree (pv=0x548dc0) [0081.716] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x23d8970, cb=0x18 | out: lpmodinfo=0x23d8970*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0081.716] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.716] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0081.717] CoTaskMemFree (pv=0x548dc0) [0081.717] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.717] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0081.718] CoTaskMemFree (pv=0x548dc0) [0081.718] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x23dab18, cb=0x18 | out: lpmodinfo=0x23dab18*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0081.718] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.718] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0081.719] CoTaskMemFree (pv=0x548dc0) [0081.719] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.719] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0081.719] CoTaskMemFree (pv=0x548dc0) [0081.719] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x23dccd0, cb=0x18 | out: lpmodinfo=0x23dccd0*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0081.720] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.720] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0081.720] CoTaskMemFree (pv=0x548dc0) [0081.721] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.721] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0081.721] CoTaskMemFree (pv=0x548dc0) [0081.721] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x23dee88, cb=0x18 | out: lpmodinfo=0x23dee88*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0081.722] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.722] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0081.723] CoTaskMemFree (pv=0x548dc0) [0081.723] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.723] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0081.723] CoTaskMemFree (pv=0x548dc0) [0081.723] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x23e1088, cb=0x18 | out: lpmodinfo=0x23e1088*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0081.724] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.724] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0081.725] CoTaskMemFree (pv=0x548dc0) [0081.725] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.725] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0081.726] CoTaskMemFree (pv=0x548dc0) [0081.726] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x23e3230, cb=0x18 | out: lpmodinfo=0x23e3230*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0081.727] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.727] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0081.728] CoTaskMemFree (pv=0x548dc0) [0081.728] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.728] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0081.729] CoTaskMemFree (pv=0x548dc0) [0081.729] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x23e53d8, cb=0x18 | out: lpmodinfo=0x23e53d8*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0081.729] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.729] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0081.730] CoTaskMemFree (pv=0x548dc0) [0081.730] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.730] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0081.731] CoTaskMemFree (pv=0x548dc0) [0081.731] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x23e75b0, cb=0x18 | out: lpmodinfo=0x23e75b0*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0081.732] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.732] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0081.733] CoTaskMemFree (pv=0x548dc0) [0081.733] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.733] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0081.734] CoTaskMemFree (pv=0x548dc0) [0081.734] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x23e9800, cb=0x18 | out: lpmodinfo=0x23e9800*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0081.736] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.736] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0081.737] CoTaskMemFree (pv=0x548dc0) [0081.737] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.737] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0081.738] CoTaskMemFree (pv=0x548dc0) [0081.738] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x23eb9c8, cb=0x18 | out: lpmodinfo=0x23eb9c8*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0081.739] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.739] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0081.744] CoTaskMemFree (pv=0x548dc0) [0081.744] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.744] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0081.746] CoTaskMemFree (pv=0x548dc0) [0081.746] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x23edb70, cb=0x18 | out: lpmodinfo=0x23edb70*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0081.747] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.747] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0081.748] CoTaskMemFree (pv=0x548dc0) [0081.748] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.748] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0081.749] CoTaskMemFree (pv=0x548dc0) [0081.750] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x23efd18, cb=0x18 | out: lpmodinfo=0x23efd18*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0081.751] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.751] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0081.758] CoTaskMemFree (pv=0x548dc0) [0081.758] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.758] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0081.760] CoTaskMemFree (pv=0x548dc0) [0081.760] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpmodinfo=0x23f1ec0, cb=0x18 | out: lpmodinfo=0x23f1ec0*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0081.761] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.761] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0081.762] CoTaskMemFree (pv=0x548dc0) [0081.763] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.763] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0081.764] CoTaskMemFree (pv=0x548dc0) [0081.764] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87af40000, lpmodinfo=0x23f4068, cb=0x18 | out: lpmodinfo=0x23f4068*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0081.766] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.766] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0081.767] CoTaskMemFree (pv=0x548dc0) [0081.767] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.767] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0081.769] CoTaskMemFree (pv=0x548dc0) [0081.769] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fbb0000, lpmodinfo=0x23f6210, cb=0x18 | out: lpmodinfo=0x23f6210*(lpBaseOfDll=0x7ff87fbb0000, SizeOfImage=0x15a000, EntryPoint=0x7ff87fbf38e0)) returned 1 [0081.770] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.770] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fbb0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0081.772] CoTaskMemFree (pv=0x548dc0) [0081.772] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.772] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fbb0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0081.774] CoTaskMemFree (pv=0x548dc0) [0081.774] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a590000, lpmodinfo=0x23f83b8, cb=0x18 | out: lpmodinfo=0x23f83b8*(lpBaseOfDll=0x7ff87a590000, SizeOfImage=0x22000, EntryPoint=0x7ff87a591a40)) returned 1 [0081.775] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.775] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a590000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0081.777] CoTaskMemFree (pv=0x548dc0) [0081.777] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.777] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a590000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0081.779] CoTaskMemFree (pv=0x548dc0) [0081.779] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x23fa678, cb=0x18 | out: lpmodinfo=0x23fa678*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0081.780] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.780] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0081.782] CoTaskMemFree (pv=0x548dc0) [0081.782] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.782] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0081.784] CoTaskMemFree (pv=0x548dc0) [0081.784] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff867d00000, lpmodinfo=0x23fc820, cb=0x18 | out: lpmodinfo=0x23fc820*(lpBaseOfDll=0x7ff867d00000, SizeOfImage=0x1f000, EntryPoint=0x7ff867d0dde0)) returned 1 [0081.786] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.786] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff867d00000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="DeviceDirectoryClient.dll") returned 0x19 [0081.790] CoTaskMemFree (pv=0x548dc0) [0081.790] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.790] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff867d00000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DeviceDirectoryClient.dll" (normalized: "c:\\windows\\system32\\devicedirectoryclient.dll")) returned 0x2d [0081.792] CoTaskMemFree (pv=0x548dc0) [0081.792] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x23fea08, cb=0x18 | out: lpmodinfo=0x23fea08*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0081.794] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.794] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="") returned 0x0 [0081.814] CoTaskMemFree (pv=0x548dc0) [0081.814] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.819] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x2400100, cb=0x18 | out: lpmodinfo=0x2400100*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.819] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.820] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff863b90000, lpmodinfo=0x2400798, cb=0x18 | out: lpmodinfo=0x2400798*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.821] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.822] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d170000, lpmodinfo=0x2400e30, cb=0x18 | out: lpmodinfo=0x2400e30*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.822] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.823] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpmodinfo=0x24014c8, cb=0x18 | out: lpmodinfo=0x24014c8*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.823] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.824] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875a10000, lpmodinfo=0x2401b60, cb=0x18 | out: lpmodinfo=0x2401b60*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.824] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.825] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpmodinfo=0x24021f8, cb=0x18 | out: lpmodinfo=0x24021f8*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.826] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.827] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpmodinfo=0x2402890, cb=0x18 | out: lpmodinfo=0x2402890*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.827] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.827] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878b20000, lpmodinfo=0x2402f28, cb=0x18 | out: lpmodinfo=0x2402f28*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.828] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.829] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpmodinfo=0x24035c0, cb=0x18 | out: lpmodinfo=0x24035c0*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.829] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.830] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f430000, lpmodinfo=0x2403c58, cb=0x18 | out: lpmodinfo=0x2403c58*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.830] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.831] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff867c90000, lpmodinfo=0x24042f0, cb=0x18 | out: lpmodinfo=0x24042f0*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.831] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.832] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpmodinfo=0x2404988, cb=0x18 | out: lpmodinfo=0x2404988*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.832] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.833] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d650000, lpmodinfo=0x2405020, cb=0x18 | out: lpmodinfo=0x2405020*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.833] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.834] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x24056b8, cb=0x18 | out: lpmodinfo=0x24056b8*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.834] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.835] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c760000, lpmodinfo=0x2405d50, cb=0x18 | out: lpmodinfo=0x2405d50*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.835] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.836] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpmodinfo=0x24063e8, cb=0x18 | out: lpmodinfo=0x24063e8*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.836] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.837] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x2406a80, cb=0x18 | out: lpmodinfo=0x2406a80*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.837] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.838] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x2407118, cb=0x18 | out: lpmodinfo=0x2407118*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.838] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.839] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8655d0000, lpmodinfo=0x24077b0, cb=0x18 | out: lpmodinfo=0x24077b0*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.839] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.840] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8727c0000, lpmodinfo=0x2407e48, cb=0x18 | out: lpmodinfo=0x2407e48*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.840] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.841] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874a90000, lpmodinfo=0x24084e0, cb=0x18 | out: lpmodinfo=0x24084e0*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.841] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.842] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86b0b0000, lpmodinfo=0x2408b78, cb=0x18 | out: lpmodinfo=0x2408b78*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.842] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.843] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpmodinfo=0x2409210, cb=0x18 | out: lpmodinfo=0x2409210*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.843] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.844] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8654a0000, lpmodinfo=0x24098a8, cb=0x18 | out: lpmodinfo=0x24098a8*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.844] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.845] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878820000, lpmodinfo=0x2409f40, cb=0x18 | out: lpmodinfo=0x2409f40*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.846] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.846] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86efa0000, lpmodinfo=0x240a5d8, cb=0x18 | out: lpmodinfo=0x240a5d8*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.847] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.847] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpmodinfo=0x240ac70, cb=0x18 | out: lpmodinfo=0x240ac70*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.847] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.848] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870c70000, lpmodinfo=0x240b308, cb=0x18 | out: lpmodinfo=0x240b308*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.848] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.889] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x240b9a0, cb=0x18 | out: lpmodinfo=0x240b9a0*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.889] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.890] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e970000, lpmodinfo=0x240c038, cb=0x18 | out: lpmodinfo=0x240c038*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.890] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.891] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e990000, lpmodinfo=0x240c6d0, cb=0x18 | out: lpmodinfo=0x240c6d0*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.891] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.892] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff864f90000, lpmodinfo=0x240cd68, cb=0x18 | out: lpmodinfo=0x240cd68*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.892] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.893] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878bf0000, lpmodinfo=0x240d400, cb=0x18 | out: lpmodinfo=0x240d400*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.893] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.894] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b380000, lpmodinfo=0x240da98, cb=0x18 | out: lpmodinfo=0x240da98*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.894] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.902] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878df0000, lpmodinfo=0x221ce68, cb=0x18 | out: lpmodinfo=0x221ce68*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.903] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.903] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86ad40000, lpmodinfo=0x221d500, cb=0x18 | out: lpmodinfo=0x221d500*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.903] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.904] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff876870000, lpmodinfo=0x221db98, cb=0x18 | out: lpmodinfo=0x221db98*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.904] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.905] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpmodinfo=0x221e230, cb=0x18 | out: lpmodinfo=0x221e230*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.905] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.906] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e6e0000, lpmodinfo=0x221e8c8, cb=0x18 | out: lpmodinfo=0x221e8c8*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.906] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.907] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpmodinfo=0x221ef60, cb=0x18 | out: lpmodinfo=0x221ef60*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.907] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.908] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875450000, lpmodinfo=0x221f5f8, cb=0x18 | out: lpmodinfo=0x221f5f8*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.908] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.909] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87aca0000, lpmodinfo=0x221fc90, cb=0x18 | out: lpmodinfo=0x221fc90*(lpBaseOfDll=0x0, SizeOfImage=0x0, EntryPoint=0x0)) returned 0 [0081.909] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0081.912] CloseHandle (hObject=0x25c) returned 1 [0081.912] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0081.912] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9d0) returned 0x25c [0081.912] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2220dc0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2220dc0, lpcbNeeded=0x14ef68) returned 1 [0081.913] GetModuleInformation (in: hProcess=0x25c, hModule=0x800000, lpmodinfo=0x2221030, cb=0x18 | out: lpmodinfo=0x2221030*(lpBaseOfDll=0x800000, SizeOfImage=0x17000, EntryPoint=0x8014a1)) returned 1 [0081.913] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.913] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x800000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="far.exe") returned 0x7 [0081.914] CoTaskMemFree (pv=0x548dc0) [0081.914] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.914] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x800000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Media Player\\far.exe" (normalized: "c:\\program files\\windows media player\\far.exe")) returned 0x2d [0081.914] CoTaskMemFree (pv=0x548dc0) [0081.914] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2223228, cb=0x18 | out: lpmodinfo=0x2223228*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0081.915] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.915] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0081.915] CoTaskMemFree (pv=0x548dc0) [0081.915] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.915] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0081.916] CoTaskMemFree (pv=0x548dc0) [0081.916] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x22253d0, cb=0x18 | out: lpmodinfo=0x22253d0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0081.916] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.916] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0081.917] CoTaskMemFree (pv=0x548dc0) [0081.917] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.917] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0081.918] CoTaskMemFree (pv=0x548dc0) [0081.918] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2227578, cb=0x18 | out: lpmodinfo=0x2227578*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0081.918] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.918] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0081.919] CoTaskMemFree (pv=0x548dc0) [0081.919] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.919] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0081.920] CoTaskMemFree (pv=0x548dc0) [0081.920] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x2229730, cb=0x18 | out: lpmodinfo=0x2229730*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0081.920] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.920] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0081.921] CoTaskMemFree (pv=0x548dc0) [0081.921] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.921] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0081.922] CoTaskMemFree (pv=0x548dc0) [0081.922] CloseHandle (hObject=0x25c) returned 1 [0081.922] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0081.922] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10bc) returned 0x25c [0081.922] EnumProcessModules (in: hProcess=0x25c, lphModule=0x222bf08, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x222bf08, lpcbNeeded=0x14ef68) returned 1 [0081.923] GetModuleInformation (in: hProcess=0x25c, hModule=0xf10000, lpmodinfo=0x222c178, cb=0x18 | out: lpmodinfo=0x222c178*(lpBaseOfDll=0xf10000, SizeOfImage=0x17000, EntryPoint=0xf114a1)) returned 1 [0081.923] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.924] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xf10000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="thunderbird.exe") returned 0xf [0081.924] CoTaskMemFree (pv=0x548dc0) [0081.924] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.944] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xf10000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\thunderbird.exe" (normalized: "c:\\program files (x86)\\windows media player\\thunderbird.exe")) returned 0x3b [0081.944] CoTaskMemFree (pv=0x548dc0) [0081.944] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x222e398, cb=0x18 | out: lpmodinfo=0x222e398*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0081.945] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.945] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0081.945] CoTaskMemFree (pv=0x548dc0) [0081.945] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.945] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0081.946] CoTaskMemFree (pv=0x548dc0) [0081.946] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2230540, cb=0x18 | out: lpmodinfo=0x2230540*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0081.946] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.946] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0081.947] CoTaskMemFree (pv=0x548dc0) [0081.947] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.947] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0081.948] CoTaskMemFree (pv=0x548dc0) [0081.948] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x22326e8, cb=0x18 | out: lpmodinfo=0x22326e8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0081.948] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.949] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0081.949] CoTaskMemFree (pv=0x548dc0) [0081.949] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.949] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0081.950] CoTaskMemFree (pv=0x548dc0) [0081.950] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x22348a0, cb=0x18 | out: lpmodinfo=0x22348a0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0081.951] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.951] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0081.951] CoTaskMemFree (pv=0x548dc0) [0081.951] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.951] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0081.952] CoTaskMemFree (pv=0x548dc0) [0081.952] CloseHandle (hObject=0x25c) returned 1 [0081.953] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0081.953] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x21c) returned 0x25c [0081.953] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2237078, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2237078, lpcbNeeded=0x14ef68) returned 1 [0081.959] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2237290, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x2237290, lpcbNeeded=0x14ef68) returned 1 [0081.966] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff6748b0000, lpmodinfo=0x2237700, cb=0x18 | out: lpmodinfo=0x2237700*(lpBaseOfDll=0x7ff6748b0000, SizeOfImage=0x11000, EntryPoint=0x7ff6748b4560)) returned 1 [0081.966] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.966] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff6748b0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="lsass.exe") returned 0x9 [0081.967] CoTaskMemFree (pv=0x548dc0) [0081.967] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.967] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff6748b0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\lsass.exe" (normalized: "c:\\windows\\system32\\lsass.exe")) returned 0x1d [0081.967] CoTaskMemFree (pv=0x548dc0) [0081.967] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x22398e0, cb=0x18 | out: lpmodinfo=0x22398e0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0081.968] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.968] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0081.968] CoTaskMemFree (pv=0x548dc0) [0081.968] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.968] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0081.969] CoTaskMemFree (pv=0x548dc0) [0081.969] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x223ba88, cb=0x18 | out: lpmodinfo=0x223ba88*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0081.969] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.969] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0081.970] CoTaskMemFree (pv=0x548dc0) [0081.970] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.970] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0081.970] CoTaskMemFree (pv=0x548dc0) [0081.971] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x223dc40, cb=0x18 | out: lpmodinfo=0x223dc40*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0081.971] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.971] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0081.972] CoTaskMemFree (pv=0x548dc0) [0081.972] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.972] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0081.973] CoTaskMemFree (pv=0x548dc0) [0081.973] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x223fdf8, cb=0x18 | out: lpmodinfo=0x223fdf8*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0081.974] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.974] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0081.975] CoTaskMemFree (pv=0x548dc0) [0081.975] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.975] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0081.975] CoTaskMemFree (pv=0x548dc0) [0081.975] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c270000, lpmodinfo=0x2241ff8, cb=0x18 | out: lpmodinfo=0x2241ff8*(lpBaseOfDll=0x7ff87c270000, SizeOfImage=0x15b000, EntryPoint=0x7ff87c2e7cc0)) returned 1 [0081.976] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.976] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c270000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="lsasrv.dll") returned 0xa [0081.977] CoTaskMemFree (pv=0x548dc0) [0081.977] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.977] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c270000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\lsasrv.dll" (normalized: "c:\\windows\\system32\\lsasrv.dll")) returned 0x1e [0081.978] CoTaskMemFree (pv=0x548dc0) [0081.978] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x22441a0, cb=0x18 | out: lpmodinfo=0x22441a0*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0081.979] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.979] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0081.988] CoTaskMemFree (pv=0x548dc0) [0081.988] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.988] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0081.989] CoTaskMemFree (pv=0x548dc0) [0081.989] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x2246348, cb=0x18 | out: lpmodinfo=0x2246348*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0081.990] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.990] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0081.991] CoTaskMemFree (pv=0x548dc0) [0081.991] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.991] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0081.992] CoTaskMemFree (pv=0x548dc0) [0081.992] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpmodinfo=0x22484f0, cb=0x18 | out: lpmodinfo=0x22484f0*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0081.993] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.993] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0081.994] CoTaskMemFree (pv=0x548dc0) [0081.994] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.994] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0081.996] CoTaskMemFree (pv=0x548dc0) [0081.996] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x224a730, cb=0x18 | out: lpmodinfo=0x224a730*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0081.997] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.997] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0081.998] CoTaskMemFree (pv=0x548dc0) [0081.998] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0081.998] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0081.999] CoTaskMemFree (pv=0x548dc0) [0081.999] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c160000, lpmodinfo=0x224c8d8, cb=0x18 | out: lpmodinfo=0x224c8d8*(lpBaseOfDll=0x7ff87c160000, SizeOfImage=0xd7000, EntryPoint=0x7ff87c19f330)) returned 1 [0082.000] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.000] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c160000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="samsrv.dll") returned 0xa [0082.002] CoTaskMemFree (pv=0x548dc0) [0082.002] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.002] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c160000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\samsrv.dll" (normalized: "c:\\windows\\system32\\samsrv.dll")) returned 0x1e [0082.003] CoTaskMemFree (pv=0x548dc0) [0082.003] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d170000, lpmodinfo=0x224ea80, cb=0x18 | out: lpmodinfo=0x224ea80*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0082.004] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.004] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0082.006] CoTaskMemFree (pv=0x548dc0) [0082.006] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.006] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0082.007] CoTaskMemFree (pv=0x548dc0) [0082.007] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x2250c28, cb=0x18 | out: lpmodinfo=0x2250c28*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0082.008] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.009] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0082.010] CoTaskMemFree (pv=0x548dc0) [0082.010] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.010] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0082.011] CoTaskMemFree (pv=0x548dc0) [0082.011] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c130000, lpmodinfo=0x2252dd0, cb=0x18 | out: lpmodinfo=0x2252dd0*(lpBaseOfDll=0x7ff87c130000, SizeOfImage=0x27000, EntryPoint=0x7ff87c140aa0)) returned 1 [0082.018] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.018] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c130000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0082.019] CoTaskMemFree (pv=0x548dc0) [0082.019] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.019] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c130000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0082.021] CoTaskMemFree (pv=0x548dc0) [0082.021] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c0f0000, lpmodinfo=0x2254f78, cb=0x18 | out: lpmodinfo=0x2254f78*(lpBaseOfDll=0x7ff87c0f0000, SizeOfImage=0x3a000, EntryPoint=0x7ff87c0f8d20)) returned 1 [0082.022] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.022] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c0f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0082.024] CoTaskMemFree (pv=0x548dc0) [0082.024] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.024] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c0f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0082.025] CoTaskMemFree (pv=0x548dc0) [0082.025] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x2257120, cb=0x18 | out: lpmodinfo=0x2257120*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0082.031] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.031] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0082.033] CoTaskMemFree (pv=0x548dc0) [0082.033] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.033] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0082.035] CoTaskMemFree (pv=0x548dc0) [0082.035] GetModuleInformation (in: hProcess=0x25c, hModule=0x180000000, lpmodinfo=0x22592f8, cb=0x18 | out: lpmodinfo=0x22592f8*(lpBaseOfDll=0x180000000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0082.036] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.036] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x180000000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="msprivs.DLL") returned 0xb [0082.038] CoTaskMemFree (pv=0x548dc0) [0082.038] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.038] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x180000000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msprivs.DLL" (normalized: "c:\\windows\\system32\\msprivs.dll")) returned 0x1f [0082.040] CoTaskMemFree (pv=0x548dc0) [0082.040] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c0d0000, lpmodinfo=0x225b5b8, cb=0x18 | out: lpmodinfo=0x225b5b8*(lpBaseOfDll=0x7ff87c0d0000, SizeOfImage=0x15000, EntryPoint=0x7ff87c0d78c0)) returned 1 [0082.042] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.042] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c0d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="netprovfw.dll") returned 0xd [0082.043] CoTaskMemFree (pv=0x548dc0) [0082.043] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.044] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c0d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\netprovfw.dll" (normalized: "c:\\windows\\system32\\netprovfw.dll")) returned 0x21 [0082.045] CoTaskMemFree (pv=0x548dc0) [0082.046] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c0a0000, lpmodinfo=0x225d770, cb=0x18 | out: lpmodinfo=0x225d770*(lpBaseOfDll=0x7ff87c0a0000, SizeOfImage=0x21000, EntryPoint=0x7ff87c0b0250)) returned 1 [0082.047] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.048] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c0a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="JOINUTIL.DLL") returned 0xc [0082.050] CoTaskMemFree (pv=0x548dc0) [0082.050] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.050] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c0a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\JOINUTIL.DLL" (normalized: "c:\\windows\\system32\\joinutil.dll")) returned 0x20 [0082.052] CoTaskMemFree (pv=0x548dc0) [0082.052] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c070000, lpmodinfo=0x225f928, cb=0x18 | out: lpmodinfo=0x225f928*(lpBaseOfDll=0x7ff87c070000, SizeOfImage=0x25000, EntryPoint=0x7ff87c076760)) returned 1 [0082.054] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.054] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c070000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="negoexts.DLL") returned 0xc [0082.056] CoTaskMemFree (pv=0x548dc0) [0082.056] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.056] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c070000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\negoexts.DLL" (normalized: "c:\\windows\\system32\\negoexts.dll")) returned 0x20 [0082.058] CoTaskMemFree (pv=0x548dc0) [0082.058] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c060000, lpmodinfo=0x2261ae0, cb=0x18 | out: lpmodinfo=0x2261ae0*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0082.060] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.060] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0082.062] CoTaskMemFree (pv=0x548dc0) [0082.062] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.062] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0082.064] CoTaskMemFree (pv=0x548dc0) [0082.064] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bf60000, lpmodinfo=0x2263c98, cb=0x18 | out: lpmodinfo=0x2263c98*(lpBaseOfDll=0x7ff87bf60000, SizeOfImage=0xf8000, EntryPoint=0x7ff87bf93190)) returned 1 [0082.078] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.078] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bf60000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="kerberos.DLL") returned 0xc [0082.081] CoTaskMemFree (pv=0x548dc0) [0082.081] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.081] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bf60000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kerberos.DLL" (normalized: "c:\\windows\\system32\\kerberos.dll")) returned 0x20 [0082.083] CoTaskMemFree (pv=0x548dc0) [0082.083] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpmodinfo=0x2265e50, cb=0x18 | out: lpmodinfo=0x2265e50*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0082.085] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.085] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0082.088] CoTaskMemFree (pv=0x548dc0) [0082.088] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.088] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0082.090] CoTaskMemFree (pv=0x548dc0) [0082.090] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bf10000, lpmodinfo=0x2267ff8, cb=0x18 | out: lpmodinfo=0x2267ff8*(lpBaseOfDll=0x7ff87bf10000, SizeOfImage=0x28000, EntryPoint=0x7ff87bf12e50)) returned 1 [0082.093] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.093] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bf10000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KerbClientShared.dll") returned 0x14 [0082.096] CoTaskMemFree (pv=0x548dc0) [0082.096] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.096] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bf10000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KerbClientShared.dll" (normalized: "c:\\windows\\system32\\kerbclientshared.dll")) returned 0x28 [0082.098] CoTaskMemFree (pv=0x548dc0) [0082.098] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpmodinfo=0x226a1d0, cb=0x18 | out: lpmodinfo=0x226a1d0*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0082.101] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.101] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0082.103] CoTaskMemFree (pv=0x548dc0) [0082.103] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.103] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0082.106] CoTaskMemFree (pv=0x548dc0) [0082.106] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bef0000, lpmodinfo=0x226c378, cb=0x18 | out: lpmodinfo=0x226c378*(lpBaseOfDll=0x7ff87bef0000, SizeOfImage=0x15000, EntryPoint=0x7ff87bef3f50)) returned 1 [0082.108] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.108] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bef0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="cryptdll.dll") returned 0xc [0082.111] CoTaskMemFree (pv=0x548dc0) [0082.111] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.111] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bef0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll")) returned 0x20 [0082.115] CoTaskMemFree (pv=0x548dc0) [0082.115] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87be90000, lpmodinfo=0x226e530, cb=0x18 | out: lpmodinfo=0x226e530*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0082.119] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.119] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0082.121] CoTaskMemFree (pv=0x548dc0) [0082.121] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.121] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0082.124] CoTaskMemFree (pv=0x548dc0) [0082.124] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87be30000, lpmodinfo=0x22706d8, cb=0x18 | out: lpmodinfo=0x22706d8*(lpBaseOfDll=0x7ff87be30000, SizeOfImage=0x5d000, EntryPoint=0x7ff87be45100)) returned 1 [0082.127] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.127] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87be30000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="msv1_0.DLL") returned 0xa [0082.129] CoTaskMemFree (pv=0x548dc0) [0082.129] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.129] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87be30000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msv1_0.DLL" (normalized: "c:\\windows\\system32\\msv1_0.dll")) returned 0x1e [0082.132] CoTaskMemFree (pv=0x548dc0) [0082.132] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87be20000, lpmodinfo=0x2272880, cb=0x18 | out: lpmodinfo=0x2272880*(lpBaseOfDll=0x7ff87be20000, SizeOfImage=0xc000, EntryPoint=0x7ff87be245f0)) returned 1 [0082.135] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.135] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87be20000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="NtlmShared.dll") returned 0xe [0082.138] CoTaskMemFree (pv=0x548dc0) [0082.138] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.138] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87be20000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NtlmShared.dll" (normalized: "c:\\windows\\system32\\ntlmshared.dll")) returned 0x22 [0082.140] CoTaskMemFree (pv=0x548dc0) [0082.140] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bd40000, lpmodinfo=0x2274a38, cb=0x18 | out: lpmodinfo=0x2274a38*(lpBaseOfDll=0x7ff87bd40000, SizeOfImage=0xd5000, EntryPoint=0x7ff87bd6e0b0)) returned 1 [0082.143] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.143] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bd40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="netlogon.DLL") returned 0xc [0082.146] CoTaskMemFree (pv=0x548dc0) [0082.146] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.146] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bd40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netlogon.DLL" (normalized: "c:\\windows\\system32\\netlogon.dll")) returned 0x20 [0082.149] CoTaskMemFree (pv=0x548dc0) [0082.149] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x2276bf0, cb=0x18 | out: lpmodinfo=0x2276bf0*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0082.160] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.161] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0082.163] CoTaskMemFree (pv=0x548dc0) [0082.163] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.164] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0082.167] CoTaskMemFree (pv=0x548dc0) [0082.167] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x2278da8, cb=0x18 | out: lpmodinfo=0x2278da8*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0082.170] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.170] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0082.173] CoTaskMemFree (pv=0x548dc0) [0082.173] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.173] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0082.176] CoTaskMemFree (pv=0x548dc0) [0082.176] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpmodinfo=0x227af60, cb=0x18 | out: lpmodinfo=0x227af60*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0082.179] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.179] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0082.182] CoTaskMemFree (pv=0x548dc0) [0082.182] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.182] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0082.185] CoTaskMemFree (pv=0x548dc0) [0082.185] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x227d320, cb=0x18 | out: lpmodinfo=0x227d320*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0082.188] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.188] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0082.191] CoTaskMemFree (pv=0x548dc0) [0082.191] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.191] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0082.197] CoTaskMemFree (pv=0x548dc0) [0082.197] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bd00000, lpmodinfo=0x227f4c8, cb=0x18 | out: lpmodinfo=0x227f4c8*(lpBaseOfDll=0x7ff87bd00000, SizeOfImage=0x1c000, EntryPoint=0x7ff87bd028a0)) returned 1 [0082.201] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.201] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bd00000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="tspkg.DLL") returned 0x9 [0082.204] CoTaskMemFree (pv=0x548dc0) [0082.204] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.204] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bd00000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\tspkg.DLL" (normalized: "c:\\windows\\system32\\tspkg.dll")) returned 0x1d [0082.207] CoTaskMemFree (pv=0x548dc0) [0082.207] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bcb0000, lpmodinfo=0x2281670, cb=0x18 | out: lpmodinfo=0x2281670*(lpBaseOfDll=0x7ff87bcb0000, SizeOfImage=0x44000, EntryPoint=0x7ff87bcb4db0)) returned 1 [0082.210] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.210] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bcb0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="pku2u.DLL") returned 0x9 [0082.221] CoTaskMemFree (pv=0x548dc0) [0082.221] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.222] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bcb0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pku2u.DLL" (normalized: "c:\\windows\\system32\\pku2u.dll")) returned 0x1d [0082.225] CoTaskMemFree (pv=0x548dc0) [0082.225] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bc70000, lpmodinfo=0x2283818, cb=0x18 | out: lpmodinfo=0x2283818*(lpBaseOfDll=0x7ff87bc70000, SizeOfImage=0x35000, EntryPoint=0x7ff87bc96000)) returned 1 [0082.228] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.228] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bc70000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="cloudAP.DLL") returned 0xb [0082.233] CoTaskMemFree (pv=0x548dc0) [0082.233] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.233] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bc70000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cloudAP.DLL" (normalized: "c:\\windows\\system32\\cloudap.dll")) returned 0x1f [0082.236] CoTaskMemFree (pv=0x548dc0) [0082.236] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bc20000, lpmodinfo=0x22859c0, cb=0x18 | out: lpmodinfo=0x22859c0*(lpBaseOfDll=0x7ff87bc20000, SizeOfImage=0x42000, EntryPoint=0x7ff87bc42200)) returned 1 [0082.241] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.241] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bc20000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="MicrosoftAccountCloudAP.dll") returned 0x1b [0082.245] CoTaskMemFree (pv=0x548dc0) [0082.245] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.245] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bc20000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MicrosoftAccountCloudAP.dll" (normalized: "c:\\windows\\system32\\microsoftaccountcloudap.dll")) returned 0x2f [0082.249] CoTaskMemFree (pv=0x548dc0) [0082.249] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x2287ba8, cb=0x18 | out: lpmodinfo=0x2287ba8*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0082.252] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.252] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0082.256] CoTaskMemFree (pv=0x548dc0) [0082.256] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.256] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0082.259] CoTaskMemFree (pv=0x548dc0) [0082.259] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpmodinfo=0x2289d50, cb=0x18 | out: lpmodinfo=0x2289d50*(lpBaseOfDll=0x7ff87bc10000, SizeOfImage=0xa000, EntryPoint=0x7ff87bc11830)) returned 1 [0082.263] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.263] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="DPAPI.DLL") returned 0x9 [0082.267] CoTaskMemFree (pv=0x548dc0) [0082.267] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.267] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DPAPI.DLL" (normalized: "c:\\windows\\system32\\dpapi.dll")) returned 0x1d [0082.270] CoTaskMemFree (pv=0x548dc0) [0082.270] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpmodinfo=0x228bef8, cb=0x18 | out: lpmodinfo=0x228bef8*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0082.274] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.274] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0082.290] CoTaskMemFree (pv=0x548dc0) [0082.290] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.290] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0082.294] CoTaskMemFree (pv=0x548dc0) [0082.294] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bb90000, lpmodinfo=0x228e0a0, cb=0x18 | out: lpmodinfo=0x228e0a0*(lpBaseOfDll=0x7ff87bb90000, SizeOfImage=0x3c000, EntryPoint=0x7ff87bb94c60)) returned 1 [0082.298] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.298] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bb90000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wdigest.DLL") returned 0xb [0082.301] CoTaskMemFree (pv=0x548dc0) [0082.301] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.301] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bb90000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wdigest.DLL" (normalized: "c:\\windows\\system32\\wdigest.dll")) returned 0x1f [0082.305] CoTaskMemFree (pv=0x548dc0) [0082.305] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bb10000, lpmodinfo=0x2290248, cb=0x18 | out: lpmodinfo=0x2290248*(lpBaseOfDll=0x7ff87bb10000, SizeOfImage=0x7a000, EntryPoint=0x7ff87bb31a50)) returned 1 [0082.309] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.309] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bb10000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0082.314] CoTaskMemFree (pv=0x548dc0) [0082.314] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.314] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bb10000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0082.318] CoTaskMemFree (pv=0x548dc0) [0082.318] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87baf0000, lpmodinfo=0x2292400, cb=0x18 | out: lpmodinfo=0x2292400*(lpBaseOfDll=0x7ff87baf0000, SizeOfImage=0x1b000, EntryPoint=0x7ff87baf5e30)) returned 1 [0082.321] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.321] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87baf0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="PCPKsp.dll") returned 0xa [0082.329] CoTaskMemFree (pv=0x548dc0) [0082.329] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.329] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87baf0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PCPKsp.dll" (normalized: "c:\\windows\\system32\\pcpksp.dll")) returned 0x1e [0082.333] CoTaskMemFree (pv=0x548dc0) [0082.333] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpmodinfo=0x22945a8, cb=0x18 | out: lpmodinfo=0x22945a8*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0082.337] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.337] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0082.341] CoTaskMemFree (pv=0x548dc0) [0082.341] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.341] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0082.345] CoTaskMemFree (pv=0x548dc0) [0082.345] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ba20000, lpmodinfo=0x2296750, cb=0x18 | out: lpmodinfo=0x2296750*(lpBaseOfDll=0x7ff87ba20000, SizeOfImage=0x8b000, EntryPoint=0x7ff87ba280b0)) returned 1 [0082.349] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.349] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ba20000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="PCPTPM12.dll") returned 0xc [0082.354] CoTaskMemFree (pv=0x548dc0) [0082.354] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.354] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ba20000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PCPTPM12.dll" (normalized: "c:\\windows\\system32\\pcptpm12.dll")) returned 0x20 [0082.374] CoTaskMemFree (pv=0x548dc0) [0082.374] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ba10000, lpmodinfo=0x2298908, cb=0x18 | out: lpmodinfo=0x2298908*(lpBaseOfDll=0x7ff87ba10000, SizeOfImage=0xd000, EntryPoint=0x7ff87ba11fe0)) returned 1 [0082.389] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.389] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ba10000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="tbs.dll") returned 0x7 [0082.394] CoTaskMemFree (pv=0x548dc0) [0082.394] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.394] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ba10000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll")) returned 0x1b [0082.398] CoTaskMemFree (pv=0x548dc0) [0082.398] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b9e0000, lpmodinfo=0x229aaa0, cb=0x18 | out: lpmodinfo=0x229aaa0*(lpBaseOfDll=0x7ff87b9e0000, SizeOfImage=0x21000, EntryPoint=0x7ff87b9eef00)) returned 1 [0082.402] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.402] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b9e0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="efslsaext.dll") returned 0xd [0082.406] CoTaskMemFree (pv=0x548dc0) [0082.407] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.407] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b9e0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\efslsaext.dll" (normalized: "c:\\windows\\system32\\efslsaext.dll")) returned 0x21 [0082.411] CoTaskMemFree (pv=0x548dc0) [0082.411] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x229cc58, cb=0x18 | out: lpmodinfo=0x229cc58*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0082.415] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.415] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0082.419] CoTaskMemFree (pv=0x548dc0) [0082.419] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.419] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0082.433] CoTaskMemFree (pv=0x548dc0) [0082.433] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpmodinfo=0x229ee10, cb=0x18 | out: lpmodinfo=0x229ee10*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0082.438] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.438] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0082.442] CoTaskMemFree (pv=0x548dc0) [0082.442] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.442] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0082.447] CoTaskMemFree (pv=0x548dc0) [0082.447] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b990000, lpmodinfo=0x22a0fc8, cb=0x18 | out: lpmodinfo=0x22a0fc8*(lpBaseOfDll=0x7ff87b990000, SizeOfImage=0x35000, EntryPoint=0x7ff87b99b420)) returned 1 [0082.451] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.451] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b990000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="dpapisrv.dll") returned 0xc [0082.456] CoTaskMemFree (pv=0x548dc0) [0082.456] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.456] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b990000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dpapisrv.dll" (normalized: "c:\\windows\\system32\\dpapisrv.dll")) returned 0x20 [0082.460] CoTaskMemFree (pv=0x548dc0) [0082.460] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b980000, lpmodinfo=0x22a3180, cb=0x18 | out: lpmodinfo=0x22a3180*(lpBaseOfDll=0x7ff87b980000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9824f0)) returned 1 [0082.487] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.487] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b980000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SspiSrv.dll") returned 0xb [0082.494] CoTaskMemFree (pv=0x548dc0) [0082.494] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.494] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b980000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiSrv.dll" (normalized: "c:\\windows\\system32\\sspisrv.dll")) returned 0x1f [0082.500] CoTaskMemFree (pv=0x548dc0) [0082.500] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpmodinfo=0x22a5328, cb=0x18 | out: lpmodinfo=0x22a5328*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0082.506] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.506] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="winsta.dll") returned 0xa [0082.511] CoTaskMemFree (pv=0x548dc0) [0082.512] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.512] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0082.518] CoTaskMemFree (pv=0x548dc0) [0082.518] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b860000, lpmodinfo=0x22a74d0, cb=0x18 | out: lpmodinfo=0x22a74d0*(lpBaseOfDll=0x7ff87b860000, SizeOfImage=0x43000, EntryPoint=0x7ff87b861960)) returned 1 [0082.523] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.523] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b860000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="scecli.DLL") returned 0xa [0082.555] CoTaskMemFree (pv=0x548dc0) [0082.555] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.555] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b860000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\scecli.DLL" (normalized: "c:\\windows\\system32\\scecli.dll")) returned 0x1e [0082.560] CoTaskMemFree (pv=0x548dc0) [0082.560] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b030000, lpmodinfo=0x22a9678, cb=0x18 | out: lpmodinfo=0x22a9678*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0082.565] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.565] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b030000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0082.570] CoTaskMemFree (pv=0x548dc0) [0082.570] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.570] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b030000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0082.575] CoTaskMemFree (pv=0x548dc0) [0082.575] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpmodinfo=0x22ab820, cb=0x18 | out: lpmodinfo=0x22ab820*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0082.581] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.581] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0082.586] CoTaskMemFree (pv=0x548dc0) [0082.586] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.586] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0082.601] CoTaskMemFree (pv=0x548dc0) [0082.601] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875480000, lpmodinfo=0x22ad9b8, cb=0x18 | out: lpmodinfo=0x22ad9b8*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0082.607] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.607] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875480000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0082.612] CoTaskMemFree (pv=0x548dc0) [0082.612] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.612] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875480000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0082.617] CoTaskMemFree (pv=0x548dc0) [0082.617] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x22afb70, cb=0x18 | out: lpmodinfo=0x22afb70*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0082.622] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.622] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0082.629] CoTaskMemFree (pv=0x548dc0) [0082.629] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.629] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0082.634] CoTaskMemFree (pv=0x548dc0) [0082.634] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874e50000, lpmodinfo=0x22b1d28, cb=0x18 | out: lpmodinfo=0x22b1d28*(lpBaseOfDll=0x7ff874e50000, SizeOfImage=0xc0000, EntryPoint=0x7ff874e7fd20)) returned 1 [0082.643] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.643] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874e50000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="fveapi.dll") returned 0xa [0082.648] CoTaskMemFree (pv=0x548dc0) [0082.648] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.648] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874e50000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")) returned 0x1e [0082.654] CoTaskMemFree (pv=0x548dc0) [0082.654] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874ca0000, lpmodinfo=0x22b3ed0, cb=0x18 | out: lpmodinfo=0x22b3ed0*(lpBaseOfDll=0x7ff874ca0000, SizeOfImage=0x5d000, EntryPoint=0x7ff874cbd3a0)) returned 1 [0082.661] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.661] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874ca0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="vaultsvc.dll") returned 0xc [0082.666] CoTaskMemFree (pv=0x548dc0) [0082.666] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.666] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874ca0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\vaultsvc.dll" (normalized: "c:\\windows\\system32\\vaultsvc.dll")) returned 0x20 [0082.672] CoTaskMemFree (pv=0x548dc0) [0082.672] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8788f0000, lpmodinfo=0x22b6088, cb=0x18 | out: lpmodinfo=0x22b6088*(lpBaseOfDll=0x7ff8788f0000, SizeOfImage=0x64000, EntryPoint=0x7ff878905ae0)) returned 1 [0082.682] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.682] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8788f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0082.687] CoTaskMemFree (pv=0x548dc0) [0082.687] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.687] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8788f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0082.694] CoTaskMemFree (pv=0x548dc0) [0082.694] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875270000, lpmodinfo=0x22b8230, cb=0x18 | out: lpmodinfo=0x22b8230*(lpBaseOfDll=0x7ff875270000, SizeOfImage=0x16000, EntryPoint=0x7ff8752719f0)) returned 1 [0082.699] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.699] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875270000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0082.705] CoTaskMemFree (pv=0x548dc0) [0082.705] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.705] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875270000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0082.710] CoTaskMemFree (pv=0x548dc0) [0082.710] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875250000, lpmodinfo=0x22ba3e8, cb=0x18 | out: lpmodinfo=0x22ba3e8*(lpBaseOfDll=0x7ff875250000, SizeOfImage=0x1a000, EntryPoint=0x7ff875252430)) returned 1 [0082.719] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.719] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875250000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0082.725] CoTaskMemFree (pv=0x548dc0) [0082.725] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.725] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875250000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0082.732] CoTaskMemFree (pv=0x548dc0) [0082.732] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f470000, lpmodinfo=0x22bc5a0, cb=0x18 | out: lpmodinfo=0x22bc5a0*(lpBaseOfDll=0x7ff86f470000, SizeOfImage=0xd000, EntryPoint=0x7ff86f471af0)) returned 1 [0082.738] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.738] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f470000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="DSPARSE.dll") returned 0xb [0082.744] CoTaskMemFree (pv=0x548dc0) [0082.744] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.744] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f470000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DSPARSE.dll" (normalized: "c:\\windows\\system32\\dsparse.dll")) returned 0x1f [0082.750] CoTaskMemFree (pv=0x548dc0) [0082.750] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c960000, lpmodinfo=0x22be748, cb=0x18 | out: lpmodinfo=0x22be748*(lpBaseOfDll=0x7ff86c960000, SizeOfImage=0x1e000, EntryPoint=0x7ff86c96ef80)) returned 1 [0082.758] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.758] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c960000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0082.763] CoTaskMemFree (pv=0x548dc0) [0082.763] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.763] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c960000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0082.769] CoTaskMemFree (pv=0x548dc0) [0082.769] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c900000, lpmodinfo=0x22c0d18, cb=0x18 | out: lpmodinfo=0x22c0d18*(lpBaseOfDll=0x7ff86c900000, SizeOfImage=0x55000, EntryPoint=0x7ff86c91f870)) returned 1 [0082.775] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.775] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c900000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ncryptprov.dll") returned 0xe [0082.781] CoTaskMemFree (pv=0x548dc0) [0082.781] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.781] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c900000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptprov.dll" (normalized: "c:\\windows\\system32\\ncryptprov.dll")) returned 0x22 [0082.787] CoTaskMemFree (pv=0x548dc0) [0082.787] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c8d0000, lpmodinfo=0x22c2ed0, cb=0x18 | out: lpmodinfo=0x22c2ed0*(lpBaseOfDll=0x7ff86c8d0000, SizeOfImage=0x28000, EntryPoint=0x7ff86c8defc0)) returned 1 [0082.795] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.795] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c8d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="dssenh.dll") returned 0xa [0082.801] CoTaskMemFree (pv=0x548dc0) [0082.801] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.801] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c8d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll")) returned 0x1e [0082.807] CoTaskMemFree (pv=0x548dc0) [0082.807] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpmodinfo=0x22c5078, cb=0x18 | out: lpmodinfo=0x22c5078*(lpBaseOfDll=0x7ff87b5c0000, SizeOfImage=0x24000, EntryPoint=0x7ff87b5c3260)) returned 1 [0082.813] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.813] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="gpapi.dll") returned 0x9 [0082.820] CoTaskMemFree (pv=0x548dc0) [0082.820] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.820] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0082.826] CoTaskMemFree (pv=0x548dc0) [0082.826] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c8b0000, lpmodinfo=0x22c7220, cb=0x18 | out: lpmodinfo=0x22c7220*(lpBaseOfDll=0x7ff86c8b0000, SizeOfImage=0x14000, EntryPoint=0x7ff86c8b3710)) returned 1 [0082.835] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.835] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c8b0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0082.841] CoTaskMemFree (pv=0x548dc0) [0082.841] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.841] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c8b0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0082.847] CoTaskMemFree (pv=0x548dc0) [0082.847] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c760000, lpmodinfo=0x22c93e8, cb=0x18 | out: lpmodinfo=0x22c93e8*(lpBaseOfDll=0x7ff86c760000, SizeOfImage=0x23000, EntryPoint=0x7ff86c76a580)) returned 1 [0082.854] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.854] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c760000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SecureTimeAggregator.dll") returned 0x18 [0082.860] CoTaskMemFree (pv=0x548dc0) [0082.860] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.860] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c760000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SecureTimeAggregator.dll" (normalized: "c:\\windows\\system32\\securetimeaggregator.dll")) returned 0x2c [0082.866] CoTaskMemFree (pv=0x548dc0) [0082.866] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8786a0000, lpmodinfo=0x22cb5d0, cb=0x18 | out: lpmodinfo=0x22cb5d0*(lpBaseOfDll=0x7ff8786a0000, SizeOfImage=0xa000, EntryPoint=0x7ff8786a1660)) returned 1 [0082.879] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.879] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8786a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="DSROLE.dll") returned 0xa [0082.885] CoTaskMemFree (pv=0x548dc0) [0082.885] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.885] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8786a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DSROLE.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")) returned 0x1e [0082.892] CoTaskMemFree (pv=0x548dc0) [0082.892] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c730000, lpmodinfo=0x22cd778, cb=0x18 | out: lpmodinfo=0x22cd778*(lpBaseOfDll=0x7ff86c730000, SizeOfImage=0x2f000, EntryPoint=0x7ff86c73ec60)) returned 1 [0082.898] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.898] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c730000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="cryptnet.dll") returned 0xc [0082.905] CoTaskMemFree (pv=0x548dc0) [0082.905] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.905] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c730000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cryptnet.dll" (normalized: "c:\\windows\\system32\\cryptnet.dll")) returned 0x20 [0082.911] CoTaskMemFree (pv=0x548dc0) [0082.911] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f200000, lpmodinfo=0x22cf930, cb=0x18 | out: lpmodinfo=0x22cf930*(lpBaseOfDll=0x7ff86f200000, SizeOfImage=0x1c000, EntryPoint=0x7ff86f20da50)) returned 1 [0082.918] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.918] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f200000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="keyiso.dll") returned 0xa [0082.924] CoTaskMemFree (pv=0x548dc0) [0082.924] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.924] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f200000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\keyiso.dll" (normalized: "c:\\windows\\system32\\keyiso.dll")) returned 0x1e [0082.932] CoTaskMemFree (pv=0x548dc0) [0082.932] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86a300000, lpmodinfo=0x22d1ad8, cb=0x18 | out: lpmodinfo=0x22d1ad8*(lpBaseOfDll=0x7ff86a300000, SizeOfImage=0x17000, EntryPoint=0x7ff86a30b240)) returned 1 [0082.938] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.938] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86a300000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ngcpopkeysrv.dll") returned 0x10 [0082.947] CoTaskMemFree (pv=0x548dc0) [0082.947] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.947] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86a300000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ngcpopkeysrv.dll" (normalized: "c:\\windows\\system32\\ngcpopkeysrv.dll")) returned 0x24 [0082.954] CoTaskMemFree (pv=0x548dc0) [0082.954] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b760000, lpmodinfo=0x22d3ca0, cb=0x18 | out: lpmodinfo=0x22d3ca0*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0082.960] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.960] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0082.967] CoTaskMemFree (pv=0x548dc0) [0082.967] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.967] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0082.974] CoTaskMemFree (pv=0x548dc0) [0082.974] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875860000, lpmodinfo=0x22d5e58, cb=0x18 | out: lpmodinfo=0x22d5e58*(lpBaseOfDll=0x7ff875860000, SizeOfImage=0x93000, EntryPoint=0x7ff875869680)) returned 1 [0082.981] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.981] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875860000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0082.991] CoTaskMemFree (pv=0x548dc0) [0082.991] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.991] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875860000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0082.998] CoTaskMemFree (pv=0x548dc0) [0082.998] CloseHandle (hObject=0x25c) returned 1 [0082.998] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0082.998] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x908) returned 0x25c [0082.998] EnumProcessModules (in: hProcess=0x25c, lphModule=0x22d9e40, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22d9e40, lpcbNeeded=0x14ef68) returned 1 [0082.999] GetModuleInformation (in: hProcess=0x25c, hModule=0xc50000, lpmodinfo=0x22da0b0, cb=0x18 | out: lpmodinfo=0x22da0b0*(lpBaseOfDll=0xc50000, SizeOfImage=0x17000, EntryPoint=0xc514a1)) returned 1 [0082.999] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0082.999] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xc50000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="3dftp.exe") returned 0x9 [0083.000] CoTaskMemFree (pv=0x548dc0) [0083.000] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0083.000] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xc50000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Reference Assemblies\\3dftp.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\3dftp.exe")) returned 0x35 [0083.000] CoTaskMemFree (pv=0x548dc0) [0083.000] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x22dc2c0, cb=0x18 | out: lpmodinfo=0x22dc2c0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0083.001] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0083.001] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0083.001] CoTaskMemFree (pv=0x548dc0) [0083.001] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0083.001] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0083.002] CoTaskMemFree (pv=0x548dc0) [0083.002] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x22de468, cb=0x18 | out: lpmodinfo=0x22de468*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0083.002] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0083.002] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0083.003] CoTaskMemFree (pv=0x548dc0) [0083.003] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0083.003] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0083.004] CoTaskMemFree (pv=0x548dc0) [0083.004] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x22e0610, cb=0x18 | out: lpmodinfo=0x22e0610*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0083.004] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0083.004] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0083.005] CoTaskMemFree (pv=0x548dc0) [0083.005] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0083.005] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0083.006] CoTaskMemFree (pv=0x548dc0) [0083.006] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x22e27c8, cb=0x18 | out: lpmodinfo=0x22e27c8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0083.006] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0083.006] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0083.007] CoTaskMemFree (pv=0x548dc0) [0083.007] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0083.007] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0083.008] CoTaskMemFree (pv=0x548dc0) [0083.008] CloseHandle (hObject=0x25c) returned 1 [0083.009] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0083.009] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa90) returned 0x25c [0083.009] EnumProcessModules (in: hProcess=0x25c, lphModule=0x22e4fa0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22e4fa0, lpcbNeeded=0x14ef68) returned 1 [0083.010] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff7fc190000, lpmodinfo=0x22e5210, cb=0x18 | out: lpmodinfo=0x22e5210*(lpBaseOfDll=0x7ff7fc190000, SizeOfImage=0x8000, EntryPoint=0x7ff7fc191cd0)) returned 1 [0083.010] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.010] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff7fc190000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="msfeedssync.exe") returned 0xf [0083.011] CoTaskMemFree (pv=0x54aee0) [0083.011] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.011] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff7fc190000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msfeedssync.exe" (normalized: "c:\\windows\\system32\\msfeedssync.exe")) returned 0x23 [0083.011] CoTaskMemFree (pv=0x54aee0) [0083.011] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x22e7400, cb=0x18 | out: lpmodinfo=0x22e7400*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0083.012] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.012] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0083.012] CoTaskMemFree (pv=0x54aee0) [0083.012] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.012] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0083.013] CoTaskMemFree (pv=0x54aee0) [0083.013] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x22e95a8, cb=0x18 | out: lpmodinfo=0x22e95a8*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0083.013] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.013] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0083.014] CoTaskMemFree (pv=0x54aee0) [0083.014] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.014] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0083.014] CoTaskMemFree (pv=0x54aee0) [0083.014] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x22eb760, cb=0x18 | out: lpmodinfo=0x22eb760*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0083.015] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.015] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0083.016] CoTaskMemFree (pv=0x54aee0) [0083.016] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.016] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0083.016] CoTaskMemFree (pv=0x54aee0) [0083.016] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x22ed918, cb=0x18 | out: lpmodinfo=0x22ed918*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0083.017] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.017] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0083.018] CoTaskMemFree (pv=0x54aee0) [0083.018] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.018] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0083.018] CoTaskMemFree (pv=0x54aee0) [0083.018] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x22efb18, cb=0x18 | out: lpmodinfo=0x22efb18*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0083.019] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.019] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0083.020] CoTaskMemFree (pv=0x54aee0) [0083.020] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.020] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0083.022] CoTaskMemFree (pv=0x54aee0) [0083.022] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x22f1cc0, cb=0x18 | out: lpmodinfo=0x22f1cc0*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0083.023] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.023] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0083.024] CoTaskMemFree (pv=0x54aee0) [0083.024] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.024] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0083.025] CoTaskMemFree (pv=0x54aee0) [0083.025] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x22f3e68, cb=0x18 | out: lpmodinfo=0x22f3e68*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0083.026] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.026] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0083.027] CoTaskMemFree (pv=0x54aee0) [0083.027] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.027] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0083.028] CoTaskMemFree (pv=0x54aee0) [0083.028] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x22f6040, cb=0x18 | out: lpmodinfo=0x22f6040*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0083.029] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.029] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0083.030] CoTaskMemFree (pv=0x54aee0) [0083.030] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.030] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0083.033] CoTaskMemFree (pv=0x54aee0) [0083.033] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x22f82a0, cb=0x18 | out: lpmodinfo=0x22f82a0*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0083.034] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.034] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0083.035] CoTaskMemFree (pv=0x54aee0) [0083.035] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.035] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0083.036] CoTaskMemFree (pv=0x54aee0) [0083.036] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x22fa448, cb=0x18 | out: lpmodinfo=0x22fa448*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0083.037] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.038] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0083.039] CoTaskMemFree (pv=0x54aee0) [0083.039] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.039] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0083.040] CoTaskMemFree (pv=0x54aee0) [0083.040] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpmodinfo=0x22fc5f0, cb=0x18 | out: lpmodinfo=0x22fc5f0*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0083.041] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.041] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0083.043] CoTaskMemFree (pv=0x54aee0) [0083.043] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.043] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0083.044] CoTaskMemFree (pv=0x54aee0) [0083.044] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87af40000, lpmodinfo=0x22fe798, cb=0x18 | out: lpmodinfo=0x22fe798*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0083.045] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.045] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0083.047] CoTaskMemFree (pv=0x54aee0) [0083.047] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.047] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0083.049] CoTaskMemFree (pv=0x54aee0) [0083.049] CloseHandle (hObject=0x25c) returned 1 [0083.049] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0083.049] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x214) returned 0x0 [0083.049] EnumProcesses (in: lpidProcess=0x23011c8, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x23011c8, lpcbNeeded=0x14ee58) returned 1 [0083.061] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x14eab0, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0083.063] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x84) returned 0x25c [0083.063] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2301ef8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2301ef8, lpcbNeeded=0x14ef68) returned 1 [0083.064] GetModuleInformation (in: hProcess=0x25c, hModule=0x9f0000, lpmodinfo=0x2302168, cb=0x18 | out: lpmodinfo=0x2302168*(lpBaseOfDll=0x9f0000, SizeOfImage=0x17000, EntryPoint=0x9f14a1)) returned 1 [0083.064] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.065] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x9f0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="alftp.exe") returned 0x9 [0083.066] CoTaskMemFree (pv=0x54aee0) [0083.066] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.066] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x9f0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Common Files\\alftp.exe" (normalized: "c:\\program files (x86)\\common files\\alftp.exe")) returned 0x2d [0083.066] CoTaskMemFree (pv=0x54aee0) [0083.066] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2304368, cb=0x18 | out: lpmodinfo=0x2304368*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0083.066] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.067] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0083.067] CoTaskMemFree (pv=0x54aee0) [0083.067] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.067] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0083.068] CoTaskMemFree (pv=0x54aee0) [0083.068] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2306510, cb=0x18 | out: lpmodinfo=0x2306510*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0083.068] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.068] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0083.069] CoTaskMemFree (pv=0x54aee0) [0083.069] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.069] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0083.069] CoTaskMemFree (pv=0x54aee0) [0083.069] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x23086b8, cb=0x18 | out: lpmodinfo=0x23086b8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0083.070] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.070] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0083.071] CoTaskMemFree (pv=0x54aee0) [0083.071] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.071] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0083.071] CoTaskMemFree (pv=0x54aee0) [0083.071] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x230a870, cb=0x18 | out: lpmodinfo=0x230a870*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0083.072] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.072] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0083.073] CoTaskMemFree (pv=0x54aee0) [0083.073] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.073] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0083.074] CoTaskMemFree (pv=0x54aee0) [0083.074] CloseHandle (hObject=0x25c) returned 1 [0083.074] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0083.074] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9c4) returned 0x25c [0083.074] EnumProcessModules (in: hProcess=0x25c, lphModule=0x230d048, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x230d048, lpcbNeeded=0x14ef68) returned 1 [0083.075] GetModuleInformation (in: hProcess=0x25c, hModule=0xa10000, lpmodinfo=0x230d2b8, cb=0x18 | out: lpmodinfo=0x230d2b8*(lpBaseOfDll=0xa10000, SizeOfImage=0x17000, EntryPoint=0xa114a1)) returned 1 [0083.075] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.075] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xa10000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="type relationship above.exe") returned 0x1b [0083.076] CoTaskMemFree (pv=0x54aee0) [0083.076] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.076] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xa10000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Portable Devices\\type relationship above.exe" (normalized: "c:\\program files\\windows portable devices\\type relationship above.exe")) returned 0x45 [0083.077] CoTaskMemFree (pv=0x54aee0) [0083.077] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x230f508, cb=0x18 | out: lpmodinfo=0x230f508*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0083.077] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.077] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0083.078] CoTaskMemFree (pv=0x54aee0) [0083.078] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.078] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0083.078] CoTaskMemFree (pv=0x54aee0) [0083.078] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x23116b0, cb=0x18 | out: lpmodinfo=0x23116b0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0083.079] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.079] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0083.079] CoTaskMemFree (pv=0x54aee0) [0083.079] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.079] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0083.080] CoTaskMemFree (pv=0x54aee0) [0083.080] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2313858, cb=0x18 | out: lpmodinfo=0x2313858*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0083.081] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.081] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0083.081] CoTaskMemFree (pv=0x54aee0) [0083.081] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.081] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0083.082] CoTaskMemFree (pv=0x54aee0) [0083.082] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x2315a10, cb=0x18 | out: lpmodinfo=0x2315a10*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0083.083] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.083] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0083.084] CoTaskMemFree (pv=0x54aee0) [0083.084] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.084] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0083.084] CoTaskMemFree (pv=0x54aee0) [0083.084] CloseHandle (hObject=0x25c) returned 1 [0083.085] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0083.085] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xcd4) returned 0x25c [0083.085] EnumProcessModules (in: hProcess=0x25c, lphModule=0x23181e8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23181e8, lpcbNeeded=0x14ef68) returned 1 [0083.086] GetModuleInformation (in: hProcess=0x25c, hModule=0xa40000, lpmodinfo=0x2318458, cb=0x18 | out: lpmodinfo=0x2318458*(lpBaseOfDll=0xa40000, SizeOfImage=0x17000, EntryPoint=0xa414a1)) returned 1 [0083.086] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.086] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xa40000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="filezilla.exe") returned 0xd [0083.087] CoTaskMemFree (pv=0x54aee0) [0083.087] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.087] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xa40000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft.NET\\filezilla.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\filezilla.exe")) returned 0x32 [0083.087] CoTaskMemFree (pv=0x54aee0) [0083.087] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x231a668, cb=0x18 | out: lpmodinfo=0x231a668*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0083.087] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.087] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0083.088] CoTaskMemFree (pv=0x54aee0) [0083.088] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.088] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0083.089] CoTaskMemFree (pv=0x54aee0) [0083.089] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x231c810, cb=0x18 | out: lpmodinfo=0x231c810*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0083.089] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.089] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0083.090] CoTaskMemFree (pv=0x54aee0) [0083.090] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.090] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0083.090] CoTaskMemFree (pv=0x54aee0) [0083.090] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x231e9b8, cb=0x18 | out: lpmodinfo=0x231e9b8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0083.091] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.091] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0083.092] CoTaskMemFree (pv=0x54aee0) [0083.092] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.092] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0083.092] CoTaskMemFree (pv=0x54aee0) [0083.092] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x2320b70, cb=0x18 | out: lpmodinfo=0x2320b70*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0083.093] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.093] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0083.094] CoTaskMemFree (pv=0x54aee0) [0083.094] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.094] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0083.095] CoTaskMemFree (pv=0x54aee0) [0083.095] CloseHandle (hObject=0x25c) returned 1 [0083.095] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0083.095] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x45c) returned 0x25c [0083.095] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2323348, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2323348, lpcbNeeded=0x14ef68) returned 1 [0083.098] GetModuleInformation (in: hProcess=0x25c, hModule=0x10a0000, lpmodinfo=0x23235b8, cb=0x18 | out: lpmodinfo=0x23235b8*(lpBaseOfDll=0x10a0000, SizeOfImage=0x17000, EntryPoint=0x10a14a1)) returned 1 [0083.099] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.099] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x10a0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="barca.exe") returned 0x9 [0083.099] CoTaskMemFree (pv=0x54aee0) [0083.099] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.099] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x10a0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\barca.exe" (normalized: "c:\\program files (x86)\\windows media player\\barca.exe")) returned 0x35 [0083.100] CoTaskMemFree (pv=0x54aee0) [0083.100] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x23257c8, cb=0x18 | out: lpmodinfo=0x23257c8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0083.107] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.107] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0083.108] CoTaskMemFree (pv=0x54aee0) [0083.108] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.108] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0083.108] CoTaskMemFree (pv=0x54aee0) [0083.109] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2327970, cb=0x18 | out: lpmodinfo=0x2327970*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0083.109] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.109] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0083.110] CoTaskMemFree (pv=0x54aee0) [0083.110] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.110] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0083.110] CoTaskMemFree (pv=0x54aee0) [0083.110] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2329b18, cb=0x18 | out: lpmodinfo=0x2329b18*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0083.111] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.111] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0083.112] CoTaskMemFree (pv=0x54aee0) [0083.112] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.112] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0083.113] CoTaskMemFree (pv=0x54aee0) [0083.113] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x232bcd0, cb=0x18 | out: lpmodinfo=0x232bcd0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0083.114] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.114] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0083.115] CoTaskMemFree (pv=0x54aee0) [0083.115] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.115] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0083.116] CoTaskMemFree (pv=0x54aee0) [0083.116] CloseHandle (hObject=0x25c) returned 1 [0083.116] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0083.116] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x394) returned 0x25c [0083.116] EnumProcessModules (in: hProcess=0x25c, lphModule=0x232e4a8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x232e4a8, lpcbNeeded=0x14ef68) returned 1 [0083.117] GetModuleInformation (in: hProcess=0x25c, hModule=0x11d0000, lpmodinfo=0x232e718, cb=0x18 | out: lpmodinfo=0x232e718*(lpBaseOfDll=0x11d0000, SizeOfImage=0x17000, EntryPoint=0x11d14a1)) returned 1 [0083.117] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.117] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x11d0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="absolutetelnet.exe") returned 0x12 [0083.118] CoTaskMemFree (pv=0x54aee0) [0083.118] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.118] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x11d0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\absolutetelnet.exe" (normalized: "c:\\program files (x86)\\windows media player\\absolutetelnet.exe")) returned 0x3e [0083.118] CoTaskMemFree (pv=0x54aee0) [0083.118] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2330948, cb=0x18 | out: lpmodinfo=0x2330948*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0083.119] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.119] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0083.119] CoTaskMemFree (pv=0x54aee0) [0083.119] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.119] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0083.120] CoTaskMemFree (pv=0x54aee0) [0083.120] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2332af0, cb=0x18 | out: lpmodinfo=0x2332af0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0083.120] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.120] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0083.121] CoTaskMemFree (pv=0x54aee0) [0083.121] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.121] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0083.122] CoTaskMemFree (pv=0x54aee0) [0083.122] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2334c98, cb=0x18 | out: lpmodinfo=0x2334c98*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0083.122] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.122] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0083.123] CoTaskMemFree (pv=0x54aee0) [0083.123] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.123] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0083.124] CoTaskMemFree (pv=0x54aee0) [0083.124] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x2336e50, cb=0x18 | out: lpmodinfo=0x2336e50*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0083.124] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.124] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0083.125] CoTaskMemFree (pv=0x54aee0) [0083.125] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.125] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0083.126] CoTaskMemFree (pv=0x54aee0) [0083.126] CloseHandle (hObject=0x25c) returned 1 [0083.126] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0083.126] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x144) returned 0x25c [0083.126] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2339628, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2339628, lpcbNeeded=0x14ef68) returned 1 [0083.132] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2339840, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x2339840, lpcbNeeded=0x14ef68) returned 1 [0083.139] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpmodinfo=0x2339cb0, cb=0x18 | out: lpmodinfo=0x2339cb0*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0083.139] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.139] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0083.140] CoTaskMemFree (pv=0x54aee0) [0083.140] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.140] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0083.140] CoTaskMemFree (pv=0x54aee0) [0083.140] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x233be90, cb=0x18 | out: lpmodinfo=0x233be90*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0083.141] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.141] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0083.141] CoTaskMemFree (pv=0x54aee0) [0083.141] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.141] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0083.144] CoTaskMemFree (pv=0x54aee0) [0083.144] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x233e038, cb=0x18 | out: lpmodinfo=0x233e038*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0083.144] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.144] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0083.145] CoTaskMemFree (pv=0x54aee0) [0083.145] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.145] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0083.146] CoTaskMemFree (pv=0x54aee0) [0083.146] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x23401f0, cb=0x18 | out: lpmodinfo=0x23401f0*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0083.146] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.146] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0083.147] CoTaskMemFree (pv=0x54aee0) [0083.147] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.147] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0083.148] CoTaskMemFree (pv=0x54aee0) [0083.148] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x23423a8, cb=0x18 | out: lpmodinfo=0x23423a8*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0083.148] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.148] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0083.149] CoTaskMemFree (pv=0x54aee0) [0083.149] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.149] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0083.150] CoTaskMemFree (pv=0x54aee0) [0083.150] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x23445a8, cb=0x18 | out: lpmodinfo=0x23445a8*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0083.151] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.151] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0083.152] CoTaskMemFree (pv=0x54aee0) [0083.152] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.152] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0083.153] CoTaskMemFree (pv=0x54aee0) [0083.153] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b760000, lpmodinfo=0x2346750, cb=0x18 | out: lpmodinfo=0x2346750*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0083.153] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.153] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0083.154] CoTaskMemFree (pv=0x54aee0) [0083.154] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.154] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0083.155] CoTaskMemFree (pv=0x54aee0) [0083.155] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x2348908, cb=0x18 | out: lpmodinfo=0x2348908*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0083.156] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.156] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0083.157] CoTaskMemFree (pv=0x54aee0) [0083.157] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.157] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0083.158] CoTaskMemFree (pv=0x54aee0) [0083.158] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x234aab0, cb=0x18 | out: lpmodinfo=0x234aab0*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0083.159] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.159] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0083.160] CoTaskMemFree (pv=0x54aee0) [0083.160] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.160] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0083.162] CoTaskMemFree (pv=0x54aee0) [0083.162] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x234ccf0, cb=0x18 | out: lpmodinfo=0x234ccf0*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0083.163] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.163] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0083.164] CoTaskMemFree (pv=0x54aee0) [0083.164] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.164] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0083.165] CoTaskMemFree (pv=0x54aee0) [0083.165] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x234eec8, cb=0x18 | out: lpmodinfo=0x234eec8*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0083.167] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.167] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0083.168] CoTaskMemFree (pv=0x54aee0) [0083.168] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.168] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0083.169] CoTaskMemFree (pv=0x54aee0) [0083.169] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x2351090, cb=0x18 | out: lpmodinfo=0x2351090*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0083.171] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.171] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0083.172] CoTaskMemFree (pv=0x54aee0) [0083.172] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.172] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0083.174] CoTaskMemFree (pv=0x54aee0) [0083.174] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x2353238, cb=0x18 | out: lpmodinfo=0x2353238*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0083.175] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.175] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0083.177] CoTaskMemFree (pv=0x54aee0) [0083.177] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.177] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0083.178] CoTaskMemFree (pv=0x54aee0) [0083.178] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x23553e0, cb=0x18 | out: lpmodinfo=0x23553e0*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0083.182] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.182] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0083.183] CoTaskMemFree (pv=0x54aee0) [0083.183] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.183] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0083.185] CoTaskMemFree (pv=0x54aee0) [0083.185] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x2357598, cb=0x18 | out: lpmodinfo=0x2357598*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0083.186] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.186] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0083.188] CoTaskMemFree (pv=0x54aee0) [0083.188] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.188] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0083.190] CoTaskMemFree (pv=0x54aee0) [0083.190] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878180000, lpmodinfo=0x2359750, cb=0x18 | out: lpmodinfo=0x2359750*(lpBaseOfDll=0x7ff878180000, SizeOfImage=0xa1000, EntryPoint=0x7ff878183db0)) returned 1 [0083.191] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.191] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878180000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="PortableDeviceApi.dll") returned 0x15 [0083.193] CoTaskMemFree (pv=0x54aee0) [0083.193] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.193] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878180000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll")) returned 0x29 [0083.195] CoTaskMemFree (pv=0x54aee0) [0083.195] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x235b928, cb=0x18 | out: lpmodinfo=0x235b928*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0083.196] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.196] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0083.198] CoTaskMemFree (pv=0x54aee0) [0083.198] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.198] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0083.200] CoTaskMemFree (pv=0x54aee0) [0083.200] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpmodinfo=0x235dbe8, cb=0x18 | out: lpmodinfo=0x235dbe8*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0083.202] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.202] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0083.204] CoTaskMemFree (pv=0x54aee0) [0083.204] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.204] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0083.206] CoTaskMemFree (pv=0x54aee0) [0083.206] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87efb0000, lpmodinfo=0x235fd90, cb=0x18 | out: lpmodinfo=0x235fd90*(lpBaseOfDll=0x7ff87efb0000, SizeOfImage=0x429000, EntryPoint=0x7ff87efd8740)) returned 1 [0083.207] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.207] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87efb0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0083.209] CoTaskMemFree (pv=0x54aee0) [0083.209] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.210] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87efb0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0083.212] CoTaskMemFree (pv=0x54aee0) [0083.212] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpmodinfo=0x2361f48, cb=0x18 | out: lpmodinfo=0x2361f48*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0083.220] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.220] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0083.225] CoTaskMemFree (pv=0x54aee0) [0083.225] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.225] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0083.227] CoTaskMemFree (pv=0x54aee0) [0083.227] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878160000, lpmodinfo=0x23640f0, cb=0x18 | out: lpmodinfo=0x23640f0*(lpBaseOfDll=0x7ff878160000, SizeOfImage=0x17000, EntryPoint=0x7ff8781625d0)) returned 1 [0083.229] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.229] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878160000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="portabledeviceconnectapi.dll") returned 0x1c [0083.231] CoTaskMemFree (pv=0x54aee0) [0083.231] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.231] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878160000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\portabledeviceconnectapi.dll" (normalized: "c:\\windows\\system32\\portabledeviceconnectapi.dll")) returned 0x30 [0083.233] CoTaskMemFree (pv=0x54aee0) [0083.233] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d340000, lpmodinfo=0x23662e8, cb=0x18 | out: lpmodinfo=0x23662e8*(lpBaseOfDll=0x7ff87d340000, SizeOfImage=0x55000, EntryPoint=0x7ff87d357970)) returned 1 [0083.236] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.236] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d340000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0083.238] CoTaskMemFree (pv=0x54aee0) [0083.238] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.238] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d340000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0083.242] CoTaskMemFree (pv=0x54aee0) [0083.242] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpmodinfo=0x23684a0, cb=0x18 | out: lpmodinfo=0x23684a0*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0083.244] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.244] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0083.246] CoTaskMemFree (pv=0x54aee0) [0083.246] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.246] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0083.248] CoTaskMemFree (pv=0x54aee0) [0083.248] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d170000, lpmodinfo=0x236a648, cb=0x18 | out: lpmodinfo=0x236a648*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0083.251] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.251] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0083.253] CoTaskMemFree (pv=0x54aee0) [0083.253] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.253] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0083.255] CoTaskMemFree (pv=0x54aee0) [0083.255] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x236c7f0, cb=0x18 | out: lpmodinfo=0x236c7f0*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0083.258] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.258] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0083.260] CoTaskMemFree (pv=0x54aee0) [0083.260] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.260] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0083.269] CoTaskMemFree (pv=0x54aee0) [0083.269] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878100000, lpmodinfo=0x236e9a8, cb=0x18 | out: lpmodinfo=0x236e9a8*(lpBaseOfDll=0x7ff878100000, SizeOfImage=0x4a000, EntryPoint=0x7ff878111450)) returned 1 [0083.271] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.271] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878100000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="audioendpointbuilder.dll") returned 0x18 [0083.274] CoTaskMemFree (pv=0x54aee0) [0083.274] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.274] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878100000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\audioendpointbuilder.dll" (normalized: "c:\\windows\\system32\\audioendpointbuilder.dll")) returned 0x2c [0083.276] CoTaskMemFree (pv=0x54aee0) [0083.276] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x2370b90, cb=0x18 | out: lpmodinfo=0x2370b90*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0083.278] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.279] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0083.281] CoTaskMemFree (pv=0x54aee0) [0083.281] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.281] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0083.284] CoTaskMemFree (pv=0x54aee0) [0083.284] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878090000, lpmodinfo=0x2372d38, cb=0x18 | out: lpmodinfo=0x2372d38*(lpBaseOfDll=0x7ff878090000, SizeOfImage=0x70000, EntryPoint=0x7ff8780b2960)) returned 1 [0083.286] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.286] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878090000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="MMDevAPI.DLL") returned 0xc [0083.289] CoTaskMemFree (pv=0x54aee0) [0083.289] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.289] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878090000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\MMDevAPI.DLL" (normalized: "c:\\windows\\system32\\mmdevapi.dll")) returned 0x20 [0083.292] CoTaskMemFree (pv=0x54aee0) [0083.292] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpmodinfo=0x2374ef0, cb=0x18 | out: lpmodinfo=0x2374ef0*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0083.294] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.294] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0083.297] CoTaskMemFree (pv=0x54aee0) [0083.297] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.297] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0083.300] CoTaskMemFree (pv=0x54aee0) [0083.300] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x2377098, cb=0x18 | out: lpmodinfo=0x2377098*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0083.305] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.305] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0083.308] CoTaskMemFree (pv=0x54aee0) [0083.308] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.308] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0083.311] CoTaskMemFree (pv=0x54aee0) [0083.311] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x2379250, cb=0x18 | out: lpmodinfo=0x2379250*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0083.314] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.314] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0083.317] CoTaskMemFree (pv=0x54aee0) [0083.317] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.317] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0083.320] CoTaskMemFree (pv=0x54aee0) [0083.320] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpmodinfo=0x237b3f8, cb=0x18 | out: lpmodinfo=0x237b3f8*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0083.323] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.323] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0083.326] CoTaskMemFree (pv=0x54aee0) [0083.326] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.326] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0083.329] CoTaskMemFree (pv=0x54aee0) [0083.329] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpmodinfo=0x237d5b0, cb=0x18 | out: lpmodinfo=0x237d5b0*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0083.332] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.332] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0083.335] CoTaskMemFree (pv=0x54aee0) [0083.335] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.335] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0083.338] CoTaskMemFree (pv=0x54aee0) [0083.338] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874d40000, lpmodinfo=0x237f970, cb=0x18 | out: lpmodinfo=0x237f970*(lpBaseOfDll=0x7ff874d40000, SizeOfImage=0x1e000, EntryPoint=0x7ff874d43ce0)) returned 1 [0083.343] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.343] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874d40000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wudfsvc.dll") returned 0xb [0083.346] CoTaskMemFree (pv=0x54aee0) [0083.346] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.346] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874d40000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wudfsvc.dll" (normalized: "c:\\windows\\system32\\wudfsvc.dll")) returned 0x1f [0083.349] CoTaskMemFree (pv=0x54aee0) [0083.349] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874d00000, lpmodinfo=0x2381b18, cb=0x18 | out: lpmodinfo=0x2381b18*(lpBaseOfDll=0x7ff874d00000, SizeOfImage=0x36000, EntryPoint=0x7ff874d086d0)) returned 1 [0083.354] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.354] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874d00000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="WUDFPlatform.dll") returned 0x10 [0083.373] CoTaskMemFree (pv=0x54aee0) [0083.373] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.373] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874d00000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WUDFPlatform.dll" (normalized: "c:\\windows\\system32\\wudfplatform.dll")) returned 0x24 [0083.376] CoTaskMemFree (pv=0x54aee0) [0083.376] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x2383ce0, cb=0x18 | out: lpmodinfo=0x2383ce0*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0083.379] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.379] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0083.382] CoTaskMemFree (pv=0x54aee0) [0083.382] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.383] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0083.386] CoTaskMemFree (pv=0x54aee0) [0083.386] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870b60000, lpmodinfo=0x2385e88, cb=0x18 | out: lpmodinfo=0x2385e88*(lpBaseOfDll=0x7ff870b60000, SizeOfImage=0x10e000, EntryPoint=0x7ff870bc7960)) returned 1 [0083.389] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.389] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870b60000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="sysmain.dll") returned 0xb [0083.393] CoTaskMemFree (pv=0x54aee0) [0083.393] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.393] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870b60000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\sysmain.dll" (normalized: "c:\\windows\\system32\\sysmain.dll")) returned 0x1f [0083.402] CoTaskMemFree (pv=0x54aee0) [0083.402] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870ab0000, lpmodinfo=0x2388030, cb=0x18 | out: lpmodinfo=0x2388030*(lpBaseOfDll=0x7ff870ab0000, SizeOfImage=0x85000, EntryPoint=0x7ff870ac9a10)) returned 1 [0083.405] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.405] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870ab0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="pcasvc.dll") returned 0xa [0083.408] CoTaskMemFree (pv=0x54aee0) [0083.408] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.408] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870ab0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\pcasvc.dll" (normalized: "c:\\windows\\system32\\pcasvc.dll")) returned 0x1e [0083.412] CoTaskMemFree (pv=0x54aee0) [0083.412] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87aa90000, lpmodinfo=0x238a1d8, cb=0x18 | out: lpmodinfo=0x238a1d8*(lpBaseOfDll=0x7ff87aa90000, SizeOfImage=0x79000, EntryPoint=0x7ff87aaafb90)) returned 1 [0083.415] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.415] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87aa90000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0083.419] CoTaskMemFree (pv=0x54aee0) [0083.419] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.419] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87aa90000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0083.422] CoTaskMemFree (pv=0x54aee0) [0083.422] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpmodinfo=0x238c380, cb=0x18 | out: lpmodinfo=0x238c380*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0083.426] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.426] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0083.431] CoTaskMemFree (pv=0x54aee0) [0083.431] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.431] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0083.437] CoTaskMemFree (pv=0x54aee0) [0083.437] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x238e528, cb=0x18 | out: lpmodinfo=0x238e528*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0083.442] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.442] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0083.446] CoTaskMemFree (pv=0x54aee0) [0083.446] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.446] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0083.450] CoTaskMemFree (pv=0x54aee0) [0083.450] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870a80000, lpmodinfo=0x23906d0, cb=0x18 | out: lpmodinfo=0x23906d0*(lpBaseOfDll=0x7ff870a80000, SizeOfImage=0x22000, EntryPoint=0x7ff870a8adf0)) returned 1 [0083.454] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.454] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870a80000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="trkwks.dll") returned 0xa [0083.457] CoTaskMemFree (pv=0x54aee0) [0083.457] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.457] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870a80000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\trkwks.dll" (normalized: "c:\\windows\\system32\\trkwks.dll")) returned 0x1e [0083.461] CoTaskMemFree (pv=0x54aee0) [0083.461] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpmodinfo=0x2392878, cb=0x18 | out: lpmodinfo=0x2392878*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0083.465] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.465] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0083.469] CoTaskMemFree (pv=0x54aee0) [0083.469] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.469] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0083.475] CoTaskMemFree (pv=0x54aee0) [0083.475] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878150000, lpmodinfo=0x2394a20, cb=0x18 | out: lpmodinfo=0x2394a20*(lpBaseOfDll=0x7ff878150000, SizeOfImage=0xc000, EntryPoint=0x7ff878152830)) returned 1 [0083.479] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.479] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878150000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="bi.dll") returned 0x6 [0083.483] CoTaskMemFree (pv=0x54aee0) [0083.483] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.483] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878150000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")) returned 0x1a [0083.487] CoTaskMemFree (pv=0x54aee0) [0083.487] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f460000, lpmodinfo=0x2396bb8, cb=0x18 | out: lpmodinfo=0x2396bb8*(lpBaseOfDll=0x7ff86f460000, SizeOfImage=0xb000, EntryPoint=0x7ff86f461e70)) returned 1 [0083.491] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.491] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f460000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="SystemEventsBrokerClient.dll") returned 0x1c [0083.495] CoTaskMemFree (pv=0x54aee0) [0083.495] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.495] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f460000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\systemeventsbrokerclient.dll")) returned 0x30 [0083.499] CoTaskMemFree (pv=0x54aee0) [0083.499] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c430000, lpmodinfo=0x2398db0, cb=0x18 | out: lpmodinfo=0x2398db0*(lpBaseOfDll=0x7ff86c430000, SizeOfImage=0x58000, EntryPoint=0x7ff86c447f80)) returned 1 [0083.503] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.503] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c430000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ncbservice.dll") returned 0xe [0083.507] CoTaskMemFree (pv=0x54aee0) [0083.507] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.507] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c430000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ncbservice.dll" (normalized: "c:\\windows\\system32\\ncbservice.dll")) returned 0x22 [0083.516] CoTaskMemFree (pv=0x54aee0) [0083.516] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpmodinfo=0x239af68, cb=0x18 | out: lpmodinfo=0x239af68*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0083.520] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.520] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0083.525] CoTaskMemFree (pv=0x54aee0) [0083.525] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.525] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0083.529] CoTaskMemFree (pv=0x54aee0) [0083.529] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpmodinfo=0x239d110, cb=0x18 | out: lpmodinfo=0x239d110*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0083.533] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.533] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0083.538] CoTaskMemFree (pv=0x54aee0) [0083.538] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.538] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0083.543] CoTaskMemFree (pv=0x54aee0) [0083.543] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875480000, lpmodinfo=0x239f2a8, cb=0x18 | out: lpmodinfo=0x239f2a8*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0083.548] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.548] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875480000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0083.554] CoTaskMemFree (pv=0x54aee0) [0083.554] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.554] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875480000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0083.559] CoTaskMemFree (pv=0x54aee0) [0083.559] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ae70000, lpmodinfo=0x23a1460, cb=0x18 | out: lpmodinfo=0x23a1460*(lpBaseOfDll=0x7ff87ae70000, SizeOfImage=0x40000, EntryPoint=0x7ff87ae81960)) returned 1 [0083.564] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.564] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ae70000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="BrokerLib.dll") returned 0xd [0083.568] CoTaskMemFree (pv=0x54aee0) [0083.568] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.568] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ae70000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")) returned 0x21 [0083.573] CoTaskMemFree (pv=0x54aee0) [0083.573] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872410000, lpmodinfo=0x23a3618, cb=0x18 | out: lpmodinfo=0x23a3618*(lpBaseOfDll=0x7ff872410000, SizeOfImage=0x9000, EntryPoint=0x7ff8724121d0)) returned 1 [0083.577] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.577] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872410000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="httpprxc.dll") returned 0xc [0083.582] CoTaskMemFree (pv=0x54aee0) [0083.582] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.582] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872410000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll")) returned 0x20 [0083.587] CoTaskMemFree (pv=0x54aee0) [0083.587] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87be90000, lpmodinfo=0x23a57d0, cb=0x18 | out: lpmodinfo=0x23a57d0*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0083.599] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.599] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0083.603] CoTaskMemFree (pv=0x54aee0) [0083.603] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.603] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0083.608] CoTaskMemFree (pv=0x54aee0) [0083.608] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873f90000, lpmodinfo=0x23a7978, cb=0x18 | out: lpmodinfo=0x23a7978*(lpBaseOfDll=0x7ff873f90000, SizeOfImage=0x44000, EntryPoint=0x7ff873f9c010)) returned 1 [0083.612] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.612] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873f90000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="execmodelclient.dll") returned 0x13 [0083.617] CoTaskMemFree (pv=0x54aee0) [0083.617] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.617] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873f90000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\execmodelclient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")) returned 0x27 [0083.622] CoTaskMemFree (pv=0x54aee0) [0083.622] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpmodinfo=0x23a9b40, cb=0x18 | out: lpmodinfo=0x23a9b40*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0083.627] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.627] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="CoreMessaging.dll") returned 0x11 [0083.641] CoTaskMemFree (pv=0x54aee0) [0083.641] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.642] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0083.648] CoTaskMemFree (pv=0x54aee0) [0083.648] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8727c0000, lpmodinfo=0x23abd08, cb=0x18 | out: lpmodinfo=0x23abd08*(lpBaseOfDll=0x7ff8727c0000, SizeOfImage=0x40000, EntryPoint=0x7ff8727d6c60)) returned 1 [0083.653] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.653] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8727c0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0083.658] CoTaskMemFree (pv=0x54aee0) [0083.658] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.658] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8727c0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0083.663] CoTaskMemFree (pv=0x54aee0) [0083.663] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874a90000, lpmodinfo=0x23adec0, cb=0x18 | out: lpmodinfo=0x23adec0*(lpBaseOfDll=0x7ff874a90000, SizeOfImage=0xe000, EntryPoint=0x7ff874a91460)) returned 1 [0083.668] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.668] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874a90000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0083.672] CoTaskMemFree (pv=0x54aee0) [0083.672] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.672] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874a90000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0083.795] CoTaskMemFree (pv=0x54aee0) [0083.795] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878230000, lpmodinfo=0x23b0078, cb=0x18 | out: lpmodinfo=0x23b0078*(lpBaseOfDll=0x7ff878230000, SizeOfImage=0xbf000, EntryPoint=0x7ff878251c50)) returned 1 [0083.800] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.800] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878230000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0083.805] CoTaskMemFree (pv=0x54aee0) [0083.805] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.805] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878230000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0083.810] CoTaskMemFree (pv=0x54aee0) [0083.810] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpmodinfo=0x23b2230, cb=0x18 | out: lpmodinfo=0x23b2230*(lpBaseOfDll=0x7ff878ff0000, SizeOfImage=0x36000, EntryPoint=0x7ff879000070)) returned 1 [0083.815] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.815] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0083.820] CoTaskMemFree (pv=0x54aee0) [0083.821] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.821] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0083.826] CoTaskMemFree (pv=0x54aee0) [0083.826] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpmodinfo=0x23b43d8, cb=0x18 | out: lpmodinfo=0x23b43d8*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0083.833] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.833] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0083.838] CoTaskMemFree (pv=0x54aee0) [0083.838] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.838] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0083.843] CoTaskMemFree (pv=0x54aee0) [0083.843] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f5d0000, lpmodinfo=0x23b6580, cb=0x18 | out: lpmodinfo=0x23b6580*(lpBaseOfDll=0x7ff87f5d0000, SizeOfImage=0x6f000, EntryPoint=0x7ff87f5f5f70)) returned 1 [0083.850] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.850] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f5d0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="coml2.dll") returned 0x9 [0083.855] CoTaskMemFree (pv=0x54aee0) [0083.855] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.855] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f5d0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll")) returned 0x1d [0083.861] CoTaskMemFree (pv=0x54aee0) [0083.861] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879c90000, lpmodinfo=0x23b8728, cb=0x18 | out: lpmodinfo=0x23b8728*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0083.866] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.866] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0083.886] CoTaskMemFree (pv=0x54aee0) [0083.886] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.886] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0083.892] CoTaskMemFree (pv=0x54aee0) [0083.892] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870b40000, lpmodinfo=0x23ba8e0, cb=0x18 | out: lpmodinfo=0x23ba8e0*(lpBaseOfDll=0x7ff870b40000, SizeOfImage=0x1d000, EntryPoint=0x7ff870b46190)) returned 1 [0083.898] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.898] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870b40000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wdi.dll") returned 0x7 [0083.903] CoTaskMemFree (pv=0x54aee0) [0083.903] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.903] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870b40000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll")) returned 0x1b [0083.909] CoTaskMemFree (pv=0x54aee0) [0083.909] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874fb0000, lpmodinfo=0x23bca78, cb=0x18 | out: lpmodinfo=0x23bca78*(lpBaseOfDll=0x7ff874fb0000, SizeOfImage=0x10000, EntryPoint=0x7ff874fb1ec0)) returned 1 [0083.914] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.914] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874fb0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="pcadm.dll") returned 0x9 [0083.925] CoTaskMemFree (pv=0x54aee0) [0083.925] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.925] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874fb0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pcadm.dll" (normalized: "c:\\windows\\system32\\pcadm.dll")) returned 0x1d [0083.931] CoTaskMemFree (pv=0x54aee0) [0083.931] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f070000, lpmodinfo=0x23bec20, cb=0x18 | out: lpmodinfo=0x23bec20*(lpBaseOfDll=0x7ff86f070000, SizeOfImage=0x10000, EntryPoint=0x7ff86f073d50)) returned 1 [0083.936] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.936] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f070000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="pcacli.dll") returned 0xa [0083.942] CoTaskMemFree (pv=0x54aee0) [0083.942] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.942] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f070000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pcacli.dll" (normalized: "c:\\windows\\system32\\pcacli.dll")) returned 0x1e [0083.949] CoTaskMemFree (pv=0x54aee0) [0083.949] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874540000, lpmodinfo=0x23c0dc8, cb=0x18 | out: lpmodinfo=0x23c0dc8*(lpBaseOfDll=0x7ff874540000, SizeOfImage=0x1b000, EntryPoint=0x7ff874541040)) returned 1 [0083.954] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.954] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874540000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="MPR.dll") returned 0x7 [0083.966] CoTaskMemFree (pv=0x54aee0) [0083.966] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.966] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874540000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MPR.dll" (normalized: "c:\\windows\\system32\\mpr.dll")) returned 0x1b [0083.971] CoTaskMemFree (pv=0x54aee0) [0083.971] CloseHandle (hObject=0x25c) returned 1 [0083.974] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0083.974] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe58) returned 0x0 [0083.974] EnumProcesses (in: lpidProcess=0x23c4de0, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x23c4de0, lpcbNeeded=0x14ee58) returned 1 [0083.985] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x14eab0, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0083.988] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10a4) returned 0x25c [0083.988] EnumProcessModules (in: hProcess=0x25c, lphModule=0x23c5b10, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23c5b10, lpcbNeeded=0x14ef68) returned 1 [0083.988] GetModuleInformation (in: hProcess=0x25c, hModule=0xa0000, lpmodinfo=0x23c5d80, cb=0x18 | out: lpmodinfo=0x23c5d80*(lpBaseOfDll=0xa0000, SizeOfImage=0x17000, EntryPoint=0xa14a1)) returned 1 [0083.989] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.990] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xa0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="skype.exe") returned 0x9 [0083.990] CoTaskMemFree (pv=0x54aee0) [0083.990] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.990] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xa0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Uninstall Information\\skype.exe" (normalized: "c:\\program files\\uninstall information\\skype.exe")) returned 0x30 [0083.991] CoTaskMemFree (pv=0x54aee0) [0083.991] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x23c7f88, cb=0x18 | out: lpmodinfo=0x23c7f88*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0083.991] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.991] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0083.992] CoTaskMemFree (pv=0x54aee0) [0083.992] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.992] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0083.992] CoTaskMemFree (pv=0x54aee0) [0083.992] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x23ca130, cb=0x18 | out: lpmodinfo=0x23ca130*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0083.993] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.993] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0083.993] CoTaskMemFree (pv=0x54aee0) [0083.993] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.993] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0083.994] CoTaskMemFree (pv=0x54aee0) [0083.994] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x23cc2d8, cb=0x18 | out: lpmodinfo=0x23cc2d8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0083.994] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.994] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0083.995] CoTaskMemFree (pv=0x54aee0) [0083.995] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.995] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0083.996] CoTaskMemFree (pv=0x54aee0) [0083.996] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x23ce490, cb=0x18 | out: lpmodinfo=0x23ce490*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0083.997] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.997] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0083.997] CoTaskMemFree (pv=0x54aee0) [0083.997] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0083.997] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0083.998] CoTaskMemFree (pv=0x54aee0) [0083.998] CloseHandle (hObject=0x25c) returned 1 [0083.999] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0083.999] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe4c) returned 0x25c [0083.999] EnumProcessModules (in: hProcess=0x25c, lphModule=0x23d0c68, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23d0c68, lpcbNeeded=0x14ef68) returned 1 [0084.004] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff63a8f0000, lpmodinfo=0x23d0ed8, cb=0x18 | out: lpmodinfo=0x23d0ed8*(lpBaseOfDll=0x7ff63a8f0000, SizeOfImage=0x19000, EntryPoint=0x7ff63a8f59b0)) returned 1 [0084.005] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.005] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff63a8f0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="taskhostw.exe") returned 0xd [0084.005] CoTaskMemFree (pv=0x54aee0) [0084.005] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.005] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff63a8f0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe")) returned 0x21 [0084.006] CoTaskMemFree (pv=0x54aee0) [0084.006] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x23d30c8, cb=0x18 | out: lpmodinfo=0x23d30c8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0084.006] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.006] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0084.007] CoTaskMemFree (pv=0x54aee0) [0084.007] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.007] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0084.007] CoTaskMemFree (pv=0x54aee0) [0084.007] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x23d5270, cb=0x18 | out: lpmodinfo=0x23d5270*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0084.008] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.008] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0084.009] CoTaskMemFree (pv=0x54aee0) [0084.009] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.009] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0084.009] CoTaskMemFree (pv=0x54aee0) [0084.009] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x23d7428, cb=0x18 | out: lpmodinfo=0x23d7428*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0084.010] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.010] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0084.011] CoTaskMemFree (pv=0x54aee0) [0084.011] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.011] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0084.011] CoTaskMemFree (pv=0x54aee0) [0084.011] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x23d95e0, cb=0x18 | out: lpmodinfo=0x23d95e0*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0084.012] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.012] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0084.013] CoTaskMemFree (pv=0x54aee0) [0084.013] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.013] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0084.013] CoTaskMemFree (pv=0x54aee0) [0084.014] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x23db7e0, cb=0x18 | out: lpmodinfo=0x23db7e0*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0084.014] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.014] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0084.015] CoTaskMemFree (pv=0x54aee0) [0084.015] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.015] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0084.016] CoTaskMemFree (pv=0x54aee0) [0084.016] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x23dd988, cb=0x18 | out: lpmodinfo=0x23dd988*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0084.017] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.017] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0084.018] CoTaskMemFree (pv=0x54aee0) [0084.018] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.018] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0084.019] CoTaskMemFree (pv=0x54aee0) [0084.019] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x23dfb30, cb=0x18 | out: lpmodinfo=0x23dfb30*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0084.020] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.020] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0084.021] CoTaskMemFree (pv=0x54aee0) [0084.021] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.021] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0084.022] CoTaskMemFree (pv=0x54aee0) [0084.022] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x23e1d08, cb=0x18 | out: lpmodinfo=0x23e1d08*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0084.023] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.023] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0084.024] CoTaskMemFree (pv=0x54aee0) [0084.024] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.024] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0084.025] CoTaskMemFree (pv=0x54aee0) [0084.025] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x23e3f58, cb=0x18 | out: lpmodinfo=0x23e3f58*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0084.026] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.026] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0084.028] CoTaskMemFree (pv=0x54aee0) [0084.028] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.028] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0084.029] CoTaskMemFree (pv=0x54aee0) [0084.029] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x23e6120, cb=0x18 | out: lpmodinfo=0x23e6120*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0084.030] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.030] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0084.031] CoTaskMemFree (pv=0x54aee0) [0084.031] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.031] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0084.033] CoTaskMemFree (pv=0x54aee0) [0084.033] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x23e82c8, cb=0x18 | out: lpmodinfo=0x23e82c8*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0084.034] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.034] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0084.035] CoTaskMemFree (pv=0x54aee0) [0084.035] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.035] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0084.036] CoTaskMemFree (pv=0x54aee0) [0084.036] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x23ea470, cb=0x18 | out: lpmodinfo=0x23ea470*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0084.038] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.038] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0084.043] CoTaskMemFree (pv=0x54aee0) [0084.043] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.043] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0084.045] CoTaskMemFree (pv=0x54aee0) [0084.045] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x23ec618, cb=0x18 | out: lpmodinfo=0x23ec618*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0084.046] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.046] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0084.049] CoTaskMemFree (pv=0x54aee0) [0084.049] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.049] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0084.051] CoTaskMemFree (pv=0x54aee0) [0084.051] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff867d00000, lpmodinfo=0x23ee7c0, cb=0x18 | out: lpmodinfo=0x23ee7c0*(lpBaseOfDll=0x7ff867d00000, SizeOfImage=0x1f000, EntryPoint=0x7ff867d0dde0)) returned 1 [0084.052] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.052] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff867d00000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="DeviceDirectoryClient.dll") returned 0x19 [0084.054] CoTaskMemFree (pv=0x54aee0) [0084.054] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.054] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff867d00000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DeviceDirectoryClient.dll" (normalized: "c:\\windows\\system32\\devicedirectoryclient.dll")) returned 0x2d [0084.055] CoTaskMemFree (pv=0x54aee0) [0084.055] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x23f09a8, cb=0x18 | out: lpmodinfo=0x23f09a8*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0084.057] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.057] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0084.059] CoTaskMemFree (pv=0x54aee0) [0084.059] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.059] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0084.060] CoTaskMemFree (pv=0x54aee0) [0084.060] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x23f2b60, cb=0x18 | out: lpmodinfo=0x23f2b60*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0084.062] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.062] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0084.064] CoTaskMemFree (pv=0x54aee0) [0084.064] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.064] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0084.065] CoTaskMemFree (pv=0x54aee0) [0084.065] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff863b90000, lpmodinfo=0x23f4e30, cb=0x18 | out: lpmodinfo=0x23f4e30*(lpBaseOfDll=0x7ff863b90000, SizeOfImage=0x29000, EntryPoint=0x7ff863ba3560)) returned 1 [0084.067] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.067] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff863b90000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="MdmCommon.DLL") returned 0xd [0084.069] CoTaskMemFree (pv=0x54aee0) [0084.069] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.069] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff863b90000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MdmCommon.DLL" (normalized: "c:\\windows\\system32\\mdmcommon.dll")) returned 0x21 [0084.071] CoTaskMemFree (pv=0x54aee0) [0084.071] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875a10000, lpmodinfo=0x23f6fe8, cb=0x18 | out: lpmodinfo=0x23f6fe8*(lpBaseOfDll=0x7ff875a10000, SizeOfImage=0x19000, EntryPoint=0x7ff875a14520)) returned 1 [0084.072] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.072] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875a10000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="samcli.dll") returned 0xa [0084.074] CoTaskMemFree (pv=0x54aee0) [0084.074] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.074] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875a10000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")) returned 0x1e [0084.076] CoTaskMemFree (pv=0x54aee0) [0084.076] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpmodinfo=0x23f9190, cb=0x18 | out: lpmodinfo=0x23f9190*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0084.078] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.078] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0084.082] CoTaskMemFree (pv=0x54aee0) [0084.082] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.082] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0084.084] CoTaskMemFree (pv=0x54aee0) [0084.084] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpmodinfo=0x23fb348, cb=0x18 | out: lpmodinfo=0x23fb348*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0084.086] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.086] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0084.088] CoTaskMemFree (pv=0x54aee0) [0084.088] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.088] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0084.090] CoTaskMemFree (pv=0x54aee0) [0084.090] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d170000, lpmodinfo=0x23fd4f0, cb=0x18 | out: lpmodinfo=0x23fd4f0*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0084.092] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.092] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0084.094] CoTaskMemFree (pv=0x54aee0) [0084.094] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.094] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0084.096] CoTaskMemFree (pv=0x54aee0) [0084.096] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpmodinfo=0x23ff698, cb=0x18 | out: lpmodinfo=0x23ff698*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0084.098] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.098] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0084.101] CoTaskMemFree (pv=0x54aee0) [0084.101] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.101] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0084.103] CoTaskMemFree (pv=0x54aee0) [0084.103] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878b20000, lpmodinfo=0x2401840, cb=0x18 | out: lpmodinfo=0x2401840*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0084.105] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.105] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878b20000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="WINHTTP.dll") returned 0xb [0084.107] CoTaskMemFree (pv=0x54aee0) [0084.107] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.107] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878b20000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINHTTP.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0084.110] CoTaskMemFree (pv=0x54aee0) [0084.110] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpmodinfo=0x24039e8, cb=0x18 | out: lpmodinfo=0x24039e8*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0084.112] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.112] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0084.115] CoTaskMemFree (pv=0x54aee0) [0084.115] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.115] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0084.122] CoTaskMemFree (pv=0x54aee0) [0084.122] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86b0b0000, lpmodinfo=0x2405b90, cb=0x18 | out: lpmodinfo=0x2405b90*(lpBaseOfDll=0x7ff86b0b0000, SizeOfImage=0xc5000, EntryPoint=0x7ff86b0be740)) returned 1 [0084.124] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.125] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86b0b0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="Windows.Web.dll") returned 0xf [0084.127] CoTaskMemFree (pv=0x54aee0) [0084.127] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.127] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86b0b0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Web.dll" (normalized: "c:\\windows\\system32\\windows.web.dll")) returned 0x23 [0084.130] CoTaskMemFree (pv=0x54aee0) [0084.130] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x2407d48, cb=0x18 | out: lpmodinfo=0x2407d48*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0084.132] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.132] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0084.135] CoTaskMemFree (pv=0x54aee0) [0084.135] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.135] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0084.138] CoTaskMemFree (pv=0x54aee0) [0084.138] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpmodinfo=0x2409ef0, cb=0x18 | out: lpmodinfo=0x2409ef0*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0084.140] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.141] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0084.143] CoTaskMemFree (pv=0x54aee0) [0084.143] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.143] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0084.146] CoTaskMemFree (pv=0x54aee0) [0084.146] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c760000, lpmodinfo=0x240c0a8, cb=0x18 | out: lpmodinfo=0x240c0a8*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0084.150] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.150] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0084.152] CoTaskMemFree (pv=0x54aee0) [0084.152] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.152] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0084.155] CoTaskMemFree (pv=0x54aee0) [0084.155] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x240e270, cb=0x18 | out: lpmodinfo=0x240e270*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0084.160] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.160] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0084.163] CoTaskMemFree (pv=0x54aee0) [0084.163] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.163] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0084.165] CoTaskMemFree (pv=0x54aee0) [0084.165] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpmodinfo=0x2410428, cb=0x18 | out: lpmodinfo=0x2410428*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0084.168] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.168] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0084.171] CoTaskMemFree (pv=0x54aee0) [0084.171] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.171] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0084.175] CoTaskMemFree (pv=0x54aee0) [0084.175] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x24125d0, cb=0x18 | out: lpmodinfo=0x24125d0*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0084.178] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.178] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0084.181] CoTaskMemFree (pv=0x54aee0) [0084.181] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.181] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0084.184] CoTaskMemFree (pv=0x54aee0) [0084.184] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875450000, lpmodinfo=0x2414778, cb=0x18 | out: lpmodinfo=0x2414778*(lpBaseOfDll=0x7ff875450000, SizeOfImage=0x28000, EntryPoint=0x7ff875458c10)) returned 1 [0084.187] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.187] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875450000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="IDStore.dll") returned 0xb [0084.190] CoTaskMemFree (pv=0x54aee0) [0084.190] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.190] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875450000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll")) returned 0x1f [0084.195] CoTaskMemFree (pv=0x54aee0) [0084.195] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x2416b38, cb=0x18 | out: lpmodinfo=0x2416b38*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0084.198] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.198] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0084.202] CoTaskMemFree (pv=0x54aee0) [0084.202] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.202] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0084.205] CoTaskMemFree (pv=0x54aee0) [0084.205] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87aca0000, lpmodinfo=0x2418ce0, cb=0x18 | out: lpmodinfo=0x2418ce0*(lpBaseOfDll=0x7ff87aca0000, SizeOfImage=0x1c000, EntryPoint=0x7ff87aca37a0)) returned 1 [0084.208] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.208] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87aca0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="SAMLIB.dll") returned 0xa [0084.211] CoTaskMemFree (pv=0x54aee0) [0084.211] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.212] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87aca0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SAMLIB.dll" (normalized: "c:\\windows\\system32\\samlib.dll")) returned 0x1e [0084.222] CoTaskMemFree (pv=0x54aee0) [0084.222] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f430000, lpmodinfo=0x241ae88, cb=0x18 | out: lpmodinfo=0x241ae88*(lpBaseOfDll=0x7ff86f430000, SizeOfImage=0xf000, EntryPoint=0x7ff86f432c50)) returned 1 [0084.225] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.225] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f430000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="dimsjob.dll") returned 0xb [0084.228] CoTaskMemFree (pv=0x54aee0) [0084.229] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.229] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f430000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dimsjob.dll" (normalized: "c:\\windows\\system32\\dimsjob.dll")) returned 0x1f [0084.232] CoTaskMemFree (pv=0x54aee0) [0084.232] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8654a0000, lpmodinfo=0x241d030, cb=0x18 | out: lpmodinfo=0x241d030*(lpBaseOfDll=0x7ff8654a0000, SizeOfImage=0x18000, EntryPoint=0x7ff8654a1b10)) returned 1 [0084.236] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.236] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8654a0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="LocationFrameworkInternalPS.dll") returned 0x1f [0084.251] CoTaskMemFree (pv=0x54aee0) [0084.251] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.251] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8654a0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll")) returned 0x33 [0084.255] CoTaskMemFree (pv=0x54aee0) [0084.255] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878820000, lpmodinfo=0x222ef80, cb=0x18 | out: lpmodinfo=0x222ef80*(lpBaseOfDll=0x7ff878820000, SizeOfImage=0xc000, EntryPoint=0x7ff8788214d0)) returned 1 [0084.258] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.258] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878820000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="LocationFrameworkPS.dll") returned 0x17 [0084.262] CoTaskMemFree (pv=0x54aee0) [0084.262] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.262] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878820000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")) returned 0x2b [0084.265] CoTaskMemFree (pv=0x54aee0) [0084.265] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8727c0000, lpmodinfo=0x2231158, cb=0x18 | out: lpmodinfo=0x2231158*(lpBaseOfDll=0x7ff8727c0000, SizeOfImage=0x40000, EntryPoint=0x7ff8727d6c60)) returned 1 [0084.269] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.269] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8727c0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0084.272] CoTaskMemFree (pv=0x54aee0) [0084.272] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.272] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8727c0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0084.276] CoTaskMemFree (pv=0x54aee0) [0084.276] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874a90000, lpmodinfo=0x2233310, cb=0x18 | out: lpmodinfo=0x2233310*(lpBaseOfDll=0x7ff874a90000, SizeOfImage=0xe000, EntryPoint=0x7ff874a91460)) returned 1 [0084.279] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.279] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874a90000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0084.328] CoTaskMemFree (pv=0x54aee0) [0084.328] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.328] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874a90000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0084.332] CoTaskMemFree (pv=0x54aee0) [0084.332] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff864f90000, lpmodinfo=0x22354c8, cb=0x18 | out: lpmodinfo=0x22354c8*(lpBaseOfDll=0x7ff864f90000, SizeOfImage=0x36000, EntryPoint=0x7ff864fa89f0)) returned 1 [0084.335] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.335] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff864f90000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="Windows.Devices.WiFi.dll") returned 0x18 [0084.339] CoTaskMemFree (pv=0x54aee0) [0084.339] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.339] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff864f90000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Devices.WiFi.dll" (normalized: "c:\\windows\\system32\\windows.devices.wifi.dll")) returned 0x2c [0084.343] CoTaskMemFree (pv=0x54aee0) [0084.343] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878bf0000, lpmodinfo=0x22376b0, cb=0x18 | out: lpmodinfo=0x22376b0*(lpBaseOfDll=0x7ff878bf0000, SizeOfImage=0x61000, EntryPoint=0x7ff878bf4b50)) returned 1 [0084.347] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.347] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878bf0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wlanapi.dll") returned 0xb [0084.350] CoTaskMemFree (pv=0x54aee0) [0084.350] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.350] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878bf0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")) returned 0x1f [0084.355] CoTaskMemFree (pv=0x54aee0) [0084.355] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b380000, lpmodinfo=0x2239858, cb=0x18 | out: lpmodinfo=0x2239858*(lpBaseOfDll=0x7ff87b380000, SizeOfImage=0x2a000, EntryPoint=0x7ff87b388b90)) returned 1 [0084.380] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.380] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b380000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="RMCLIENT.dll") returned 0xc [0084.385] CoTaskMemFree (pv=0x54aee0) [0084.385] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.385] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b380000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RMCLIENT.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")) returned 0x20 [0084.389] CoTaskMemFree (pv=0x54aee0) [0084.389] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8651a0000, lpmodinfo=0x223ba10, cb=0x18 | out: lpmodinfo=0x223ba10*(lpBaseOfDll=0x7ff8651a0000, SizeOfImage=0x14000, EntryPoint=0x7ff8651a2280)) returned 1 [0084.393] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.393] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8651a0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="pautoenr.dll") returned 0xc [0084.397] CoTaskMemFree (pv=0x54aee0) [0084.397] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.397] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8651a0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pautoenr.dll" (normalized: "c:\\windows\\system32\\pautoenr.dll")) returned 0x20 [0084.401] CoTaskMemFree (pv=0x54aee0) [0084.401] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff85f750000, lpmodinfo=0x223dbc8, cb=0x18 | out: lpmodinfo=0x223dbc8*(lpBaseOfDll=0x7ff85f750000, SizeOfImage=0x2cd000, EntryPoint=0x7ff85f756db0)) returned 1 [0084.404] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.404] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff85f750000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="certenroll.dll") returned 0xe [0084.409] CoTaskMemFree (pv=0x54aee0) [0084.409] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.409] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff85f750000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\certenroll.dll" (normalized: "c:\\windows\\system32\\certenroll.dll")) returned 0x22 [0084.413] CoTaskMemFree (pv=0x54aee0) [0084.413] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861660000, lpmodinfo=0x223fd80, cb=0x18 | out: lpmodinfo=0x223fd80*(lpBaseOfDll=0x7ff861660000, SizeOfImage=0xc2000, EntryPoint=0x7ff861668290)) returned 1 [0084.416] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.417] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861660000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="certca.dll") returned 0xa [0084.422] CoTaskMemFree (pv=0x54aee0) [0084.422] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.422] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861660000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\certca.dll" (normalized: "c:\\windows\\system32\\certca.dll")) returned 0x1e [0084.426] CoTaskMemFree (pv=0x54aee0) [0084.426] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f570000, lpmodinfo=0x2241f28, cb=0x18 | out: lpmodinfo=0x2241f28*(lpBaseOfDll=0x7ff87f570000, SizeOfImage=0x5c000, EntryPoint=0x7ff87f58b720)) returned 1 [0084.430] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.430] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f570000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0084.435] CoTaskMemFree (pv=0x54aee0) [0084.435] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.435] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f570000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0084.440] CoTaskMemFree (pv=0x54aee0) [0084.440] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpmodinfo=0x22440d0, cb=0x18 | out: lpmodinfo=0x22440d0*(lpBaseOfDll=0x7ff87bc10000, SizeOfImage=0xa000, EntryPoint=0x7ff87bc11830)) returned 1 [0084.444] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.444] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="DPAPI.DLL") returned 0x9 [0084.448] CoTaskMemFree (pv=0x54aee0) [0084.448] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.448] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DPAPI.DLL" (normalized: "c:\\windows\\system32\\dpapi.dll")) returned 0x1d [0084.453] CoTaskMemFree (pv=0x54aee0) [0084.453] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878df0000, lpmodinfo=0x2246278, cb=0x18 | out: lpmodinfo=0x2246278*(lpBaseOfDll=0x7ff878df0000, SizeOfImage=0x4a000, EntryPoint=0x7ff878dfac30)) returned 1 [0084.462] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.462] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878df0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="deviceaccess.dll") returned 0x10 [0084.467] CoTaskMemFree (pv=0x54aee0) [0084.467] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.467] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878df0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")) returned 0x24 [0084.471] CoTaskMemFree (pv=0x54aee0) [0084.471] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878230000, lpmodinfo=0x2248440, cb=0x18 | out: lpmodinfo=0x2248440*(lpBaseOfDll=0x7ff878230000, SizeOfImage=0xbf000, EntryPoint=0x7ff878251c50)) returned 1 [0084.475] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.475] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878230000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0084.480] CoTaskMemFree (pv=0x54aee0) [0084.480] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.480] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878230000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0084.484] CoTaskMemFree (pv=0x54aee0) [0084.484] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x224a5f8, cb=0x18 | out: lpmodinfo=0x224a5f8*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0084.488] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.489] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0084.493] CoTaskMemFree (pv=0x54aee0) [0084.493] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.493] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0084.511] CoTaskMemFree (pv=0x54aee0) [0084.511] CloseHandle (hObject=0x25c) returned 1 [0084.511] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0084.511] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1164) returned 0x25c [0084.511] EnumProcessModules (in: hProcess=0x25c, lphModule=0x224dd38, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x224dd38, lpcbNeeded=0x14ef68) returned 1 [0084.512] GetModuleInformation (in: hProcess=0x25c, hModule=0x1100000, lpmodinfo=0x224dfa8, cb=0x18 | out: lpmodinfo=0x224dfa8*(lpBaseOfDll=0x1100000, SizeOfImage=0x17000, EntryPoint=0x11014a1)) returned 1 [0084.512] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.512] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x1100000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="fpos.exe") returned 0x8 [0084.513] CoTaskMemFree (pv=0x54aee0) [0084.513] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.513] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x1100000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Mail\\fpos.exe" (normalized: "c:\\program files\\windows mail\\fpos.exe")) returned 0x26 [0084.513] CoTaskMemFree (pv=0x54aee0) [0084.513] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2250198, cb=0x18 | out: lpmodinfo=0x2250198*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0084.514] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.514] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0084.514] CoTaskMemFree (pv=0x54aee0) [0084.514] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.514] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0084.515] CoTaskMemFree (pv=0x54aee0) [0084.515] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2252340, cb=0x18 | out: lpmodinfo=0x2252340*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0084.515] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.515] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0084.516] CoTaskMemFree (pv=0x54aee0) [0084.516] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.516] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0084.517] CoTaskMemFree (pv=0x54aee0) [0084.517] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x22544e8, cb=0x18 | out: lpmodinfo=0x22544e8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0084.517] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.517] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0084.518] CoTaskMemFree (pv=0x54aee0) [0084.518] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.518] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0084.519] CoTaskMemFree (pv=0x54aee0) [0084.519] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x22566a0, cb=0x18 | out: lpmodinfo=0x22566a0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0084.519] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.519] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0084.520] CoTaskMemFree (pv=0x54aee0) [0084.520] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.520] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0084.521] CoTaskMemFree (pv=0x54aee0) [0084.521] CloseHandle (hObject=0x25c) returned 1 [0084.521] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0084.521] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x388) returned 0x25c [0084.521] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2258e78, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2258e78, lpcbNeeded=0x14ef68) returned 1 [0084.525] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpmodinfo=0x22590e8, cb=0x18 | out: lpmodinfo=0x22590e8*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0084.525] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.525] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0084.526] CoTaskMemFree (pv=0x54aee0) [0084.526] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.526] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0084.526] CoTaskMemFree (pv=0x54aee0) [0084.526] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x225b2c8, cb=0x18 | out: lpmodinfo=0x225b2c8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0084.527] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.527] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0084.527] CoTaskMemFree (pv=0x54aee0) [0084.527] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.527] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0084.528] CoTaskMemFree (pv=0x54aee0) [0084.528] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x225d470, cb=0x18 | out: lpmodinfo=0x225d470*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0084.528] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.528] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0084.529] CoTaskMemFree (pv=0x54aee0) [0084.529] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.529] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0084.530] CoTaskMemFree (pv=0x54aee0) [0084.530] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x225f628, cb=0x18 | out: lpmodinfo=0x225f628*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0084.530] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.530] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0084.531] CoTaskMemFree (pv=0x54aee0) [0084.531] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.531] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0084.532] CoTaskMemFree (pv=0x54aee0) [0084.532] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x22617e0, cb=0x18 | out: lpmodinfo=0x22617e0*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0084.532] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.532] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0084.533] CoTaskMemFree (pv=0x54aee0) [0084.533] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.533] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0084.534] CoTaskMemFree (pv=0x54aee0) [0084.534] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x22639e0, cb=0x18 | out: lpmodinfo=0x22639e0*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0084.534] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.534] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0084.535] CoTaskMemFree (pv=0x54aee0) [0084.535] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.535] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0084.536] CoTaskMemFree (pv=0x54aee0) [0084.536] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b760000, lpmodinfo=0x2265b88, cb=0x18 | out: lpmodinfo=0x2265b88*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0084.537] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.537] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0084.538] CoTaskMemFree (pv=0x54aee0) [0084.538] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.538] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0084.539] CoTaskMemFree (pv=0x54aee0) [0084.539] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x2267d40, cb=0x18 | out: lpmodinfo=0x2267d40*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0084.540] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.540] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0084.541] CoTaskMemFree (pv=0x54aee0) [0084.541] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.541] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0084.544] CoTaskMemFree (pv=0x54aee0) [0084.544] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x2269ee8, cb=0x18 | out: lpmodinfo=0x2269ee8*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0084.545] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.545] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0084.547] CoTaskMemFree (pv=0x54aee0) [0084.547] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.547] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0084.548] CoTaskMemFree (pv=0x54aee0) [0084.548] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x226c128, cb=0x18 | out: lpmodinfo=0x226c128*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0084.549] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.549] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0084.550] CoTaskMemFree (pv=0x54aee0) [0084.550] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.550] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0084.552] CoTaskMemFree (pv=0x54aee0) [0084.552] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x226e300, cb=0x18 | out: lpmodinfo=0x226e300*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0084.553] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.553] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0084.554] CoTaskMemFree (pv=0x54aee0) [0084.554] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.554] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0084.555] CoTaskMemFree (pv=0x54aee0) [0084.555] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x22704c8, cb=0x18 | out: lpmodinfo=0x22704c8*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0084.558] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.558] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0084.559] CoTaskMemFree (pv=0x54aee0) [0084.559] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.559] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0084.560] CoTaskMemFree (pv=0x54aee0) [0084.560] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x2272670, cb=0x18 | out: lpmodinfo=0x2272670*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0084.562] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.562] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0084.563] CoTaskMemFree (pv=0x54aee0) [0084.563] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.563] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0084.572] CoTaskMemFree (pv=0x54aee0) [0084.572] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879880000, lpmodinfo=0x2274818, cb=0x18 | out: lpmodinfo=0x2274818*(lpBaseOfDll=0x7ff879880000, SizeOfImage=0x2c000, EntryPoint=0x7ff87988ad60)) returned 1 [0084.574] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.574] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879880000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="timebrokerserver.dll") returned 0x14 [0084.575] CoTaskMemFree (pv=0x54aee0) [0084.575] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.575] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879880000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\timebrokerserver.dll" (normalized: "c:\\windows\\system32\\timebrokerserver.dll")) returned 0x28 [0084.577] CoTaskMemFree (pv=0x54aee0) [0084.577] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x22769f0, cb=0x18 | out: lpmodinfo=0x22769f0*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0084.578] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.578] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0084.580] CoTaskMemFree (pv=0x54aee0) [0084.580] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.580] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0084.582] CoTaskMemFree (pv=0x54aee0) [0084.582] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ae70000, lpmodinfo=0x2278ba8, cb=0x18 | out: lpmodinfo=0x2278ba8*(lpBaseOfDll=0x7ff87ae70000, SizeOfImage=0x40000, EntryPoint=0x7ff87ae81960)) returned 1 [0084.583] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.583] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ae70000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="BrokerLib.dll") returned 0xd [0084.585] CoTaskMemFree (pv=0x54aee0) [0084.585] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.585] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ae70000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")) returned 0x21 [0084.591] CoTaskMemFree (pv=0x54aee0) [0084.591] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878150000, lpmodinfo=0x227ad60, cb=0x18 | out: lpmodinfo=0x227ad60*(lpBaseOfDll=0x7ff878150000, SizeOfImage=0xc000, EntryPoint=0x7ff878152830)) returned 1 [0084.593] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.593] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878150000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="bi.dll") returned 0x6 [0084.594] CoTaskMemFree (pv=0x54aee0) [0084.594] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.594] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878150000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")) returned 0x1a [0084.596] CoTaskMemFree (pv=0x54aee0) [0084.596] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x227d010, cb=0x18 | out: lpmodinfo=0x227d010*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0084.598] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.598] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0084.600] CoTaskMemFree (pv=0x54aee0) [0084.600] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.600] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0084.602] CoTaskMemFree (pv=0x54aee0) [0084.602] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873f90000, lpmodinfo=0x227f1b8, cb=0x18 | out: lpmodinfo=0x227f1b8*(lpBaseOfDll=0x7ff873f90000, SizeOfImage=0x44000, EntryPoint=0x7ff873f9c010)) returned 1 [0084.604] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.604] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873f90000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="execmodelclient.dll") returned 0x13 [0084.605] CoTaskMemFree (pv=0x54aee0) [0084.605] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.605] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873f90000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\execmodelclient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")) returned 0x27 [0084.607] CoTaskMemFree (pv=0x54aee0) [0084.607] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpmodinfo=0x2281380, cb=0x18 | out: lpmodinfo=0x2281380*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0084.609] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.609] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="CoreMessaging.dll") returned 0x11 [0084.611] CoTaskMemFree (pv=0x54aee0) [0084.611] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.611] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0084.613] CoTaskMemFree (pv=0x54aee0) [0084.613] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpmodinfo=0x2283548, cb=0x18 | out: lpmodinfo=0x2283548*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0084.615] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.615] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0084.618] CoTaskMemFree (pv=0x54aee0) [0084.618] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.618] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0084.620] CoTaskMemFree (pv=0x54aee0) [0084.620] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x2285710, cb=0x18 | out: lpmodinfo=0x2285710*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0084.622] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.622] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0084.624] CoTaskMemFree (pv=0x54aee0) [0084.625] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.625] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0084.636] CoTaskMemFree (pv=0x54aee0) [0084.636] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x22878b8, cb=0x18 | out: lpmodinfo=0x22878b8*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0084.638] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.638] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0084.640] CoTaskMemFree (pv=0x54aee0) [0084.640] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.640] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0084.642] CoTaskMemFree (pv=0x54aee0) [0084.642] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8658d0000, lpmodinfo=0x2289a60, cb=0x18 | out: lpmodinfo=0x2289a60*(lpBaseOfDll=0x7ff8658d0000, SizeOfImage=0x41000, EntryPoint=0x7ff8658e1de0)) returned 1 [0084.645] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.645] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8658d0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="ssdpsrv.dll") returned 0xb [0084.647] CoTaskMemFree (pv=0x54aee0) [0084.647] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.647] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8658d0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ssdpsrv.dll" (normalized: "c:\\windows\\system32\\ssdpsrv.dll")) returned 0x1f [0084.649] CoTaskMemFree (pv=0x54aee0) [0084.650] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpmodinfo=0x228bc08, cb=0x18 | out: lpmodinfo=0x228bc08*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0084.652] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.652] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0084.654] CoTaskMemFree (pv=0x54aee0) [0084.654] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.654] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0084.657] CoTaskMemFree (pv=0x54aee0) [0084.657] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpmodinfo=0x228ddb0, cb=0x18 | out: lpmodinfo=0x228ddb0*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0084.659] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.659] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0084.662] CoTaskMemFree (pv=0x54aee0) [0084.662] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.663] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0084.665] CoTaskMemFree (pv=0x54aee0) [0084.665] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87cdb0000, lpmodinfo=0x228ff48, cb=0x18 | out: lpmodinfo=0x228ff48*(lpBaseOfDll=0x7ff87cdb0000, SizeOfImage=0x86000, EntryPoint=0x7ff87cdbd8f0)) returned 1 [0084.667] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.667] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87cdb0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="FirewallAPI.dll") returned 0xf [0084.680] CoTaskMemFree (pv=0x54aee0) [0084.681] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.681] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87cdb0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0084.683] CoTaskMemFree (pv=0x54aee0) [0084.683] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b340000, lpmodinfo=0x2292100, cb=0x18 | out: lpmodinfo=0x2292100*(lpBaseOfDll=0x7ff87b340000, SizeOfImage=0x32000, EntryPoint=0x7ff87b352340)) returned 1 [0084.686] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.686] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b340000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="fwbase.dll") returned 0xa [0084.689] CoTaskMemFree (pv=0x54aee0) [0084.689] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.689] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b340000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")) returned 0x1e [0084.692] CoTaskMemFree (pv=0x54aee0) [0084.692] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875480000, lpmodinfo=0x22942a8, cb=0x18 | out: lpmodinfo=0x22942a8*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0084.694] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.694] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875480000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0084.697] CoTaskMemFree (pv=0x54aee0) [0084.697] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.697] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875480000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0084.700] CoTaskMemFree (pv=0x54aee0) [0084.700] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875270000, lpmodinfo=0x2296460, cb=0x18 | out: lpmodinfo=0x2296460*(lpBaseOfDll=0x7ff875270000, SizeOfImage=0x16000, EntryPoint=0x7ff8752719f0)) returned 1 [0084.703] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.703] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875270000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0084.706] CoTaskMemFree (pv=0x54aee0) [0084.706] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.706] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875270000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0084.709] CoTaskMemFree (pv=0x54aee0) [0084.709] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875250000, lpmodinfo=0x2298618, cb=0x18 | out: lpmodinfo=0x2298618*(lpBaseOfDll=0x7ff875250000, SizeOfImage=0x1a000, EntryPoint=0x7ff875252430)) returned 1 [0084.712] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.712] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875250000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0084.716] CoTaskMemFree (pv=0x54aee0) [0084.717] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.717] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875250000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0084.719] CoTaskMemFree (pv=0x54aee0) [0084.719] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpmodinfo=0x229a7d0, cb=0x18 | out: lpmodinfo=0x229a7d0*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0084.722] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.722] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0084.725] CoTaskMemFree (pv=0x54aee0) [0084.725] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.725] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0084.728] CoTaskMemFree (pv=0x54aee0) [0084.728] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpmodinfo=0x229c978, cb=0x18 | out: lpmodinfo=0x229c978*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0084.731] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.731] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0084.735] CoTaskMemFree (pv=0x54aee0) [0084.735] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.735] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0084.738] CoTaskMemFree (pv=0x54aee0) [0084.738] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c060000, lpmodinfo=0x229ed38, cb=0x18 | out: lpmodinfo=0x229ed38*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0084.741] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.741] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0084.744] CoTaskMemFree (pv=0x54aee0) [0084.744] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.744] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0084.747] CoTaskMemFree (pv=0x54aee0) [0084.747] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87be90000, lpmodinfo=0x22a0ef0, cb=0x18 | out: lpmodinfo=0x22a0ef0*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0084.753] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.753] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0084.756] CoTaskMemFree (pv=0x54aee0) [0084.756] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.756] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0084.760] CoTaskMemFree (pv=0x54aee0) [0084.760] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870fc0000, lpmodinfo=0x22a3098, cb=0x18 | out: lpmodinfo=0x22a3098*(lpBaseOfDll=0x7ff870fc0000, SizeOfImage=0xa000, EntryPoint=0x7ff870fc15c0)) returned 1 [0084.764] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.764] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870fc0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wshqos.dll") returned 0xa [0084.767] CoTaskMemFree (pv=0x54aee0) [0084.767] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.767] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870fc0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll")) returned 0x1e [0084.771] CoTaskMemFree (pv=0x54aee0) [0084.771] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870e00000, lpmodinfo=0x22a5240, cb=0x18 | out: lpmodinfo=0x22a5240*(lpBaseOfDll=0x7ff870e00000, SizeOfImage=0x8000, EntryPoint=0x7ff870e010a0)) returned 1 [0084.774] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.774] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870e00000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wshtcpip.DLL") returned 0xc [0084.778] CoTaskMemFree (pv=0x54aee0) [0084.778] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.778] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870e00000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wshtcpip.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0084.781] CoTaskMemFree (pv=0x54aee0) [0084.781] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870df0000, lpmodinfo=0x22a73f8, cb=0x18 | out: lpmodinfo=0x22a73f8*(lpBaseOfDll=0x7ff870df0000, SizeOfImage=0x8000, EntryPoint=0x7ff870df1ab0)) returned 1 [0084.785] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.785] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870df0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0084.795] CoTaskMemFree (pv=0x54aee0) [0084.795] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.795] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870df0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0084.798] CoTaskMemFree (pv=0x54aee0) [0084.798] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x22a95a0, cb=0x18 | out: lpmodinfo=0x22a95a0*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0084.802] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.802] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="sspicli.dll") returned 0xb [0084.806] CoTaskMemFree (pv=0x54aee0) [0084.806] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.806] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0084.809] CoTaskMemFree (pv=0x54aee0) [0084.809] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpmodinfo=0x22ab748, cb=0x18 | out: lpmodinfo=0x22ab748*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0084.813] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.814] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpBaseName=0x54aee0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0084.818] CoTaskMemFree (pv=0x54aee0) [0084.818] CoTaskMemAlloc (cb=0x804) returned 0x54aee0 [0084.818] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpFilename=0x54aee0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0084.822] CoTaskMemFree (pv=0x54aee0) [0084.822] CloseHandle (hObject=0x25c) returned 1 [0084.823] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0084.823] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x510) returned 0x25c [0084.823] EnumProcessModules (in: hProcess=0x25c, lphModule=0x22aeac0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22aeac0, lpcbNeeded=0x14ef68) returned 1 [0084.827] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpmodinfo=0x22aed30, cb=0x18 | out: lpmodinfo=0x22aed30*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0084.828] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.828] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0084.828] CoTaskMemFree (pv=0x548dc0) [0084.828] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.828] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0084.829] CoTaskMemFree (pv=0x548dc0) [0084.829] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x22b0f10, cb=0x18 | out: lpmodinfo=0x22b0f10*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0084.829] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.829] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0084.830] CoTaskMemFree (pv=0x548dc0) [0084.830] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.830] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0084.840] CoTaskMemFree (pv=0x548dc0) [0084.840] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x22b30b8, cb=0x18 | out: lpmodinfo=0x22b30b8*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0084.841] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.841] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0084.841] CoTaskMemFree (pv=0x548dc0) [0084.841] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.841] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0084.842] CoTaskMemFree (pv=0x548dc0) [0084.842] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x22b5270, cb=0x18 | out: lpmodinfo=0x22b5270*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0084.843] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.843] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0084.844] CoTaskMemFree (pv=0x548dc0) [0084.844] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.844] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0084.844] CoTaskMemFree (pv=0x548dc0) [0084.844] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x22b7428, cb=0x18 | out: lpmodinfo=0x22b7428*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0084.845] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.845] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0084.846] CoTaskMemFree (pv=0x548dc0) [0084.846] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.846] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0084.847] CoTaskMemFree (pv=0x548dc0) [0084.847] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x22b9628, cb=0x18 | out: lpmodinfo=0x22b9628*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0084.848] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.848] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0084.849] CoTaskMemFree (pv=0x548dc0) [0084.849] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.849] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0084.850] CoTaskMemFree (pv=0x548dc0) [0084.850] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b760000, lpmodinfo=0x22bb7d0, cb=0x18 | out: lpmodinfo=0x22bb7d0*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0084.851] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.851] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0084.852] CoTaskMemFree (pv=0x548dc0) [0084.852] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.852] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0084.853] CoTaskMemFree (pv=0x548dc0) [0084.853] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8749d0000, lpmodinfo=0x22bd988, cb=0x18 | out: lpmodinfo=0x22bd988*(lpBaseOfDll=0x7ff8749d0000, SizeOfImage=0x9d000, EntryPoint=0x7ff874a2a1c0)) returned 1 [0084.854] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.854] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8749d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wbiosrvc.dll") returned 0xc [0084.855] CoTaskMemFree (pv=0x548dc0) [0084.855] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.855] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8749d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wbiosrvc.dll" (normalized: "c:\\windows\\system32\\wbiosrvc.dll")) returned 0x20 [0084.856] CoTaskMemFree (pv=0x548dc0) [0084.856] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875860000, lpmodinfo=0x22bfb40, cb=0x18 | out: lpmodinfo=0x22bfb40*(lpBaseOfDll=0x7ff875860000, SizeOfImage=0x93000, EntryPoint=0x7ff875869680)) returned 1 [0084.857] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.857] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875860000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0084.858] CoTaskMemFree (pv=0x548dc0) [0084.858] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.859] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875860000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0084.860] CoTaskMemFree (pv=0x548dc0) [0084.860] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x22c1d90, cb=0x18 | out: lpmodinfo=0x22c1d90*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0084.862] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.862] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0084.864] CoTaskMemFree (pv=0x548dc0) [0084.864] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.864] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0084.865] CoTaskMemFree (pv=0x548dc0) [0084.865] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8749c0000, lpmodinfo=0x22c3f38, cb=0x18 | out: lpmodinfo=0x22c3f38*(lpBaseOfDll=0x7ff8749c0000, SizeOfImage=0xb000, EntryPoint=0x7ff8749c2d60)) returned 1 [0084.866] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.866] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8749c0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="winbioext.dll") returned 0xd [0084.868] CoTaskMemFree (pv=0x548dc0) [0084.868] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.868] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8749c0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winbioext.dll" (normalized: "c:\\windows\\system32\\winbioext.dll")) returned 0x21 [0084.869] CoTaskMemFree (pv=0x548dc0) [0084.869] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8751d0000, lpmodinfo=0x22c60f0, cb=0x18 | out: lpmodinfo=0x22c60f0*(lpBaseOfDll=0x7ff8751d0000, SizeOfImage=0x25000, EntryPoint=0x7ff8751e2c60)) returned 1 [0084.871] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.871] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8751d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="winbio.dll") returned 0xa [0084.873] CoTaskMemFree (pv=0x548dc0) [0084.873] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.873] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8751d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winbio.dll" (normalized: "c:\\windows\\system32\\winbio.dll")) returned 0x1e [0084.874] CoTaskMemFree (pv=0x548dc0) [0084.874] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x22c8298, cb=0x18 | out: lpmodinfo=0x22c8298*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0084.985] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.985] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0084.987] CoTaskMemFree (pv=0x548dc0) [0084.987] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.987] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0084.988] CoTaskMemFree (pv=0x548dc0) [0084.988] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpmodinfo=0x22ca470, cb=0x18 | out: lpmodinfo=0x22ca470*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0084.990] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.990] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0084.991] CoTaskMemFree (pv=0x548dc0) [0084.991] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.991] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0084.993] CoTaskMemFree (pv=0x548dc0) [0084.993] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x22cc618, cb=0x18 | out: lpmodinfo=0x22cc618*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0084.994] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.994] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0084.997] CoTaskMemFree (pv=0x548dc0) [0084.997] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0084.997] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0084.998] CoTaskMemFree (pv=0x548dc0) [0084.998] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x22ce7c0, cb=0x18 | out: lpmodinfo=0x22ce7c0*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0085.000] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.000] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0085.001] CoTaskMemFree (pv=0x548dc0) [0085.001] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.001] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0085.003] CoTaskMemFree (pv=0x548dc0) [0085.003] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8747f0000, lpmodinfo=0x22d0978, cb=0x18 | out: lpmodinfo=0x22d0978*(lpBaseOfDll=0x7ff8747f0000, SizeOfImage=0x40000, EntryPoint=0x7ff874816e20)) returned 1 [0085.005] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.005] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8747f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="FACERECOGNITIONSENSORADAPTER.DLL") returned 0x20 [0085.007] CoTaskMemFree (pv=0x548dc0) [0085.007] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.007] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8747f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\WINBIOPLUGINS\\FACERECOGNITIONSENSORADAPTER.DLL" (normalized: "c:\\windows\\system32\\winbioplugins\\facerecognitionsensoradapter.dll")) returned 0x42 [0085.009] CoTaskMemFree (pv=0x548dc0) [0085.009] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x22d2cb0, cb=0x18 | out: lpmodinfo=0x22d2cb0*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0085.011] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.011] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0085.013] CoTaskMemFree (pv=0x548dc0) [0085.013] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.013] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0085.014] CoTaskMemFree (pv=0x548dc0) [0085.015] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x22d4e58, cb=0x18 | out: lpmodinfo=0x22d4e58*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0085.016] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.016] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0085.018] CoTaskMemFree (pv=0x548dc0) [0085.018] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.018] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0085.047] CoTaskMemFree (pv=0x548dc0) [0085.047] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x22d7000, cb=0x18 | out: lpmodinfo=0x22d7000*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0085.049] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.049] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0085.051] CoTaskMemFree (pv=0x548dc0) [0085.051] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.051] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0085.052] CoTaskMemFree (pv=0x548dc0) [0085.052] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879030000, lpmodinfo=0x22d91a8, cb=0x18 | out: lpmodinfo=0x22d91a8*(lpBaseOfDll=0x7ff879030000, SizeOfImage=0x545000, EntryPoint=0x7ff8791ca450)) returned 1 [0085.054] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.054] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879030000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="d2d1.dll") returned 0x8 [0085.057] CoTaskMemFree (pv=0x548dc0) [0085.057] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.057] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879030000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll")) returned 0x1c [0085.059] CoTaskMemFree (pv=0x548dc0) [0085.059] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874780000, lpmodinfo=0x22db350, cb=0x18 | out: lpmodinfo=0x22db350*(lpBaseOfDll=0x7ff874780000, SizeOfImage=0x63000, EntryPoint=0x7ff8747bc6b0)) returned 1 [0085.061] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.061] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874780000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="FACERECOGNITIONENGINEADAPTER.DLL") returned 0x20 [0085.064] CoTaskMemFree (pv=0x548dc0) [0085.064] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.064] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874780000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\WINBIOPLUGINS\\FACERECOGNITIONENGINEADAPTER.DLL" (normalized: "c:\\windows\\system32\\winbioplugins\\facerecognitionengineadapter.dll")) returned 0x42 [0085.066] CoTaskMemFree (pv=0x548dc0) [0085.066] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874720000, lpmodinfo=0x22dd570, cb=0x18 | out: lpmodinfo=0x22dd570*(lpBaseOfDll=0x7ff874720000, SizeOfImage=0x5f000, EntryPoint=0x7ff87474bce0)) returned 1 [0085.068] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.068] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874720000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="dsreg.dll") returned 0x9 [0085.070] CoTaskMemFree (pv=0x548dc0) [0085.070] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.070] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874720000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dsreg.dll" (normalized: "c:\\windows\\system32\\dsreg.dll")) returned 0x1d [0085.073] CoTaskMemFree (pv=0x548dc0) [0085.073] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d170000, lpmodinfo=0x22df718, cb=0x18 | out: lpmodinfo=0x22df718*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0085.075] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.075] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0085.077] CoTaskMemFree (pv=0x548dc0) [0085.077] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.077] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0085.080] CoTaskMemFree (pv=0x548dc0) [0085.080] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpmodinfo=0x22e18c0, cb=0x18 | out: lpmodinfo=0x22e18c0*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0085.088] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.088] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0085.091] CoTaskMemFree (pv=0x548dc0) [0085.091] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.091] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0085.093] CoTaskMemFree (pv=0x548dc0) [0085.093] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x22e3a68, cb=0x18 | out: lpmodinfo=0x22e3a68*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0085.096] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.096] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0085.098] CoTaskMemFree (pv=0x548dc0) [0085.098] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.098] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0085.100] CoTaskMemFree (pv=0x548dc0) [0085.100] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878b20000, lpmodinfo=0x22e5c20, cb=0x18 | out: lpmodinfo=0x22e5c20*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0085.103] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.103] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878b20000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WINHTTP.dll") returned 0xb [0085.106] CoTaskMemFree (pv=0x548dc0) [0085.106] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.106] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878b20000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINHTTP.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0085.108] CoTaskMemFree (pv=0x548dc0) [0085.108] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x22e7dc8, cb=0x18 | out: lpmodinfo=0x22e7dc8*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0085.111] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.111] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0085.113] CoTaskMemFree (pv=0x548dc0) [0085.113] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.113] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0085.116] CoTaskMemFree (pv=0x548dc0) [0085.116] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpmodinfo=0x22e9f70, cb=0x18 | out: lpmodinfo=0x22e9f70*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0085.119] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.119] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0085.121] CoTaskMemFree (pv=0x548dc0) [0085.121] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.121] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0085.126] CoTaskMemFree (pv=0x548dc0) [0085.126] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875230000, lpmodinfo=0x22ec128, cb=0x18 | out: lpmodinfo=0x22ec128*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff875231b60)) returned 1 [0085.128] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.129] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875230000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0085.131] CoTaskMemFree (pv=0x548dc0) [0085.131] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.131] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875230000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0085.134] CoTaskMemFree (pv=0x548dc0) [0085.134] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpmodinfo=0x22ee2d0, cb=0x18 | out: lpmodinfo=0x22ee2d0*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0085.137] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.137] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="cryptsp.dll") returned 0xb [0085.140] CoTaskMemFree (pv=0x548dc0) [0085.140] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.140] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0085.143] CoTaskMemFree (pv=0x548dc0) [0085.143] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpmodinfo=0x22f0478, cb=0x18 | out: lpmodinfo=0x22f0478*(lpBaseOfDll=0x7ff87bc10000, SizeOfImage=0xa000, EntryPoint=0x7ff87bc11830)) returned 1 [0085.146] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.146] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="DPAPI.DLL") returned 0x9 [0085.149] CoTaskMemFree (pv=0x548dc0) [0085.149] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.149] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DPAPI.DLL" (normalized: "c:\\windows\\system32\\dpapi.dll")) returned 0x1d [0085.152] CoTaskMemFree (pv=0x548dc0) [0085.152] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874710000, lpmodinfo=0x22f2620, cb=0x18 | out: lpmodinfo=0x22f2620*(lpBaseOfDll=0x7ff874710000, SizeOfImage=0xb000, EntryPoint=0x7ff8747146d0)) returned 1 [0085.155] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.155] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874710000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WINBIOSTORAGEADAPTER.DLL") returned 0x18 [0085.158] CoTaskMemFree (pv=0x548dc0) [0085.158] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.158] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874710000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\WINBIOPLUGINS\\WINBIOSTORAGEADAPTER.DLL" (normalized: "c:\\windows\\system32\\winbioplugins\\winbiostorageadapter.dll")) returned 0x3a [0085.164] CoTaskMemFree (pv=0x548dc0) [0085.164] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8746a0000, lpmodinfo=0x22f4a38, cb=0x18 | out: lpmodinfo=0x22f4a38*(lpBaseOfDll=0x7ff8746a0000, SizeOfImage=0x6f000, EntryPoint=0x7ff8746fbd40)) returned 1 [0085.167] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.168] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8746a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="NUIVOICEWBSADAPTERS.DLL") returned 0x17 [0085.171] CoTaskMemFree (pv=0x548dc0) [0085.171] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.171] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8746a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\WINDOWS\\SYSTEM32\\WINBIOPLUGINS\\NUIVOICEWBSADAPTERS.DLL" (normalized: "c:\\windows\\system32\\winbioplugins\\nuivoicewbsadapters.dll")) returned 0x39 [0085.174] CoTaskMemFree (pv=0x548dc0) [0085.174] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x22f6c30, cb=0x18 | out: lpmodinfo=0x22f6c30*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0085.177] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.177] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0085.180] CoTaskMemFree (pv=0x548dc0) [0085.180] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.180] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0085.184] CoTaskMemFree (pv=0x548dc0) [0085.184] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874590000, lpmodinfo=0x22f8dd8, cb=0x18 | out: lpmodinfo=0x22f8dd8*(lpBaseOfDll=0x7ff874590000, SizeOfImage=0x10d000, EntryPoint=0x7ff8745bf420)) returned 1 [0085.187] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.187] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874590000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="MFPlat.DLL") returned 0xa [0085.190] CoTaskMemFree (pv=0x548dc0) [0085.190] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.190] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874590000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MFPlat.DLL" (normalized: "c:\\windows\\system32\\mfplat.dll")) returned 0x1e [0085.194] CoTaskMemFree (pv=0x548dc0) [0085.194] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x22faf80, cb=0x18 | out: lpmodinfo=0x22faf80*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0085.199] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.199] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0085.202] CoTaskMemFree (pv=0x548dc0) [0085.202] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.202] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0085.206] CoTaskMemFree (pv=0x548dc0) [0085.206] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874560000, lpmodinfo=0x22fd148, cb=0x18 | out: lpmodinfo=0x22fd148*(lpBaseOfDll=0x7ff874560000, SizeOfImage=0x2b000, EntryPoint=0x7ff87456c3c0)) returned 1 [0085.209] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.209] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874560000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="RTWorkQ.DLL") returned 0xb [0085.219] CoTaskMemFree (pv=0x548dc0) [0085.219] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.219] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874560000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RTWorkQ.DLL" (normalized: "c:\\windows\\system32\\rtworkq.dll")) returned 0x1f [0085.223] CoTaskMemFree (pv=0x548dc0) [0085.223] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c060000, lpmodinfo=0x22ff2f0, cb=0x18 | out: lpmodinfo=0x22ff2f0*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0085.227] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.227] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0085.230] CoTaskMemFree (pv=0x548dc0) [0085.230] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.230] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0085.234] CoTaskMemFree (pv=0x548dc0) [0085.234] CloseHandle (hObject=0x25c) returned 1 [0085.234] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0085.235] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1224) returned 0x25c [0085.235] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2302620, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2302620, lpcbNeeded=0x14ef68) returned 1 [0085.235] GetModuleInformation (in: hProcess=0x25c, hModule=0xee0000, lpmodinfo=0x2302890, cb=0x18 | out: lpmodinfo=0x2302890*(lpBaseOfDll=0xee0000, SizeOfImage=0xca000, EntryPoint=0xee3a40)) returned 1 [0085.236] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.236] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xee0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="IEXPLORE.EXE") returned 0xc [0085.236] CoTaskMemFree (pv=0x548dc0) [0085.236] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.236] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xee0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\IEXPLORE.EXE" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe")) returned 0x35 [0085.237] CoTaskMemFree (pv=0x548dc0) [0085.237] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2304aa8, cb=0x18 | out: lpmodinfo=0x2304aa8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0085.237] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.237] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0085.238] CoTaskMemFree (pv=0x548dc0) [0085.238] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.238] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0085.238] CoTaskMemFree (pv=0x548dc0) [0085.238] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2306c50, cb=0x18 | out: lpmodinfo=0x2306c50*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0085.240] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.240] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0085.240] CoTaskMemFree (pv=0x548dc0) [0085.240] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.240] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0085.241] CoTaskMemFree (pv=0x548dc0) [0085.241] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2308df8, cb=0x18 | out: lpmodinfo=0x2308df8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0085.242] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.242] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0085.242] CoTaskMemFree (pv=0x548dc0) [0085.242] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.242] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0085.243] CoTaskMemFree (pv=0x548dc0) [0085.243] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x230afb0, cb=0x18 | out: lpmodinfo=0x230afb0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0085.244] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.244] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0085.244] CoTaskMemFree (pv=0x548dc0) [0085.244] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.245] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0085.245] CoTaskMemFree (pv=0x548dc0) [0085.245] CloseHandle (hObject=0x25c) returned 1 [0085.246] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0085.246] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x12e8) returned 0x25c [0085.246] EnumProcessModules (in: hProcess=0x25c, lphModule=0x230d788, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x230d788, lpcbNeeded=0x14ef68) returned 1 [0085.249] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff623080000, lpmodinfo=0x230d9f8, cb=0x18 | out: lpmodinfo=0x230d9f8*(lpBaseOfDll=0x7ff623080000, SizeOfImage=0x7000, EntryPoint=0x7ff623081460)) returned 1 [0085.250] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.250] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff623080000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="backgroundTaskHost.exe") returned 0x16 [0085.250] CoTaskMemFree (pv=0x548dc0) [0085.250] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.250] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff623080000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\backgroundTaskHost.exe" (normalized: "c:\\windows\\system32\\backgroundtaskhost.exe")) returned 0x2a [0085.251] CoTaskMemFree (pv=0x548dc0) [0085.251] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x230fc08, cb=0x18 | out: lpmodinfo=0x230fc08*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0085.251] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.251] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0085.252] CoTaskMemFree (pv=0x548dc0) [0085.252] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.252] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0085.252] CoTaskMemFree (pv=0x548dc0) [0085.252] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x2311db0, cb=0x18 | out: lpmodinfo=0x2311db0*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0085.253] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.253] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0085.253] CoTaskMemFree (pv=0x548dc0) [0085.253] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.253] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0085.254] CoTaskMemFree (pv=0x548dc0) [0085.254] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x2313f68, cb=0x18 | out: lpmodinfo=0x2313f68*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0085.254] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.254] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0085.255] CoTaskMemFree (pv=0x548dc0) [0085.255] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.255] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0085.256] CoTaskMemFree (pv=0x548dc0) [0085.256] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x2316120, cb=0x18 | out: lpmodinfo=0x2316120*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0085.257] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.257] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0085.257] CoTaskMemFree (pv=0x548dc0) [0085.257] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.257] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0085.258] CoTaskMemFree (pv=0x548dc0) [0085.258] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x2318320, cb=0x18 | out: lpmodinfo=0x2318320*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0085.259] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.259] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0085.260] CoTaskMemFree (pv=0x548dc0) [0085.260] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.260] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0085.261] CoTaskMemFree (pv=0x548dc0) [0085.261] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x231a4c8, cb=0x18 | out: lpmodinfo=0x231a4c8*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0085.261] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.261] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0085.263] CoTaskMemFree (pv=0x548dc0) [0085.263] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.263] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0085.264] CoTaskMemFree (pv=0x548dc0) [0085.264] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x231c670, cb=0x18 | out: lpmodinfo=0x231c670*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0085.264] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.264] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0085.265] CoTaskMemFree (pv=0x548dc0) [0085.265] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.266] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0085.266] CoTaskMemFree (pv=0x548dc0) [0085.266] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x231e848, cb=0x18 | out: lpmodinfo=0x231e848*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0085.267] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.267] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0085.268] CoTaskMemFree (pv=0x548dc0) [0085.268] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.269] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0085.271] CoTaskMemFree (pv=0x548dc0) [0085.271] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpmodinfo=0x2320aa8, cb=0x18 | out: lpmodinfo=0x2320aa8*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0085.272] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.272] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0085.273] CoTaskMemFree (pv=0x548dc0) [0085.273] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.273] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0085.275] CoTaskMemFree (pv=0x548dc0) [0085.275] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x2322c70, cb=0x18 | out: lpmodinfo=0x2322c70*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0085.276] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.277] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0085.278] CoTaskMemFree (pv=0x548dc0) [0085.278] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.278] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0085.280] CoTaskMemFree (pv=0x548dc0) [0085.280] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x2324e18, cb=0x18 | out: lpmodinfo=0x2324e18*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0085.281] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.281] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0085.282] CoTaskMemFree (pv=0x548dc0) [0085.282] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.282] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0085.283] CoTaskMemFree (pv=0x548dc0) [0085.283] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff876870000, lpmodinfo=0x2326fc0, cb=0x18 | out: lpmodinfo=0x2326fc0*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0085.285] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.285] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff876870000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="WinTypes.dll") returned 0xc [0085.286] CoTaskMemFree (pv=0x548dc0) [0085.286] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.286] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff876870000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0085.287] CoTaskMemFree (pv=0x548dc0) [0085.287] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x2329178, cb=0x18 | out: lpmodinfo=0x2329178*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0085.289] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.289] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x548dc0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0085.290] CoTaskMemFree (pv=0x548dc0) [0085.290] CoTaskMemAlloc (cb=0x804) returned 0x548dc0 [0085.290] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x548dc0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0085.292] CoTaskMemFree (pv=0x548dc0) [0085.292] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x232b320, cb=0x18 | out: lpmodinfo=0x232b320*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0085.293] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0085.294] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0085.295] CoTaskMemFree (pv=0x5547c0) [0085.295] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0085.295] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0085.297] CoTaskMemFree (pv=0x5547c0) [0085.297] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x232d4c8, cb=0x18 | out: lpmodinfo=0x232d4c8*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0085.298] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0085.298] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0085.300] CoTaskMemFree (pv=0x54ef10) [0085.300] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0085.300] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0085.302] CoTaskMemFree (pv=0x54d6e0) [0085.302] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpmodinfo=0x232f670, cb=0x18 | out: lpmodinfo=0x232f670*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0085.303] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0085.304] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0085.305] CoTaskMemFree (pv=0x550f50) [0085.305] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0085.305] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0085.307] CoTaskMemFree (pv=0x54e700) [0085.307] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff877aa0000, lpmodinfo=0x2331930, cb=0x18 | out: lpmodinfo=0x2331930*(lpBaseOfDll=0x7ff877aa0000, SizeOfImage=0x10e000, EntryPoint=0x7ff877aeeaa0)) returned 1 [0085.309] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0085.309] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff877aa0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="mrmcorer.dll") returned 0xc [0085.310] CoTaskMemFree (pv=0x5537a0) [0085.310] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0085.310] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff877aa0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mrmcorer.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")) returned 0x20 [0085.314] CoTaskMemFree (pv=0x54def0) [0085.314] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879c90000, lpmodinfo=0x2333ae8, cb=0x18 | out: lpmodinfo=0x2333ae8*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0085.316] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0085.316] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0085.318] CoTaskMemFree (pv=0x551f70) [0085.318] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0085.318] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0085.320] CoTaskMemFree (pv=0x550740) [0085.320] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878e40000, lpmodinfo=0x2335ca0, cb=0x18 | out: lpmodinfo=0x2335ca0*(lpBaseOfDll=0x7ff878e40000, SizeOfImage=0x33000, EntryPoint=0x7ff878e4d5a0)) returned 1 [0085.322] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0085.322] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878e40000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="biwinrt.dll") returned 0xb [0085.324] CoTaskMemFree (pv=0x5547c0) [0085.324] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0085.324] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878e40000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\biwinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll")) returned 0x1f [0085.326] CoTaskMemFree (pv=0x552f90) [0085.326] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8603c0000, lpmodinfo=0x2337e48, cb=0x18 | out: lpmodinfo=0x2337e48*(lpBaseOfDll=0x7ff8603c0000, SizeOfImage=0x2f7000, EntryPoint=0x7ff860566b00)) returned 1 [0085.328] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0085.328] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8603c0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="ContentDeliveryManager.Background.dll") returned 0x25 [0085.330] CoTaskMemFree (pv=0x550f50) [0085.330] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0085.330] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8603c0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\ContentDeliveryManager.Background.dll" (normalized: "c:\\windows\\systemapps\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\contentdeliverymanager.background.dll")) returned 0x72 [0085.332] CoTaskMemFree (pv=0x550f50) [0085.332] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x233a0d0, cb=0x18 | out: lpmodinfo=0x233a0d0*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0085.334] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0085.334] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0085.336] CoTaskMemFree (pv=0x552780) [0085.336] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0085.336] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0085.338] CoTaskMemFree (pv=0x5537a0) [0085.338] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d650000, lpmodinfo=0x233c288, cb=0x18 | out: lpmodinfo=0x233c288*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0085.340] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0085.340] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d650000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0085.343] CoTaskMemFree (pv=0x550f50) [0085.343] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0085.343] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d650000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0085.345] CoTaskMemFree (pv=0x54ef10) [0085.345] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x233e430, cb=0x18 | out: lpmodinfo=0x233e430*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0085.347] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0085.347] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0085.352] CoTaskMemFree (pv=0x54f720) [0085.352] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0085.352] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0085.355] CoTaskMemFree (pv=0x552f90) [0085.355] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c760000, lpmodinfo=0x23405e8, cb=0x18 | out: lpmodinfo=0x23405e8*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0085.380] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0085.380] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0085.382] CoTaskMemFree (pv=0x5547c0) [0085.382] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0085.382] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0085.385] CoTaskMemFree (pv=0x551760) [0085.385] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpmodinfo=0x23427b0, cb=0x18 | out: lpmodinfo=0x23427b0*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0085.387] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0085.387] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0085.390] CoTaskMemFree (pv=0x54def0) [0085.390] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0085.390] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0085.392] CoTaskMemFree (pv=0x54f720) [0085.392] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x2344958, cb=0x18 | out: lpmodinfo=0x2344958*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0085.394] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0085.394] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0085.397] CoTaskMemFree (pv=0x551f70) [0085.397] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0085.397] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0085.399] CoTaskMemFree (pv=0x5537a0) [0085.400] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x2346b10, cb=0x18 | out: lpmodinfo=0x2346b10*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0085.402] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0085.402] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0085.404] CoTaskMemFree (pv=0x54ff30) [0085.405] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0085.405] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0085.407] CoTaskMemFree (pv=0x551760) [0085.407] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpmodinfo=0x2348cb8, cb=0x18 | out: lpmodinfo=0x2348cb8*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0085.412] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0085.412] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0085.414] CoTaskMemFree (pv=0x54ff30) [0085.414] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0085.414] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0085.417] CoTaskMemFree (pv=0x54d6e0) [0085.417] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x234ae60, cb=0x18 | out: lpmodinfo=0x234ae60*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0085.420] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0085.420] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0085.422] CoTaskMemFree (pv=0x551760) [0085.422] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0085.422] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0085.425] CoTaskMemFree (pv=0x54f720) [0085.425] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x234d018, cb=0x18 | out: lpmodinfo=0x234d018*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0085.428] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0085.428] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0085.431] CoTaskMemFree (pv=0x550f50) [0085.431] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0085.431] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0085.434] CoTaskMemFree (pv=0x54def0) [0085.434] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ad80000, lpmodinfo=0x234f1c0, cb=0x18 | out: lpmodinfo=0x234f1c0*(lpBaseOfDll=0x7ff87ad80000, SizeOfImage=0x25000, EntryPoint=0x7ff87ad95220)) returned 1 [0085.436] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0085.436] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ad80000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="SLC.dll") returned 0x7 [0085.440] CoTaskMemFree (pv=0x54e700) [0085.440] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0085.440] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ad80000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SLC.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0085.443] CoTaskMemFree (pv=0x5547c0) [0085.443] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8740b0000, lpmodinfo=0x2351358, cb=0x18 | out: lpmodinfo=0x2351358*(lpBaseOfDll=0x7ff8740b0000, SizeOfImage=0x4b000, EntryPoint=0x7ff8740c7b70)) returned 1 [0085.452] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0085.452] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8740b0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="VEEventDispatcher.dll") returned 0x15 [0085.455] CoTaskMemFree (pv=0x54ff30) [0085.455] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0085.455] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8740b0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll")) returned 0x29 [0085.458] CoTaskMemFree (pv=0x54ef10) [0085.458] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878830000, lpmodinfo=0x2353748, cb=0x18 | out: lpmodinfo=0x2353748*(lpBaseOfDll=0x7ff878830000, SizeOfImage=0x55000, EntryPoint=0x7ff878833fb0)) returned 1 [0085.461] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0085.461] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878830000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="policymanager.dll") returned 0x11 [0085.464] CoTaskMemFree (pv=0x550740) [0085.464] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0085.464] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878830000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")) returned 0x25 [0085.468] CoTaskMemFree (pv=0x5537a0) [0085.468] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff877bb0000, lpmodinfo=0x2355910, cb=0x18 | out: lpmodinfo=0x2355910*(lpBaseOfDll=0x7ff877bb0000, SizeOfImage=0x6a000, EntryPoint=0x7ff877bb9d60)) returned 1 [0085.471] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0085.471] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff877bb0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="wincorlib.DLL") returned 0xd [0085.474] CoTaskMemFree (pv=0x552f90) [0085.474] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0085.474] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff877bb0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wincorlib.DLL" (normalized: "c:\\windows\\system32\\wincorlib.dll")) returned 0x21 [0085.478] CoTaskMemFree (pv=0x551f70) [0085.478] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ad20000, lpmodinfo=0x2357ac8, cb=0x18 | out: lpmodinfo=0x2357ac8*(lpBaseOfDll=0x7ff87ad20000, SizeOfImage=0x25000, EntryPoint=0x7ff87ad22300)) returned 1 [0085.482] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0085.482] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ad20000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="sppc.dll") returned 0x8 [0085.485] CoTaskMemFree (pv=0x54ff30) [0085.485] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0085.485] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ad20000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll")) returned 0x1c [0085.489] CoTaskMemFree (pv=0x54def0) [0085.489] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878e80000, lpmodinfo=0x2359c70, cb=0x18 | out: lpmodinfo=0x2359c70*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0085.492] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0085.492] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878e80000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0085.495] CoTaskMemFree (pv=0x552f90) [0085.495] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0085.495] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878e80000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0085.499] CoTaskMemFree (pv=0x54f720) [0085.499] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c060000, lpmodinfo=0x235be38, cb=0x18 | out: lpmodinfo=0x235be38*(lpBaseOfDll=0x7ff86c060000, SizeOfImage=0x55000, EntryPoint=0x7ff86c071250)) returned 1 [0085.502] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0085.502] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c060000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="Windows.Storage.ApplicationData.dll") returned 0x23 [0085.505] CoTaskMemFree (pv=0x54ff30) [0085.505] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0085.505] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c060000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll" (normalized: "c:\\windows\\system32\\windows.storage.applicationdata.dll")) returned 0x37 [0085.509] CoTaskMemFree (pv=0x553fb0) [0085.509] CloseHandle (hObject=0x25c) returned 1 [0085.509] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0085.509] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd84) returned 0x25c [0085.509] EnumProcessModules (in: hProcess=0x25c, lphModule=0x235f160, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x235f160, lpcbNeeded=0x14ef68) returned 1 [0085.510] GetModuleInformation (in: hProcess=0x25c, hModule=0x80000, lpmodinfo=0x235f3d0, cb=0x18 | out: lpmodinfo=0x235f3d0*(lpBaseOfDll=0x80000, SizeOfImage=0x17000, EntryPoint=0x814a1)) returned 1 [0085.511] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0085.511] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x80000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="on-song.exe") returned 0xb [0085.511] CoTaskMemFree (pv=0x553fb0) [0085.511] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0085.511] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x80000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Program Files\\MSBuild\\on-song.exe" (normalized: "c:\\program files\\msbuild\\on-song.exe")) returned 0x24 [0085.511] CoTaskMemFree (pv=0x551f70) [0085.512] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x23615c0, cb=0x18 | out: lpmodinfo=0x23615c0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0085.512] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0085.512] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0085.512] CoTaskMemFree (pv=0x552780) [0085.512] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0085.512] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0085.513] CoTaskMemFree (pv=0x551f70) [0085.513] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2363768, cb=0x18 | out: lpmodinfo=0x2363768*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0085.513] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0085.514] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0085.514] CoTaskMemFree (pv=0x550f50) [0085.514] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0085.514] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0085.515] CoTaskMemFree (pv=0x552780) [0085.515] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2365910, cb=0x18 | out: lpmodinfo=0x2365910*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0085.515] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0085.515] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0085.516] CoTaskMemFree (pv=0x550f50) [0085.516] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0085.516] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0085.517] CoTaskMemFree (pv=0x552f90) [0085.517] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x2367ac8, cb=0x18 | out: lpmodinfo=0x2367ac8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0085.518] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0085.518] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0085.518] CoTaskMemFree (pv=0x54e700) [0085.518] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0085.518] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0085.519] CoTaskMemFree (pv=0x54d6e0) [0085.519] CloseHandle (hObject=0x25c) returned 1 [0085.519] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0085.520] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1094) returned 0x25c [0085.520] EnumProcessModules (in: hProcess=0x25c, lphModule=0x236a2a0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x236a2a0, lpcbNeeded=0x14ef68) returned 1 [0085.520] GetModuleInformation (in: hProcess=0x25c, hModule=0x1230000, lpmodinfo=0x236a510, cb=0x18 | out: lpmodinfo=0x236a510*(lpBaseOfDll=0x1230000, SizeOfImage=0x17000, EntryPoint=0x12314a1)) returned 1 [0085.521] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0085.521] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x1230000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="scriptftp.exe") returned 0xd [0085.522] CoTaskMemFree (pv=0x54ef10) [0085.522] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0085.522] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x1230000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Multimedia Platform\\scriptftp.exe" (normalized: "c:\\program files (x86)\\windows multimedia platform\\scriptftp.exe")) returned 0x40 [0085.522] CoTaskMemFree (pv=0x552f90) [0085.522] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x236c740, cb=0x18 | out: lpmodinfo=0x236c740*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0085.523] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0085.523] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0085.523] CoTaskMemFree (pv=0x553fb0) [0085.523] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0085.523] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0085.524] CoTaskMemFree (pv=0x550740) [0085.524] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x236e8e8, cb=0x18 | out: lpmodinfo=0x236e8e8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0085.524] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0085.524] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0085.525] CoTaskMemFree (pv=0x550f50) [0085.525] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0085.525] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0085.526] CoTaskMemFree (pv=0x551760) [0085.526] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2370a90, cb=0x18 | out: lpmodinfo=0x2370a90*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0085.527] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0085.527] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0085.527] CoTaskMemFree (pv=0x550f50) [0085.527] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0085.527] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0085.528] CoTaskMemFree (pv=0x54ff30) [0085.528] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x2372c48, cb=0x18 | out: lpmodinfo=0x2372c48*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0085.529] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0085.529] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0085.529] CoTaskMemFree (pv=0x550740) [0085.530] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0085.530] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0085.530] CoTaskMemFree (pv=0x54ff30) [0085.530] CloseHandle (hObject=0x25c) returned 1 [0085.531] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0085.531] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x35c) returned 0x25c [0085.531] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2375420, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2375420, lpcbNeeded=0x14ef68) returned 1 [0085.538] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2375638, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x2375638, lpcbNeeded=0x14ef68) returned 1 [0085.544] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpmodinfo=0x2375aa8, cb=0x18 | out: lpmodinfo=0x2375aa8*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0085.545] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0085.545] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0085.545] CoTaskMemFree (pv=0x54ef10) [0085.545] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0085.545] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0085.546] CoTaskMemFree (pv=0x551760) [0085.546] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2377c88, cb=0x18 | out: lpmodinfo=0x2377c88*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0085.546] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0085.546] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0085.547] CoTaskMemFree (pv=0x54d6e0) [0085.547] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0085.547] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0085.547] CoTaskMemFree (pv=0x5537a0) [0085.547] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x2379e30, cb=0x18 | out: lpmodinfo=0x2379e30*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0085.548] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0085.548] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0085.548] CoTaskMemFree (pv=0x551760) [0085.549] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0085.549] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0085.549] CoTaskMemFree (pv=0x54f720) [0085.549] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x237bfe8, cb=0x18 | out: lpmodinfo=0x237bfe8*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0085.550] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0085.550] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0085.550] CoTaskMemFree (pv=0x550740) [0085.550] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0085.550] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0085.551] CoTaskMemFree (pv=0x54f720) [0085.551] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x237e1a0, cb=0x18 | out: lpmodinfo=0x237e1a0*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0085.552] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0085.552] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0085.553] CoTaskMemFree (pv=0x552780) [0085.553] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0085.553] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0085.553] CoTaskMemFree (pv=0x552f90) [0085.553] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x23803a0, cb=0x18 | out: lpmodinfo=0x23803a0*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0085.554] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0085.554] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0085.555] CoTaskMemFree (pv=0x54def0) [0085.555] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0085.555] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0085.556] CoTaskMemFree (pv=0x551f70) [0085.556] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b760000, lpmodinfo=0x2382548, cb=0x18 | out: lpmodinfo=0x2382548*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0085.558] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0085.558] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0085.559] CoTaskMemFree (pv=0x5537a0) [0085.559] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0085.559] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0085.560] CoTaskMemFree (pv=0x5547c0) [0085.560] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x2384700, cb=0x18 | out: lpmodinfo=0x2384700*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0085.561] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0085.561] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0085.562] CoTaskMemFree (pv=0x551f70) [0085.562] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0085.562] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0085.563] CoTaskMemFree (pv=0x54e700) [0085.563] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x23868a8, cb=0x18 | out: lpmodinfo=0x23868a8*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0085.564] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0085.564] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0085.565] CoTaskMemFree (pv=0x552780) [0085.565] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0085.565] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0085.566] CoTaskMemFree (pv=0x54def0) [0085.566] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x2388ae8, cb=0x18 | out: lpmodinfo=0x2388ae8*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0085.567] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0085.567] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0085.569] CoTaskMemFree (pv=0x5547c0) [0085.569] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0085.569] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0085.570] CoTaskMemFree (pv=0x54e700) [0085.570] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x238acc0, cb=0x18 | out: lpmodinfo=0x238acc0*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0085.571] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0085.571] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0085.572] CoTaskMemFree (pv=0x54ff30) [0085.572] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0085.572] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0085.574] CoTaskMemFree (pv=0x54d6e0) [0085.574] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x238ce88, cb=0x18 | out: lpmodinfo=0x238ce88*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0085.575] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0085.575] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0085.577] CoTaskMemFree (pv=0x552780) [0085.577] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0085.577] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0085.579] CoTaskMemFree (pv=0x54ef10) [0085.579] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x238f030, cb=0x18 | out: lpmodinfo=0x238f030*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0085.580] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0085.580] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0085.581] CoTaskMemFree (pv=0x550740) [0085.581] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0085.581] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0085.583] CoTaskMemFree (pv=0x54e700) [0085.583] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpmodinfo=0x23911d8, cb=0x18 | out: lpmodinfo=0x23911d8*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0085.584] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0085.584] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="coremessaging.dll") returned 0x11 [0085.586] CoTaskMemFree (pv=0x54e700) [0085.586] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0085.586] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\coremessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0085.587] CoTaskMemFree (pv=0x551f70) [0085.588] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8748f0000, lpmodinfo=0x23933a0, cb=0x18 | out: lpmodinfo=0x23933a0*(lpBaseOfDll=0x7ff8748f0000, SizeOfImage=0xcb000, EntryPoint=0x7ff8749187f0)) returned 1 [0085.589] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0085.589] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8748f0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="bfe.dll") returned 0x7 [0085.591] CoTaskMemFree (pv=0x551f70) [0085.591] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0085.591] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8748f0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bfe.dll" (normalized: "c:\\windows\\system32\\bfe.dll")) returned 0x1b [0085.592] CoTaskMemFree (pv=0x54def0) [0085.592] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpmodinfo=0x2395538, cb=0x18 | out: lpmodinfo=0x2395538*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0085.597] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0085.597] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0085.599] CoTaskMemFree (pv=0x5547c0) [0085.599] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0085.599] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0085.600] CoTaskMemFree (pv=0x550f50) [0085.600] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b8b0000, lpmodinfo=0x23976e0, cb=0x18 | out: lpmodinfo=0x23976e0*(lpBaseOfDll=0x7ff87b8b0000, SizeOfImage=0x49000, EntryPoint=0x7ff87b8ba090)) returned 1 [0085.602] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0085.602] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b8b0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="AUTHZ.dll") returned 0x9 [0085.604] CoTaskMemFree (pv=0x551760) [0085.604] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0085.604] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b8b0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\AUTHZ.dll" (normalized: "c:\\windows\\system32\\authz.dll")) returned 0x1d [0085.606] CoTaskMemFree (pv=0x551f70) [0085.606] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x23999a0, cb=0x18 | out: lpmodinfo=0x23999a0*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0085.607] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0085.608] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0085.609] CoTaskMemFree (pv=0x550740) [0085.609] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0085.609] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0085.611] CoTaskMemFree (pv=0x551760) [0085.611] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8788f0000, lpmodinfo=0x239bb48, cb=0x18 | out: lpmodinfo=0x239bb48*(lpBaseOfDll=0x7ff8788f0000, SizeOfImage=0x64000, EntryPoint=0x7ff878905ae0)) returned 1 [0085.613] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0085.613] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8788f0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0085.615] CoTaskMemFree (pv=0x54d6e0) [0085.615] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0085.615] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8788f0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0085.617] CoTaskMemFree (pv=0x54d6e0) [0085.617] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x239dcf0, cb=0x18 | out: lpmodinfo=0x239dcf0*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0085.619] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0085.619] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0085.621] CoTaskMemFree (pv=0x54def0) [0085.621] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0085.621] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0085.623] CoTaskMemFree (pv=0x5537a0) [0085.623] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872460000, lpmodinfo=0x239fe98, cb=0x18 | out: lpmodinfo=0x239fe98*(lpBaseOfDll=0x7ff872460000, SizeOfImage=0xdd000, EntryPoint=0x7ff872495630)) returned 1 [0085.625] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0085.625] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872460000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="mpssvc.dll") returned 0xa [0085.627] CoTaskMemFree (pv=0x54ff30) [0085.627] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0085.627] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872460000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\mpssvc.dll" (normalized: "c:\\windows\\system32\\mpssvc.dll")) returned 0x1e [0085.630] CoTaskMemFree (pv=0x54def0) [0085.630] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x23a2040, cb=0x18 | out: lpmodinfo=0x23a2040*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0085.637] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0085.637] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0085.639] CoTaskMemFree (pv=0x54e700) [0085.639] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0085.639] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0085.642] CoTaskMemFree (pv=0x54e700) [0085.642] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b030000, lpmodinfo=0x23a41f8, cb=0x18 | out: lpmodinfo=0x23a41f8*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0085.644] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0085.644] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b030000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0085.654] CoTaskMemFree (pv=0x550740) [0085.654] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0085.654] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b030000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0085.656] CoTaskMemFree (pv=0x54ff30) [0085.656] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpmodinfo=0x23a63a0, cb=0x18 | out: lpmodinfo=0x23a63a0*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0085.658] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0085.658] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0085.660] CoTaskMemFree (pv=0x553fb0) [0085.660] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0085.660] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0085.663] CoTaskMemFree (pv=0x552f90) [0085.663] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpmodinfo=0x23a8538, cb=0x18 | out: lpmodinfo=0x23a8538*(lpBaseOfDll=0x7ff874fc0000, SizeOfImage=0x67000, EntryPoint=0x7ff874fc63e0)) returned 1 [0085.665] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0085.665] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0085.667] CoTaskMemFree (pv=0x550f50) [0085.668] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0085.668] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0085.670] CoTaskMemFree (pv=0x54e700) [0085.670] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b340000, lpmodinfo=0x23aa6f0, cb=0x18 | out: lpmodinfo=0x23aa6f0*(lpBaseOfDll=0x7ff87b340000, SizeOfImage=0x32000, EntryPoint=0x7ff87b352340)) returned 1 [0085.673] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0085.673] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b340000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="fwbase.dll") returned 0xa [0085.675] CoTaskMemFree (pv=0x551760) [0085.675] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0085.675] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b340000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")) returned 0x1e [0085.725] CoTaskMemFree (pv=0x551f70) [0085.725] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872420000, lpmodinfo=0x23ac898, cb=0x18 | out: lpmodinfo=0x23ac898*(lpBaseOfDll=0x7ff872420000, SizeOfImage=0x35000, EntryPoint=0x7ff87242a270)) returned 1 [0085.727] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0085.727] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872420000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="FWPolicyIOMgr.dll") returned 0x11 [0085.730] CoTaskMemFree (pv=0x552f90) [0085.730] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0085.730] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872420000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\FWPolicyIOMgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll")) returned 0x25 [0085.733] CoTaskMemFree (pv=0x54d6e0) [0085.733] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875230000, lpmodinfo=0x23aea60, cb=0x18 | out: lpmodinfo=0x23aea60*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff875231b60)) returned 1 [0085.735] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0085.735] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875230000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0085.738] CoTaskMemFree (pv=0x552780) [0085.738] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0085.738] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875230000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0085.741] CoTaskMemFree (pv=0x552f90) [0085.741] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpmodinfo=0x23b0c08, cb=0x18 | out: lpmodinfo=0x23b0c08*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0085.743] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0085.743] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0085.746] CoTaskMemFree (pv=0x54ef10) [0085.746] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0085.746] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0085.749] CoTaskMemFree (pv=0x550f50) [0085.749] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872410000, lpmodinfo=0x23b2dc0, cb=0x18 | out: lpmodinfo=0x23b2dc0*(lpBaseOfDll=0x7ff872410000, SizeOfImage=0x9000, EntryPoint=0x7ff8724121d0)) returned 1 [0085.752] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0085.752] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872410000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="httpprxc.dll") returned 0xc [0085.755] CoTaskMemFree (pv=0x54ff30) [0085.755] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0085.755] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872410000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll")) returned 0x20 [0085.757] CoTaskMemFree (pv=0x54f720) [0085.757] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878830000, lpmodinfo=0x23b4f78, cb=0x18 | out: lpmodinfo=0x23b4f78*(lpBaseOfDll=0x7ff878830000, SizeOfImage=0x55000, EntryPoint=0x7ff878833fb0)) returned 1 [0085.761] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0085.761] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878830000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="policymanager.dll") returned 0x11 [0085.764] CoTaskMemFree (pv=0x54e700) [0085.764] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0085.764] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878830000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")) returned 0x25 [0085.767] CoTaskMemFree (pv=0x551f70) [0085.767] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x23b7140, cb=0x18 | out: lpmodinfo=0x23b7140*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0085.770] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0085.770] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0085.773] CoTaskMemFree (pv=0x5537a0) [0085.773] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0085.773] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0085.777] CoTaskMemFree (pv=0x551760) [0085.777] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878e80000, lpmodinfo=0x23b92f8, cb=0x18 | out: lpmodinfo=0x23b92f8*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0085.780] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0085.780] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878e80000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0085.783] CoTaskMemFree (pv=0x54e700) [0085.783] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0085.783] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878e80000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0085.786] CoTaskMemFree (pv=0x551f70) [0085.786] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x23bb6d8, cb=0x18 | out: lpmodinfo=0x23bb6d8*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0085.790] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0085.790] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0085.793] CoTaskMemFree (pv=0x551f70) [0085.793] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0085.793] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0085.797] CoTaskMemFree (pv=0x551760) [0085.797] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872400000, lpmodinfo=0x23bd890, cb=0x18 | out: lpmodinfo=0x23bd890*(lpBaseOfDll=0x7ff872400000, SizeOfImage=0xa000, EntryPoint=0x7ff872403070)) returned 1 [0085.800] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0085.800] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872400000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="adhapi.dll") returned 0xa [0085.803] CoTaskMemFree (pv=0x54ff30) [0085.803] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0085.803] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872400000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\adhapi.dll" (normalized: "c:\\windows\\system32\\adhapi.dll")) returned 0x1e [0085.807] CoTaskMemFree (pv=0x551760) [0085.807] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpmodinfo=0x23bfa38, cb=0x18 | out: lpmodinfo=0x23bfa38*(lpBaseOfDll=0x7ff87b5c0000, SizeOfImage=0x24000, EntryPoint=0x7ff87b5c3260)) returned 1 [0085.810] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0085.810] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="gpapi.dll") returned 0x9 [0085.813] CoTaskMemFree (pv=0x5547c0) [0085.813] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0085.813] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0085.817] CoTaskMemFree (pv=0x553fb0) [0085.817] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875480000, lpmodinfo=0x23c1be0, cb=0x18 | out: lpmodinfo=0x23c1be0*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0085.820] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0085.820] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875480000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0085.823] CoTaskMemFree (pv=0x553fb0) [0085.823] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0085.823] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875480000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0085.827] CoTaskMemFree (pv=0x550740) [0085.827] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875270000, lpmodinfo=0x23c3d98, cb=0x18 | out: lpmodinfo=0x23c3d98*(lpBaseOfDll=0x7ff875270000, SizeOfImage=0x16000, EntryPoint=0x7ff8752719f0)) returned 1 [0085.839] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0085.839] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875270000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0085.842] CoTaskMemFree (pv=0x54f720) [0085.842] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0085.842] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875270000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0085.846] CoTaskMemFree (pv=0x5537a0) [0085.846] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875250000, lpmodinfo=0x23c5f50, cb=0x18 | out: lpmodinfo=0x23c5f50*(lpBaseOfDll=0x7ff875250000, SizeOfImage=0x1a000, EntryPoint=0x7ff875252430)) returned 1 [0085.849] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0085.849] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875250000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0085.853] CoTaskMemFree (pv=0x54d6e0) [0085.853] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0085.853] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875250000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0085.857] CoTaskMemFree (pv=0x54d6e0) [0085.857] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87be90000, lpmodinfo=0x23c8108, cb=0x18 | out: lpmodinfo=0x23c8108*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0085.860] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0085.860] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0085.864] CoTaskMemFree (pv=0x54ef10) [0085.864] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0085.864] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0085.867] CoTaskMemFree (pv=0x54ef10) [0085.867] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870fc0000, lpmodinfo=0x23ca2b0, cb=0x18 | out: lpmodinfo=0x23ca2b0*(lpBaseOfDll=0x7ff870fc0000, SizeOfImage=0xa000, EntryPoint=0x7ff870fc15c0)) returned 1 [0085.871] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0085.871] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870fc0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="wshqos.dll") returned 0xa [0085.881] CoTaskMemFree (pv=0x552780) [0085.881] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0085.881] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870fc0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll")) returned 0x1e [0085.885] CoTaskMemFree (pv=0x54f720) [0085.885] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870e00000, lpmodinfo=0x23cc458, cb=0x18 | out: lpmodinfo=0x23cc458*(lpBaseOfDll=0x7ff870e00000, SizeOfImage=0x8000, EntryPoint=0x7ff870e010a0)) returned 1 [0085.888] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0085.888] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870e00000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="wshtcpip.DLL") returned 0xc [0085.892] CoTaskMemFree (pv=0x54d6e0) [0085.892] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0085.892] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870e00000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wshtcpip.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0085.896] CoTaskMemFree (pv=0x551760) [0085.896] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870df0000, lpmodinfo=0x23ce610, cb=0x18 | out: lpmodinfo=0x23ce610*(lpBaseOfDll=0x7ff870df0000, SizeOfImage=0x8000, EntryPoint=0x7ff870df1ab0)) returned 1 [0085.900] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0085.900] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870df0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0085.904] CoTaskMemFree (pv=0x5537a0) [0085.904] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0085.904] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870df0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0085.908] CoTaskMemFree (pv=0x551760) [0085.908] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpmodinfo=0x23d07b8, cb=0x18 | out: lpmodinfo=0x23d07b8*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0085.912] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0085.912] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0085.917] CoTaskMemFree (pv=0x551760) [0085.917] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0085.917] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0085.921] CoTaskMemFree (pv=0x5547c0) [0085.921] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870d90000, lpmodinfo=0x23d2960, cb=0x18 | out: lpmodinfo=0x23d2960*(lpBaseOfDll=0x7ff870d90000, SizeOfImage=0x30000, EntryPoint=0x7ff870d9a670)) returned 1 [0085.925] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0085.925] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870d90000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="dps.dll") returned 0x7 [0085.929] CoTaskMemFree (pv=0x551760) [0085.929] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0085.930] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870d90000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dps.dll" (normalized: "c:\\windows\\system32\\dps.dll")) returned 0x1b [0085.934] CoTaskMemFree (pv=0x552f90) [0085.934] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x23d4af8, cb=0x18 | out: lpmodinfo=0x23d4af8*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0085.938] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0085.938] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0085.942] CoTaskMemFree (pv=0x54d6e0) [0085.942] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0085.946] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878230000, lpmodinfo=0x23d6ca0, cb=0x18 | out: lpmodinfo=0x23d6ca0*(lpBaseOfDll=0x7ff878230000, SizeOfImage=0xbf000, EntryPoint=0x7ff878251c50)) returned 1 [0085.952] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878230000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0085.956] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878230000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0085.961] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870b40000, lpmodinfo=0x23d8e58, cb=0x18 | out: lpmodinfo=0x23d8e58*(lpBaseOfDll=0x7ff870b40000, SizeOfImage=0x1d000, EntryPoint=0x7ff870b46190)) returned 1 [0085.965] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870b40000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="wdi.dll") returned 0x7 [0085.969] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870b40000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll")) returned 0x1b [0085.973] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870520000, lpmodinfo=0x23daff0, cb=0x18 | out: lpmodinfo=0x23daff0*(lpBaseOfDll=0x7ff870520000, SizeOfImage=0x166000, EntryPoint=0x7ff8705679f0)) returned 1 [0085.977] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870520000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="diagperf.dll") returned 0xc [0085.982] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870520000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\diagperf.dll" (normalized: "c:\\windows\\system32\\diagperf.dll")) returned 0x20 [0085.989] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870510000, lpmodinfo=0x23dd1a8, cb=0x18 | out: lpmodinfo=0x23dd1a8*(lpBaseOfDll=0x7ff870510000, SizeOfImage=0x9000, EntryPoint=0x7ff870511620)) returned 1 [0085.993] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870510000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="pnpts.dll") returned 0x9 [0085.998] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870510000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pnpts.dll" (normalized: "c:\\windows\\system32\\pnpts.dll")) returned 0x1d [0086.002] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f6f0000, lpmodinfo=0x23df350, cb=0x18 | out: lpmodinfo=0x23df350*(lpBaseOfDll=0x7ff86f6f0000, SizeOfImage=0x1e000, EntryPoint=0x7ff86f6f5190)) returned 1 [0086.007] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f6f0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="radardt.dll") returned 0xb [0086.011] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f6f0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\radardt.dll" (normalized: "c:\\windows\\system32\\radardt.dll")) returned 0x1f [0086.015] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x23e14f8, cb=0x18 | out: lpmodinfo=0x23e14f8*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0086.020] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="POWRPROF.dll") returned 0xc [0086.030] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\POWRPROF.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0086.046] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f690000, lpmodinfo=0x23e36b0, cb=0x18 | out: lpmodinfo=0x23e36b0*(lpBaseOfDll=0x7ff86f690000, SizeOfImage=0xc000, EntryPoint=0x7ff86f6916a0)) returned 1 [0086.051] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f690000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="wfapigp.dll") returned 0xb [0086.056] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f690000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wfapigp.dll" (normalized: "c:\\windows\\system32\\wfapigp.dll")) returned 0x1f [0086.060] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff877aa0000, lpmodinfo=0x23e5858, cb=0x18 | out: lpmodinfo=0x23e5858*(lpBaseOfDll=0x7ff877aa0000, SizeOfImage=0x10e000, EntryPoint=0x7ff877aeeaa0)) returned 1 [0086.065] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff877aa0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="mrmcorer.dll") returned 0xc [0086.070] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff877aa0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mrmcorer.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")) returned 0x20 [0086.113] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpmodinfo=0x23e7a10, cb=0x18 | out: lpmodinfo=0x23e7a10*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0086.117] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0086.122] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0086.127] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x23e9bc8, cb=0x18 | out: lpmodinfo=0x23e9bc8*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0086.132] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0086.137] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0086.141] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c760000, lpmodinfo=0x23ebd70, cb=0x18 | out: lpmodinfo=0x23ebd70*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0086.149] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0086.154] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0086.159] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpmodinfo=0x23edf38, cb=0x18 | out: lpmodinfo=0x23edf38*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0086.163] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0086.168] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0086.173] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x23f00e0, cb=0x18 | out: lpmodinfo=0x23f00e0*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0086.178] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0086.191] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0086.197] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f350000, lpmodinfo=0x23f2288, cb=0x18 | out: lpmodinfo=0x23f2288*(lpBaseOfDll=0x7ff86f350000, SizeOfImage=0x37000, EntryPoint=0x7ff86f35a9e0)) returned 1 [0086.202] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f350000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="srumsvc.dll") returned 0xb [0086.207] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f350000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\srumsvc.dll" (normalized: "c:\\windows\\system32\\srumsvc.dll")) returned 0x1f [0086.219] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872f10000, lpmodinfo=0x23f4430, cb=0x18 | out: lpmodinfo=0x23f4430*(lpBaseOfDll=0x7ff872f10000, SizeOfImage=0x2f9000, EntryPoint=0x7ff872fd7280)) returned 1 [0086.224] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872f10000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="ESENT.dll") returned 0x9 [0086.229] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872f10000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ESENT.dll" (normalized: "c:\\windows\\system32\\esent.dll")) returned 0x1d [0086.244] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpmodinfo=0x23f65d8, cb=0x18 | out: lpmodinfo=0x23f65d8*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0086.250] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0086.256] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0086.261] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c060000, lpmodinfo=0x23f8780, cb=0x18 | out: lpmodinfo=0x23f8780*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0086.266] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="CRYPTBASE.DLL") returned 0xd [0086.272] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.DLL" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0086.290] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86ef80000, lpmodinfo=0x23fa938, cb=0x18 | out: lpmodinfo=0x23fa938*(lpBaseOfDll=0x7ff86ef80000, SizeOfImage=0x14000, EntryPoint=0x7ff86ef85d60)) returned 1 [0086.296] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86ef80000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="nduprov.dll") returned 0xb [0086.302] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86ef80000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\nduprov.dll" (normalized: "c:\\windows\\system32\\nduprov.dll")) returned 0x1f [0086.307] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86ef60000, lpmodinfo=0x23fcae0, cb=0x18 | out: lpmodinfo=0x23fcae0*(lpBaseOfDll=0x7ff86ef60000, SizeOfImage=0x1b000, EntryPoint=0x7ff86ef6c6a0)) returned 1 [0086.313] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86ef60000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="eeprov.dll") returned 0xa [0086.318] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86ef60000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\eeprov.dll" (normalized: "c:\\windows\\system32\\eeprov.dll")) returned 0x1e [0086.324] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpmodinfo=0x23ff0a0, cb=0x18 | out: lpmodinfo=0x23ff0a0*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0086.331] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0086.337] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0086.343] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86ef40000, lpmodinfo=0x2401248, cb=0x18 | out: lpmodinfo=0x2401248*(lpBaseOfDll=0x7ff86ef40000, SizeOfImage=0x19000, EntryPoint=0x7ff86ef4c2f0)) returned 1 [0086.348] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86ef40000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="appsruprov.dll") returned 0xe [0086.354] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86ef40000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\appsruprov.dll" (normalized: "c:\\windows\\system32\\appsruprov.dll")) returned 0x22 [0086.373] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875860000, lpmodinfo=0x2403400, cb=0x18 | out: lpmodinfo=0x2403400*(lpBaseOfDll=0x7ff875860000, SizeOfImage=0x93000, EntryPoint=0x7ff875869680)) returned 1 [0086.380] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875860000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0086.386] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875860000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0086.393] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86ef30000, lpmodinfo=0x24055b8, cb=0x18 | out: lpmodinfo=0x24055b8*(lpBaseOfDll=0x7ff86ef30000, SizeOfImage=0xe000, EntryPoint=0x7ff86ef33c90)) returned 1 [0086.399] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86ef30000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="wpnsruprov.dll") returned 0xe [0086.405] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86ef30000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wpnsruprov.dll" (normalized: "c:\\windows\\system32\\wpnsruprov.dll")) returned 0x22 [0086.410] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8727c0000, lpmodinfo=0x2407770, cb=0x18 | out: lpmodinfo=0x2407770*(lpBaseOfDll=0x7ff8727c0000, SizeOfImage=0x40000, EntryPoint=0x7ff8727d6c60)) returned 1 [0086.422] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8727c0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0086.428] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8727c0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0086.434] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86ef20000, lpmodinfo=0x2409928, cb=0x18 | out: lpmodinfo=0x2409928*(lpBaseOfDll=0x7ff86ef20000, SizeOfImage=0xc000, EntryPoint=0x7ff86ef23ab0)) returned 1 [0086.442] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86ef20000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="ncuprov.dll") returned 0xb [0086.447] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86ef20000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ncuprov.dll" (normalized: "c:\\windows\\system32\\ncuprov.dll")) returned 0x1f [0086.455] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874a90000, lpmodinfo=0x240bad0, cb=0x18 | out: lpmodinfo=0x240bad0*(lpBaseOfDll=0x7ff874a90000, SizeOfImage=0xe000, EntryPoint=0x7ff874a91460)) returned 1 [0086.461] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874a90000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0086.467] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874a90000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0086.474] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878fa0000, lpmodinfo=0x240dc88, cb=0x18 | out: lpmodinfo=0x240dc88*(lpBaseOfDll=0x7ff878fa0000, SizeOfImage=0x15000, EntryPoint=0x7ff878fa3040)) returned 1 [0086.480] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878fa0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="energyprov.dll") returned 0xe [0086.486] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878fa0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\energyprov.dll" (normalized: "c:\\windows\\system32\\energyprov.dll")) returned 0x22 [0086.497] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86ec50000, lpmodinfo=0x240fe40, cb=0x18 | out: lpmodinfo=0x240fe40*(lpBaseOfDll=0x7ff86ec50000, SizeOfImage=0x13000, EntryPoint=0x7ff86ec52570)) returned 1 [0086.503] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86ec50000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="srumapi.dll") returned 0xb [0086.510] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86ec50000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\srumapi.dll" (normalized: "c:\\windows\\system32\\srumapi.dll")) returned 0x1f [0086.516] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpmodinfo=0x2411fe8, cb=0x18 | out: lpmodinfo=0x2411fe8*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0086.522] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0086.533] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0086.539] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879c90000, lpmodinfo=0x2414190, cb=0x18 | out: lpmodinfo=0x2414190*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0086.547] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0086.553] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0086.561] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872970000, lpmodinfo=0x2416348, cb=0x18 | out: lpmodinfo=0x2416348*(lpBaseOfDll=0x7ff872970000, SizeOfImage=0x9c000, EntryPoint=0x7ff8729c96a0)) returned 1 [0086.585] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872970000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="efswrt.dll") returned 0xa [0086.595] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872970000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\efswrt.dll" (normalized: "c:\\windows\\system32\\efswrt.dll")) returned 0x1e [0086.601] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff876870000, lpmodinfo=0x24184f0, cb=0x18 | out: lpmodinfo=0x24184f0*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0086.608] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff876870000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0086.615] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff876870000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0086.621] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86dea0000, lpmodinfo=0x241a6a8, cb=0x18 | out: lpmodinfo=0x241a6a8*(lpBaseOfDll=0x7ff86dea0000, SizeOfImage=0x50000, EntryPoint=0x7ff86dea2580)) returned 1 [0086.630] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86dea0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="edputil.dll") returned 0xb [0086.637] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86dea0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll")) returned 0x1f [0086.644] CloseHandle (hObject=0x25c) returned 1 [0086.645] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0086.645] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xcb8) returned 0x25c [0086.645] EnumProcessModules (in: hProcess=0x25c, lphModule=0x241e788, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x241e788, lpcbNeeded=0x14ef68) returned 1 [0086.654] EnumProcessModules (in: hProcess=0x25c, lphModule=0x241e9a0, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x241e9a0, lpcbNeeded=0x14ef68) returned 1 [0086.667] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff76ec20000, lpmodinfo=0x241ee10, cb=0x18 | out: lpmodinfo=0x241ee10*(lpBaseOfDll=0x7ff76ec20000, SizeOfImage=0xca000, EntryPoint=0x7ff76ec221f0)) returned 1 [0086.668] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff76ec20000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="iexplore.exe") returned 0xc [0086.668] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff76ec20000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files\\internet explorer\\iexplore.exe")) returned 0x2f [0086.668] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2421018, cb=0x18 | out: lpmodinfo=0x2421018*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0086.669] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0086.670] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0086.671] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x24231c0, cb=0x18 | out: lpmodinfo=0x24231c0*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0086.671] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0086.672] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0086.672] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x2425378, cb=0x18 | out: lpmodinfo=0x2425378*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0086.673] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0086.674] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0086.674] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87aa90000, lpmodinfo=0x2427530, cb=0x18 | out: lpmodinfo=0x2427530*(lpBaseOfDll=0x7ff87aa90000, SizeOfImage=0x79000, EntryPoint=0x7ff87aaafb90)) returned 1 [0086.675] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87aa90000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0086.676] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87aa90000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0086.677] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x2429730, cb=0x18 | out: lpmodinfo=0x2429730*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0086.677] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0086.678] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0086.679] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x242b8d8, cb=0x18 | out: lpmodinfo=0x242b8d8*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0086.680] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0086.681] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0086.682] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x242da80, cb=0x18 | out: lpmodinfo=0x242da80*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0086.685] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0086.685] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0086.686] CoTaskMemFree (pv=0x54d6e0) [0086.686] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0086.686] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0086.687] CoTaskMemFree (pv=0x550740) [0086.687] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x223f888, cb=0x18 | out: lpmodinfo=0x223f888*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0086.688] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0086.688] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0086.689] CoTaskMemFree (pv=0x54e700) [0086.689] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0086.689] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0086.690] CoTaskMemFree (pv=0x5547c0) [0086.690] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x2241ac8, cb=0x18 | out: lpmodinfo=0x2241ac8*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0086.691] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0086.691] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0086.694] CoTaskMemFree (pv=0x54f720) [0086.694] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0086.694] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0086.695] CoTaskMemFree (pv=0x54def0) [0086.695] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x2243c70, cb=0x18 | out: lpmodinfo=0x2243c70*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0086.696] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0086.696] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0086.697] CoTaskMemFree (pv=0x5537a0) [0086.697] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0086.697] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0086.699] CoTaskMemFree (pv=0x54def0) [0086.699] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x2245e18, cb=0x18 | out: lpmodinfo=0x2245e18*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0086.700] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0086.700] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0086.701] CoTaskMemFree (pv=0x550740) [0086.701] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0086.701] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0086.710] CoTaskMemFree (pv=0x5537a0) [0086.710] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x2247ff0, cb=0x18 | out: lpmodinfo=0x2247ff0*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0086.712] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0086.712] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0086.713] CoTaskMemFree (pv=0x552f90) [0086.713] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0086.713] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0086.715] CoTaskMemFree (pv=0x54ff30) [0086.715] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x224a1a8, cb=0x18 | out: lpmodinfo=0x224a1a8*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0086.716] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0086.716] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0086.718] CoTaskMemFree (pv=0x5547c0) [0086.718] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0086.718] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0086.719] CoTaskMemFree (pv=0x54d6e0) [0086.719] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpmodinfo=0x224c350, cb=0x18 | out: lpmodinfo=0x224c350*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0086.721] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0086.721] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0086.722] CoTaskMemFree (pv=0x54f720) [0086.722] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0086.722] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0086.724] CoTaskMemFree (pv=0x54f720) [0086.724] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c760000, lpmodinfo=0x224e508, cb=0x18 | out: lpmodinfo=0x224e508*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0086.726] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0086.726] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0086.727] CoTaskMemFree (pv=0x5547c0) [0086.727] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0086.727] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0086.729] CoTaskMemFree (pv=0x5547c0) [0086.729] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x22506d0, cb=0x18 | out: lpmodinfo=0x22506d0*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0086.731] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0086.731] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0086.732] CoTaskMemFree (pv=0x54ef10) [0086.732] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0086.732] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0086.734] CoTaskMemFree (pv=0x54d6e0) [0086.734] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpmodinfo=0x22529a0, cb=0x18 | out: lpmodinfo=0x22529a0*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0086.736] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0086.736] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0086.738] CoTaskMemFree (pv=0x550f50) [0086.738] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0086.738] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0086.739] CoTaskMemFree (pv=0x54e700) [0086.740] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x2254b48, cb=0x18 | out: lpmodinfo=0x2254b48*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0086.741] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0086.741] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0086.743] CoTaskMemFree (pv=0x5537a0) [0086.743] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0086.743] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0086.747] CoTaskMemFree (pv=0x54def0) [0086.747] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x2256d10, cb=0x18 | out: lpmodinfo=0x2256d10*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0086.749] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0086.749] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0086.751] CoTaskMemFree (pv=0x551f70) [0086.751] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0086.751] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0086.753] CoTaskMemFree (pv=0x550740) [0086.753] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x2258ec8, cb=0x18 | out: lpmodinfo=0x2258ec8*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0086.755] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0086.755] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0086.757] CoTaskMemFree (pv=0x5547c0) [0086.757] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0086.757] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0086.759] CoTaskMemFree (pv=0x552f90) [0086.759] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpmodinfo=0x225b070, cb=0x18 | out: lpmodinfo=0x225b070*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0086.761] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0086.761] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0086.763] CoTaskMemFree (pv=0x550f50) [0086.763] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0086.763] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0086.766] CoTaskMemFree (pv=0x550f50) [0086.766] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8642b0000, lpmodinfo=0x225d218, cb=0x18 | out: lpmodinfo=0x225d218*(lpBaseOfDll=0x7ff8642b0000, SizeOfImage=0xccd000, EntryPoint=0x7ff8643fe880)) returned 1 [0086.768] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0086.768] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8642b0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="IEFRAME.dll") returned 0xb [0086.770] CoTaskMemFree (pv=0x552780) [0086.770] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0086.770] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8642b0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IEFRAME.dll" (normalized: "c:\\windows\\system32\\ieframe.dll")) returned 0x1f [0086.772] CoTaskMemFree (pv=0x5537a0) [0086.772] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpmodinfo=0x225f3c0, cb=0x18 | out: lpmodinfo=0x225f3c0*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0086.778] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0086.778] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0086.780] CoTaskMemFree (pv=0x550f50) [0086.780] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0086.780] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0086.783] CoTaskMemFree (pv=0x54ef10) [0086.783] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x2261568, cb=0x18 | out: lpmodinfo=0x2261568*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0086.808] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0086.808] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0086.810] CoTaskMemFree (pv=0x54f720) [0086.810] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0086.810] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0086.812] CoTaskMemFree (pv=0x552f90) [0086.812] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d650000, lpmodinfo=0x2263720, cb=0x18 | out: lpmodinfo=0x2263720*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0086.815] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0086.815] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d650000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0086.817] CoTaskMemFree (pv=0x5547c0) [0086.817] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0086.817] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d650000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0086.820] CoTaskMemFree (pv=0x551760) [0086.820] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872050000, lpmodinfo=0x22658c8, cb=0x18 | out: lpmodinfo=0x22658c8*(lpBaseOfDll=0x7ff872050000, SizeOfImage=0x274000, EntryPoint=0x7ff8720c0400)) returned 1 [0086.822] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0086.822] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872050000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0086.825] CoTaskMemFree (pv=0x54def0) [0086.825] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0086.825] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872050000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")) returned 0x79 [0086.828] CoTaskMemFree (pv=0x54f720) [0086.828] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff864240000, lpmodinfo=0x2267b30, cb=0x18 | out: lpmodinfo=0x2267b30*(lpBaseOfDll=0x7ff864240000, SizeOfImage=0x6d000, EntryPoint=0x7ff864254ce0)) returned 1 [0086.830] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0086.830] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff864240000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="IEShims.dll") returned 0xb [0086.833] CoTaskMemFree (pv=0x551f70) [0086.833] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0086.833] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff864240000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\IEShims.dll" (normalized: "c:\\program files\\internet explorer\\ieshims.dll")) returned 0x2e [0086.836] CoTaskMemFree (pv=0x5537a0) [0086.836] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d530000, lpmodinfo=0x2269cf8, cb=0x18 | out: lpmodinfo=0x2269cf8*(lpBaseOfDll=0x7ff87d530000, SizeOfImage=0x10b000, EntryPoint=0x7ff87d552300)) returned 1 [0086.838] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0086.838] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d530000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="comdlg32.dll") returned 0xc [0086.841] CoTaskMemFree (pv=0x54ff30) [0086.841] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0086.841] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d530000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll")) returned 0x20 [0086.860] CoTaskMemFree (pv=0x551760) [0086.860] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87cdb0000, lpmodinfo=0x226beb0, cb=0x18 | out: lpmodinfo=0x226beb0*(lpBaseOfDll=0x7ff87cdb0000, SizeOfImage=0x86000, EntryPoint=0x7ff87cdbd8f0)) returned 1 [0086.862] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0086.862] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87cdb0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="FirewallAPI.dll") returned 0xf [0086.865] CoTaskMemFree (pv=0x54ff30) [0086.865] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0086.865] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87cdb0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0086.868] CoTaskMemFree (pv=0x54d6e0) [0086.868] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d0a0000, lpmodinfo=0x226e068, cb=0x18 | out: lpmodinfo=0x226e068*(lpBaseOfDll=0x7ff87d0a0000, SizeOfImage=0x17000, EntryPoint=0x7ff87d0a1390)) returned 1 [0086.871] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0086.871] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d0a0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="NETAPI32.dll") returned 0xc [0086.873] CoTaskMemFree (pv=0x551760) [0086.874] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0086.874] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d0a0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NETAPI32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")) returned 0x20 [0086.876] CoTaskMemFree (pv=0x54f720) [0086.877] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8744e0000, lpmodinfo=0x2270220, cb=0x18 | out: lpmodinfo=0x2270220*(lpBaseOfDll=0x7ff8744e0000, SizeOfImage=0xc000, EntryPoint=0x7ff8744e1860)) returned 1 [0086.879] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0086.879] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8744e0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="DAVHLPR.DLL") returned 0xb [0086.882] CoTaskMemFree (pv=0x550f50) [0086.882] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0086.882] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8744e0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DAVHLPR.DLL" (normalized: "c:\\windows\\system32\\davhlpr.dll")) returned 0x1f [0086.886] CoTaskMemFree (pv=0x54def0) [0086.886] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b340000, lpmodinfo=0x22723c8, cb=0x18 | out: lpmodinfo=0x22723c8*(lpBaseOfDll=0x7ff87b340000, SizeOfImage=0x32000, EntryPoint=0x7ff87b352340)) returned 1 [0086.889] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0086.889] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b340000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="fwbase.dll") returned 0xa [0086.892] CoTaskMemFree (pv=0x54e700) [0086.892] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0086.892] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b340000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")) returned 0x1e [0086.915] CoTaskMemFree (pv=0x5547c0) [0086.915] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87af40000, lpmodinfo=0x2274788, cb=0x18 | out: lpmodinfo=0x2274788*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff864243ba0)) returned 1 [0086.919] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0086.919] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0086.922] CoTaskMemFree (pv=0x54ff30) [0086.922] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0086.922] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0086.926] CoTaskMemFree (pv=0x54ef10) [0086.926] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870840000, lpmodinfo=0x2276930, cb=0x18 | out: lpmodinfo=0x2276930*(lpBaseOfDll=0x7ff870840000, SizeOfImage=0x1b8000, EntryPoint=0x7ff864243ba0)) returned 1 [0086.929] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0086.929] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870840000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="urlmon.dll") returned 0xa [0086.932] CoTaskMemFree (pv=0x550740) [0086.932] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0086.932] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870840000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")) returned 0x1e [0086.936] CoTaskMemFree (pv=0x5537a0) [0086.936] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fbb0000, lpmodinfo=0x2278ad8, cb=0x18 | out: lpmodinfo=0x2278ad8*(lpBaseOfDll=0x7ff87fbb0000, SizeOfImage=0x15a000, EntryPoint=0x7ff864243ba0)) returned 1 [0086.939] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0086.939] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fbb0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0086.942] CoTaskMemFree (pv=0x552f90) [0086.943] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0086.943] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fbb0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0086.947] CoTaskMemFree (pv=0x551f70) [0086.947] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a590000, lpmodinfo=0x227ac80, cb=0x18 | out: lpmodinfo=0x227ac80*(lpBaseOfDll=0x7ff87a590000, SizeOfImage=0x22000, EntryPoint=0x7ff864243ba0)) returned 1 [0086.971] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0086.971] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a590000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0086.974] CoTaskMemFree (pv=0x54ff30) [0086.974] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0086.974] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a590000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0086.977] CoTaskMemFree (pv=0x54def0) [0086.977] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86ec80000, lpmodinfo=0x227ce28, cb=0x18 | out: lpmodinfo=0x227ce28*(lpBaseOfDll=0x7ff86ec80000, SizeOfImage=0x28e000, EntryPoint=0x7ff864243ba0)) returned 1 [0086.981] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0086.981] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86ec80000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="WININET.dll") returned 0xb [0086.984] CoTaskMemFree (pv=0x552f90) [0086.984] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0086.984] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86ec80000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WININET.dll" (normalized: "c:\\windows\\system32\\wininet.dll")) returned 0x1f [0086.988] CoTaskMemFree (pv=0x54f720) [0086.988] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x227efd0, cb=0x18 | out: lpmodinfo=0x227efd0*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff864243ba0)) returned 1 [0086.991] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0086.991] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0086.995] CoTaskMemFree (pv=0x54ff30) [0086.995] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0086.995] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0086.999] CoTaskMemFree (pv=0x553fb0) [0086.999] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c2a0000, lpmodinfo=0x2281178, cb=0x18 | out: lpmodinfo=0x2281178*(lpBaseOfDll=0x7ff86c2a0000, SizeOfImage=0xe000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.038] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0087.038] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c2a0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="tokenbinding.dll") returned 0x10 [0087.041] CoTaskMemFree (pv=0x553fb0) [0087.041] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0087.041] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c2a0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\tokenbinding.dll" (normalized: "c:\\windows\\system32\\tokenbinding.dll")) returned 0x24 [0087.045] CoTaskMemFree (pv=0x551f70) [0087.045] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x2283340, cb=0x18 | out: lpmodinfo=0x2283340*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.049] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0087.049] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0087.052] CoTaskMemFree (pv=0x552780) [0087.053] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0087.053] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0087.056] CoTaskMemFree (pv=0x551f70) [0087.056] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpmodinfo=0x22854e8, cb=0x18 | out: lpmodinfo=0x22854e8*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.060] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0087.060] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0087.063] CoTaskMemFree (pv=0x550f50) [0087.064] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0087.064] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0087.067] CoTaskMemFree (pv=0x552780) [0087.067] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874ab0000, lpmodinfo=0x2287690, cb=0x18 | out: lpmodinfo=0x2287690*(lpBaseOfDll=0x7ff874ab0000, SizeOfImage=0x15000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.071] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0087.071] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874ab0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0087.078] CoTaskMemFree (pv=0x550f50) [0087.078] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0087.078] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874ab0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0087.082] CoTaskMemFree (pv=0x552f90) [0087.082] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875480000, lpmodinfo=0x2289878, cb=0x18 | out: lpmodinfo=0x2289878*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.086] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0087.086] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875480000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0087.089] CoTaskMemFree (pv=0x54e700) [0087.090] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0087.090] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875480000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0087.094] CoTaskMemFree (pv=0x54d6e0) [0087.094] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878b20000, lpmodinfo=0x228ba30, cb=0x18 | out: lpmodinfo=0x228ba30*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.097] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0087.097] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878b20000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0087.102] CoTaskMemFree (pv=0x54ef10) [0087.102] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0087.102] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878b20000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0087.106] CoTaskMemFree (pv=0x552f90) [0087.106] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87be90000, lpmodinfo=0x228dbd8, cb=0x18 | out: lpmodinfo=0x228dbd8*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.120] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0087.120] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0087.124] CoTaskMemFree (pv=0x553fb0) [0087.124] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0087.124] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0087.128] CoTaskMemFree (pv=0x550740) [0087.128] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpmodinfo=0x228fd80, cb=0x18 | out: lpmodinfo=0x228fd80*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.132] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0087.132] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0087.136] CoTaskMemFree (pv=0x550f50) [0087.136] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0087.136] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0087.140] CoTaskMemFree (pv=0x551760) [0087.140] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpmodinfo=0x2291f28, cb=0x18 | out: lpmodinfo=0x2291f28*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.144] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0087.144] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0087.148] CoTaskMemFree (pv=0x550f50) [0087.148] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0087.148] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0087.165] CoTaskMemFree (pv=0x54ff30) [0087.165] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpmodinfo=0x22940c0, cb=0x18 | out: lpmodinfo=0x22940c0*(lpBaseOfDll=0x7ff878ff0000, SizeOfImage=0x36000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.169] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0087.169] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0087.173] CoTaskMemFree (pv=0x550740) [0087.173] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0087.173] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0087.178] CoTaskMemFree (pv=0x54ff30) [0087.178] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b030000, lpmodinfo=0x2296268, cb=0x18 | out: lpmodinfo=0x2296268*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.182] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0087.182] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b030000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0087.187] CoTaskMemFree (pv=0x54ef10) [0087.187] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0087.187] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b030000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0087.191] CoTaskMemFree (pv=0x551760) [0087.191] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874830000, lpmodinfo=0x2298410, cb=0x18 | out: lpmodinfo=0x2298410*(lpBaseOfDll=0x7ff874830000, SizeOfImage=0xa000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.195] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0087.195] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874830000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0087.202] CoTaskMemFree (pv=0x54d6e0) [0087.202] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0087.202] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874830000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0087.206] CoTaskMemFree (pv=0x5537a0) [0087.207] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpmodinfo=0x229a5c8, cb=0x18 | out: lpmodinfo=0x229a5c8*(lpBaseOfDll=0x7ff874fc0000, SizeOfImage=0x67000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.211] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0087.211] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0087.222] CoTaskMemFree (pv=0x551760) [0087.222] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0087.222] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0087.231] CoTaskMemFree (pv=0x54f720) [0087.231] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c060000, lpmodinfo=0x229c780, cb=0x18 | out: lpmodinfo=0x229c780*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.236] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0087.236] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0087.240] CoTaskMemFree (pv=0x550740) [0087.240] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0087.240] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0087.245] CoTaskMemFree (pv=0x54f720) [0087.245] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff863f30000, lpmodinfo=0x229e938, cb=0x18 | out: lpmodinfo=0x229e938*(lpBaseOfDll=0x7ff863f30000, SizeOfImage=0x1b2000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.252] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0087.252] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff863f30000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="ieapfltr.dll") returned 0xc [0087.258] CoTaskMemFree (pv=0x552780) [0087.258] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0087.258] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff863f30000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ieapfltr.dll" (normalized: "c:\\windows\\system32\\ieapfltr.dll")) returned 0x20 [0087.265] CoTaskMemFree (pv=0x552f90) [0087.265] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpmodinfo=0x22a0af0, cb=0x18 | out: lpmodinfo=0x22a0af0*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.271] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0087.271] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0087.278] CoTaskMemFree (pv=0x54def0) [0087.278] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0087.278] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0087.343] CoTaskMemFree (pv=0x551f70) [0087.343] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpmodinfo=0x22a2c98, cb=0x18 | out: lpmodinfo=0x22a2c98*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.350] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0087.350] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0087.356] CoTaskMemFree (pv=0x5537a0) [0087.356] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0087.356] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0087.380] CoTaskMemFree (pv=0x5547c0) [0087.380] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff863e70000, lpmodinfo=0x22a4e40, cb=0x18 | out: lpmodinfo=0x22a4e40*(lpBaseOfDll=0x7ff863e70000, SizeOfImage=0x94000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.386] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0087.386] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff863e70000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="IEUI.dll") returned 0x8 [0087.392] CoTaskMemFree (pv=0x551f70) [0087.392] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0087.392] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff863e70000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IEUI.dll" (normalized: "c:\\windows\\system32\\ieui.dll")) returned 0x1c [0087.416] CoTaskMemFree (pv=0x54e700) [0087.417] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f5d0000, lpmodinfo=0x22a6fe8, cb=0x18 | out: lpmodinfo=0x22a6fe8*(lpBaseOfDll=0x7ff87f5d0000, SizeOfImage=0x6f000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.423] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0087.423] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f5d0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="coml2.dll") returned 0x9 [0087.430] CoTaskMemFree (pv=0x552780) [0087.430] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0087.430] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f5d0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll")) returned 0x1d [0087.437] CoTaskMemFree (pv=0x54def0) [0087.437] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x22a9190, cb=0x18 | out: lpmodinfo=0x22a9190*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.443] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0087.443] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0087.450] CoTaskMemFree (pv=0x5547c0) [0087.450] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0087.450] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0087.466] CoTaskMemFree (pv=0x54e700) [0087.466] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff865970000, lpmodinfo=0x22ab338, cb=0x18 | out: lpmodinfo=0x22ab338*(lpBaseOfDll=0x7ff865970000, SizeOfImage=0xac000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.473] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0087.473] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff865970000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="ieproxy.dll") returned 0xb [0087.480] CoTaskMemFree (pv=0x54ff30) [0087.480] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0087.480] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff865970000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ieproxy.dll" (normalized: "c:\\windows\\system32\\ieproxy.dll")) returned 0x1f [0087.486] CoTaskMemFree (pv=0x54d6e0) [0087.486] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879920000, lpmodinfo=0x22ad4e0, cb=0x18 | out: lpmodinfo=0x22ad4e0*(lpBaseOfDll=0x7ff879920000, SizeOfImage=0x1b1000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.496] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0087.496] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879920000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="windowscodecs.dll") returned 0x11 [0087.504] CoTaskMemFree (pv=0x552780) [0087.504] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0087.504] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879920000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windowscodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")) returned 0x25 [0087.510] CoTaskMemFree (pv=0x54ef10) [0087.510] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e490000, lpmodinfo=0x22af6a8, cb=0x18 | out: lpmodinfo=0x22af6a8*(lpBaseOfDll=0x7ff86e490000, SizeOfImage=0x6a000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.517] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0087.517] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e490000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="oleacc.dll") returned 0xa [0087.523] CoTaskMemFree (pv=0x550740) [0087.523] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0087.523] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e490000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")) returned 0x1e [0087.532] CoTaskMemFree (pv=0x54e700) [0087.532] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e390000, lpmodinfo=0x22b1850, cb=0x18 | out: lpmodinfo=0x22b1850*(lpBaseOfDll=0x7ff86e390000, SizeOfImage=0x4a000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.538] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0087.538] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e390000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="dataexchange.dll") returned 0x10 [0087.546] CoTaskMemFree (pv=0x54e700) [0087.546] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0087.546] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e390000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dataexchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll")) returned 0x24 [0087.554] CoTaskMemFree (pv=0x551f70) [0087.554] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a2e0000, lpmodinfo=0x22b3a18, cb=0x18 | out: lpmodinfo=0x22b3a18*(lpBaseOfDll=0x7ff87a2e0000, SizeOfImage=0x2a8000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.561] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0087.561] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a2e0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="d3d11.dll") returned 0x9 [0087.568] CoTaskMemFree (pv=0x551f70) [0087.568] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0087.568] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a2e0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll")) returned 0x1d [0087.573] CoTaskMemFree (pv=0x54def0) [0087.573] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a6a0000, lpmodinfo=0x22b5bc0, cb=0x18 | out: lpmodinfo=0x22b5bc0*(lpBaseOfDll=0x7ff87a6a0000, SizeOfImage=0xe3000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.590] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0087.590] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a6a0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="dcomp.dll") returned 0x9 [0087.597] CoTaskMemFree (pv=0x5547c0) [0087.597] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0087.597] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a6a0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll")) returned 0x1d [0087.604] CoTaskMemFree (pv=0x550f50) [0087.604] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a230000, lpmodinfo=0x22b8180, cb=0x18 | out: lpmodinfo=0x22b8180*(lpBaseOfDll=0x7ff87a230000, SizeOfImage=0xa2000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.611] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0087.611] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a230000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="dxgi.dll") returned 0x8 [0087.619] CoTaskMemFree (pv=0x551760) [0087.619] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0087.619] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a230000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")) returned 0x1c [0087.638] CoTaskMemFree (pv=0x551f70) [0087.638] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpmodinfo=0x22ba328, cb=0x18 | out: lpmodinfo=0x22ba328*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.646] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0087.646] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0087.663] CoTaskMemFree (pv=0x550740) [0087.663] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0087.663] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0087.669] CoTaskMemFree (pv=0x551760) [0087.669] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86def0000, lpmodinfo=0x22bc4f0, cb=0x18 | out: lpmodinfo=0x22bc4f0*(lpBaseOfDll=0x7ff86def0000, SizeOfImage=0x4a0000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.674] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0087.674] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86def0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="explorerframe.dll") returned 0x11 [0087.682] CoTaskMemFree (pv=0x54d6e0) [0087.682] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0087.682] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86def0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\explorerframe.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll")) returned 0x25 [0087.689] CoTaskMemFree (pv=0x54d6e0) [0087.689] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86dea0000, lpmodinfo=0x22be6b8, cb=0x18 | out: lpmodinfo=0x22be6b8*(lpBaseOfDll=0x7ff86dea0000, SizeOfImage=0x50000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.696] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0087.696] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86dea0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="edputil.dll") returned 0xb [0087.704] CoTaskMemFree (pv=0x54def0) [0087.704] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0087.704] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86dea0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll")) returned 0x1f [0087.712] CoTaskMemFree (pv=0x5537a0) [0087.712] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff862360000, lpmodinfo=0x22c0860, cb=0x18 | out: lpmodinfo=0x22c0860*(lpBaseOfDll=0x7ff862360000, SizeOfImage=0x178d000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.725] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0087.725] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff862360000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="mshtml.dll") returned 0xa [0087.735] CoTaskMemFree (pv=0x54ff30) [0087.735] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0087.735] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff862360000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\mshtml.dll" (normalized: "c:\\windows\\system32\\mshtml.dll")) returned 0x1e [0087.743] CoTaskMemFree (pv=0x54def0) [0087.743] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d170000, lpmodinfo=0x22c2a08, cb=0x18 | out: lpmodinfo=0x22c2a08*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.751] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0087.751] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0087.761] CoTaskMemFree (pv=0x54e700) [0087.761] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0087.761] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0087.767] CoTaskMemFree (pv=0x54e700) [0087.767] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpmodinfo=0x22c4bb0, cb=0x18 | out: lpmodinfo=0x22c4bb0*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.772] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0087.772] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0087.778] CoTaskMemFree (pv=0x550740) [0087.778] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0087.778] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0087.785] CoTaskMemFree (pv=0x54ff30) [0087.785] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpmodinfo=0x22c6d58, cb=0x18 | out: lpmodinfo=0x22c6d58*(lpBaseOfDll=0x7ff87bc10000, SizeOfImage=0xa000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.790] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0087.790] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="DPAPI.dll") returned 0x9 [0087.804] CoTaskMemFree (pv=0x553fb0) [0087.804] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0087.804] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DPAPI.dll" (normalized: "c:\\windows\\system32\\dpapi.dll")) returned 0x1d [0087.810] CoTaskMemFree (pv=0x552f90) [0087.810] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpmodinfo=0x22c8f00, cb=0x18 | out: lpmodinfo=0x22c8f00*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.816] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0087.816] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0087.822] CoTaskMemFree (pv=0x550f50) [0087.822] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0087.822] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0087.829] CoTaskMemFree (pv=0x54e700) [0087.829] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872540000, lpmodinfo=0x22cb0a8, cb=0x18 | out: lpmodinfo=0x22cb0a8*(lpBaseOfDll=0x7ff872540000, SizeOfImage=0x27a000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.893] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0087.893] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872540000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="msxml6.dll") returned 0xa [0087.899] CoTaskMemFree (pv=0x551760) [0087.899] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0087.899] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872540000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")) returned 0x1e [0087.906] CoTaskMemFree (pv=0x551f70) [0087.906] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bb10000, lpmodinfo=0x22cd250, cb=0x18 | out: lpmodinfo=0x22cd250*(lpBaseOfDll=0x7ff87bb10000, SizeOfImage=0x7a000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.912] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0087.912] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bb10000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0087.918] CoTaskMemFree (pv=0x552f90) [0087.918] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0087.918] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bb10000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0087.924] CoTaskMemFree (pv=0x54d6e0) [0087.924] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c8b0000, lpmodinfo=0x22cf408, cb=0x18 | out: lpmodinfo=0x22cf408*(lpBaseOfDll=0x7ff86c8b0000, SizeOfImage=0x14000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.938] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0087.938] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c8b0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0087.946] CoTaskMemFree (pv=0x552780) [0087.946] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0087.946] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c8b0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0087.952] CoTaskMemFree (pv=0x552f90) [0087.952] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c130000, lpmodinfo=0x22d15d0, cb=0x18 | out: lpmodinfo=0x22d15d0*(lpBaseOfDll=0x7ff87c130000, SizeOfImage=0x27000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.959] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0087.959] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c130000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0087.965] CoTaskMemFree (pv=0x54ef10) [0087.965] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0087.966] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c130000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0087.971] CoTaskMemFree (pv=0x550f50) [0087.972] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c0f0000, lpmodinfo=0x22d3778, cb=0x18 | out: lpmodinfo=0x22d3778*(lpBaseOfDll=0x7ff87c0f0000, SizeOfImage=0x3a000, EntryPoint=0x7ff864243ba0)) returned 1 [0087.981] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0087.981] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c0f0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0087.988] CoTaskMemFree (pv=0x54ff30) [0087.988] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0087.988] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c0f0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0087.995] CoTaskMemFree (pv=0x54f720) [0087.995] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c960000, lpmodinfo=0x22d5920, cb=0x18 | out: lpmodinfo=0x22d5920*(lpBaseOfDll=0x7ff86c960000, SizeOfImage=0x1e000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.001] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0088.001] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c960000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0088.008] CoTaskMemFree (pv=0x54e700) [0088.008] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0088.008] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c960000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0088.027] CoTaskMemFree (pv=0x551f70) [0088.027] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d340000, lpmodinfo=0x22d7ad8, cb=0x18 | out: lpmodinfo=0x22d7ad8*(lpBaseOfDll=0x7ff87d340000, SizeOfImage=0x55000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.035] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0088.035] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d340000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0088.044] CoTaskMemFree (pv=0x5537a0) [0088.044] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0088.044] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d340000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0088.051] CoTaskMemFree (pv=0x551760) [0088.051] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpmodinfo=0x22d9c90, cb=0x18 | out: lpmodinfo=0x22d9c90*(lpBaseOfDll=0x7ff87b5c0000, SizeOfImage=0x24000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.059] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0088.059] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="gpapi.dll") returned 0x9 [0088.066] CoTaskMemFree (pv=0x54e700) [0088.066] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0088.066] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0088.073] CoTaskMemFree (pv=0x551f70) [0088.073] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879c90000, lpmodinfo=0x22dbe38, cb=0x18 | out: lpmodinfo=0x22dbe38*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.080] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0088.080] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0088.086] CoTaskMemFree (pv=0x551f70) [0088.086] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0088.086] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0088.094] CoTaskMemFree (pv=0x551760) [0088.095] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870dc0000, lpmodinfo=0x22ddff0, cb=0x18 | out: lpmodinfo=0x22ddff0*(lpBaseOfDll=0x7ff870dc0000, SizeOfImage=0xc000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.102] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0088.102] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870dc0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="Secur32.dll") returned 0xb [0088.109] CoTaskMemFree (pv=0x54ff30) [0088.109] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0088.109] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870dc0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0088.116] CoTaskMemFree (pv=0x551760) [0088.116] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c2e0000, lpmodinfo=0x22e0198, cb=0x18 | out: lpmodinfo=0x22e0198*(lpBaseOfDll=0x7ff86c2e0000, SizeOfImage=0x3e000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.123] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0088.123] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c2e0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="MLANG.dll") returned 0x9 [0088.140] CoTaskMemFree (pv=0x5547c0) [0088.140] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0088.140] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c2e0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MLANG.dll" (normalized: "c:\\windows\\system32\\mlang.dll")) returned 0x1d [0088.147] CoTaskMemFree (pv=0x553fb0) [0088.147] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpmodinfo=0x22e2340, cb=0x18 | out: lpmodinfo=0x22e2340*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.154] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0088.154] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0088.161] CoTaskMemFree (pv=0x553fb0) [0088.161] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0088.161] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0088.169] CoTaskMemFree (pv=0x550740) [0088.169] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8615d0000, lpmodinfo=0x22e44e8, cb=0x18 | out: lpmodinfo=0x22e44e8*(lpBaseOfDll=0x7ff8615d0000, SizeOfImage=0x7000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.177] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0088.177] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8615d0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="MSIMG32.dll") returned 0xb [0088.185] CoTaskMemFree (pv=0x54f720) [0088.185] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0088.185] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8615d0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSIMG32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll")) returned 0x1f [0088.191] CoTaskMemFree (pv=0x5537a0) [0088.191] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e7b0000, lpmodinfo=0x22e6690, cb=0x18 | out: lpmodinfo=0x22e6690*(lpBaseOfDll=0x7ff86e7b0000, SizeOfImage=0xf9000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.199] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0088.199] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e7b0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="SettingSyncCore.dll") returned 0x13 [0088.210] CoTaskMemFree (pv=0x54d6e0) [0088.210] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0088.210] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e7b0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll")) returned 0x27 [0088.224] CoTaskMemFree (pv=0x54d6e0) [0088.224] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpmodinfo=0x22e8858, cb=0x18 | out: lpmodinfo=0x22e8858*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.232] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0088.232] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0088.240] CoTaskMemFree (pv=0x54ef10) [0088.240] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0088.240] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0088.247] CoTaskMemFree (pv=0x54ef10) [0088.247] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e8b0000, lpmodinfo=0x22eaa00, cb=0x18 | out: lpmodinfo=0x22eaa00*(lpBaseOfDll=0x7ff86e8b0000, SizeOfImage=0x15000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.256] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0088.256] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e8b0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="settingsyncpolicy.dll") returned 0x15 [0088.264] CoTaskMemFree (pv=0x552780) [0088.264] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0088.264] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e8b0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\settingsyncpolicy.dll" (normalized: "c:\\windows\\system32\\settingsyncpolicy.dll")) returned 0x29 [0088.272] CoTaskMemFree (pv=0x54f720) [0088.272] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878830000, lpmodinfo=0x22ecbd8, cb=0x18 | out: lpmodinfo=0x22ecbd8*(lpBaseOfDll=0x7ff878830000, SizeOfImage=0x55000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.279] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0088.279] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878830000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="policymanager.dll") returned 0x11 [0088.288] CoTaskMemFree (pv=0x54d6e0) [0088.288] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0088.288] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878830000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")) returned 0x25 [0088.296] CoTaskMemFree (pv=0x551760) [0088.297] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878e80000, lpmodinfo=0x22eeda0, cb=0x18 | out: lpmodinfo=0x22eeda0*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.304] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0088.304] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878e80000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0088.312] CoTaskMemFree (pv=0x5537a0) [0088.312] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0088.312] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878e80000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0088.320] CoTaskMemFree (pv=0x551760) [0088.320] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e6e0000, lpmodinfo=0x22f0f68, cb=0x18 | out: lpmodinfo=0x22f0f68*(lpBaseOfDll=0x7ff86e6e0000, SizeOfImage=0xce000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.330] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0088.330] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e6e0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="TokenBroker.dll") returned 0xf [0088.338] CoTaskMemFree (pv=0x551760) [0088.338] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0088.338] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e6e0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll")) returned 0x23 [0088.347] CoTaskMemFree (pv=0x5547c0) [0088.347] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff876870000, lpmodinfo=0x22f3120, cb=0x18 | out: lpmodinfo=0x22f3120*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.354] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0088.354] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff876870000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0088.376] CoTaskMemFree (pv=0x551760) [0088.376] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0088.376] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff876870000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0088.384] CoTaskMemFree (pv=0x552f90) [0088.384] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpmodinfo=0x22f52d8, cb=0x18 | out: lpmodinfo=0x22f52d8*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.392] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0088.392] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0088.400] CoTaskMemFree (pv=0x54d6e0) [0088.400] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0088.400] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0088.409] CoTaskMemFree (pv=0x552780) [0088.409] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875450000, lpmodinfo=0x22f7490, cb=0x18 | out: lpmodinfo=0x22f7490*(lpBaseOfDll=0x7ff875450000, SizeOfImage=0x28000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.416] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0088.416] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875450000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="IDStore.dll") returned 0xb [0088.424] CoTaskMemFree (pv=0x54ef10) [0088.424] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0088.424] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875450000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll")) returned 0x1f [0088.432] CoTaskMemFree (pv=0x54def0) [0088.432] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87aca0000, lpmodinfo=0x22f9638, cb=0x18 | out: lpmodinfo=0x22f9638*(lpBaseOfDll=0x7ff87aca0000, SizeOfImage=0x1c000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.440] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0088.440] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87aca0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="SAMLIB.dll") returned 0xa [0088.451] CoTaskMemFree (pv=0x552780) [0088.451] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0088.451] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87aca0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SAMLIB.dll" (normalized: "c:\\windows\\system32\\samlib.dll")) returned 0x1e [0088.460] CoTaskMemFree (pv=0x54def0) [0088.460] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861500000, lpmodinfo=0x22fb7e0, cb=0x18 | out: lpmodinfo=0x22fb7e0*(lpBaseOfDll=0x7ff861500000, SizeOfImage=0xc5000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.468] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0088.468] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861500000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="msfeeds.dll") returned 0xb [0088.476] CoTaskMemFree (pv=0x553fb0) [0088.476] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0088.476] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861500000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msfeeds.dll" (normalized: "c:\\windows\\system32\\msfeeds.dll")) returned 0x1f [0088.597] CoTaskMemFree (pv=0x550740) [0088.597] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875230000, lpmodinfo=0x22fd988, cb=0x18 | out: lpmodinfo=0x22fd988*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.606] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0088.606] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875230000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0088.613] CoTaskMemFree (pv=0x553fb0) [0088.613] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0088.613] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875230000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0088.621] CoTaskMemFree (pv=0x54def0) [0088.621] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpmodinfo=0x22ffb30, cb=0x18 | out: lpmodinfo=0x22ffb30*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.638] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0088.638] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0088.647] CoTaskMemFree (pv=0x54ef10) [0088.647] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0088.647] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0088.656] CoTaskMemFree (pv=0x54d6e0) [0088.656] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8614e0000, lpmodinfo=0x2301ce8, cb=0x18 | out: lpmodinfo=0x2301ce8*(lpBaseOfDll=0x7ff8614e0000, SizeOfImage=0x16000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.664] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0088.664] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8614e0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="msfeedsbs.dll") returned 0xd [0088.673] CoTaskMemFree (pv=0x54d6e0) [0088.673] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0088.673] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8614e0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msfeedsbs.dll" (normalized: "c:\\windows\\system32\\msfeedsbs.dll")) returned 0x21 [0088.682] CoTaskMemFree (pv=0x553fb0) [0088.682] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878230000, lpmodinfo=0x2303ea0, cb=0x18 | out: lpmodinfo=0x2303ea0*(lpBaseOfDll=0x7ff878230000, SizeOfImage=0xbf000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.690] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0088.690] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878230000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0088.699] CoTaskMemFree (pv=0x5537a0) [0088.699] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0088.699] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878230000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0088.708] CoTaskMemFree (pv=0x5537a0) [0088.708] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c480000, lpmodinfo=0x2306058, cb=0x18 | out: lpmodinfo=0x2306058*(lpBaseOfDll=0x7ff87c480000, SizeOfImage=0x99000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.717] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0088.717] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c480000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="sxs.dll") returned 0x7 [0088.725] CoTaskMemFree (pv=0x54ef10) [0088.725] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0088.725] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c480000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0088.734] CoTaskMemFree (pv=0x54ff30) [0088.734] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd10000, lpmodinfo=0x23081f0, cb=0x18 | out: lpmodinfo=0x23081f0*(lpBaseOfDll=0x7ff87fd10000, SizeOfImage=0x1c000, EntryPoint=0x7ff864243ba0)) returned 1 [0088.742] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0088.742] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd10000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="imagehlp.dll") returned 0xc [0088.756] CoTaskMemFree (pv=0x54d6e0) [0088.756] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0088.756] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd10000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\imagehlp.dll" (normalized: "c:\\windows\\system32\\imagehlp.dll")) returned 0x20 [0088.765] CoTaskMemFree (pv=0x553fb0) [0088.765] CloseHandle (hObject=0x25c) returned 1 [0088.766] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0088.766] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x12c) returned 0x0 [0088.767] EnumProcesses (in: lpidProcess=0x230cb78, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x230cb78, lpcbNeeded=0x14ee58) returned 1 [0088.776] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x14eab0, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0088.778] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x378) returned 0x25c [0088.779] EnumProcessModules (in: hProcess=0x25c, lphModule=0x230d8a8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x230d8a8, lpcbNeeded=0x14ef68) returned 1 [0088.785] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpmodinfo=0x230db18, cb=0x18 | out: lpmodinfo=0x230db18*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0088.785] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0088.785] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0088.786] CoTaskMemFree (pv=0x54def0) [0088.786] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0088.786] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0088.786] CoTaskMemFree (pv=0x54ff30) [0088.786] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x230fcf8, cb=0x18 | out: lpmodinfo=0x230fcf8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0088.787] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0088.787] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0088.787] CoTaskMemFree (pv=0x5537a0) [0088.787] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0088.787] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0088.788] CoTaskMemFree (pv=0x5537a0) [0088.788] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x2311ea0, cb=0x18 | out: lpmodinfo=0x2311ea0*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0088.788] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0088.788] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0088.789] CoTaskMemFree (pv=0x5547c0) [0088.789] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0088.789] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0088.789] CoTaskMemFree (pv=0x553fb0) [0088.789] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x2314058, cb=0x18 | out: lpmodinfo=0x2314058*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0088.790] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0088.790] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0088.791] CoTaskMemFree (pv=0x552780) [0088.791] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0088.791] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0088.791] CoTaskMemFree (pv=0x550740) [0088.791] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x2316210, cb=0x18 | out: lpmodinfo=0x2316210*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0088.792] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0088.792] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0088.793] CoTaskMemFree (pv=0x54ef10) [0088.793] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0088.793] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0088.794] CoTaskMemFree (pv=0x54ff30) [0088.794] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x2318410, cb=0x18 | out: lpmodinfo=0x2318410*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0088.794] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0088.794] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0088.795] CoTaskMemFree (pv=0x551760) [0088.795] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0088.795] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0088.796] CoTaskMemFree (pv=0x551f70) [0088.796] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b760000, lpmodinfo=0x231a5b8, cb=0x18 | out: lpmodinfo=0x231a5b8*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0088.797] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0088.797] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0088.798] CoTaskMemFree (pv=0x54def0) [0088.798] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0088.798] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0088.799] CoTaskMemFree (pv=0x54def0) [0088.799] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x231c770, cb=0x18 | out: lpmodinfo=0x231c770*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0088.800] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0088.800] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0088.801] CoTaskMemFree (pv=0x552f90) [0088.801] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0088.801] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0088.802] CoTaskMemFree (pv=0x54ef10) [0088.802] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x231e918, cb=0x18 | out: lpmodinfo=0x231e918*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0088.803] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0088.803] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0088.804] CoTaskMemFree (pv=0x54def0) [0088.804] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0088.804] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0088.805] CoTaskMemFree (pv=0x552780) [0088.805] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x2320b58, cb=0x18 | out: lpmodinfo=0x2320b58*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0088.806] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0088.806] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0088.807] CoTaskMemFree (pv=0x552780) [0088.807] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0088.807] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0088.809] CoTaskMemFree (pv=0x551f70) [0088.809] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x2322d30, cb=0x18 | out: lpmodinfo=0x2322d30*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0088.810] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0088.810] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0088.811] CoTaskMemFree (pv=0x54ef10) [0088.811] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0088.811] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0088.813] CoTaskMemFree (pv=0x54f720) [0088.813] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x2324ef8, cb=0x18 | out: lpmodinfo=0x2324ef8*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0088.814] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0088.814] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0088.815] CoTaskMemFree (pv=0x550740) [0088.815] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0088.815] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0088.817] CoTaskMemFree (pv=0x54e700) [0088.817] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x23270a0, cb=0x18 | out: lpmodinfo=0x23270a0*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0088.818] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0088.818] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0088.824] CoTaskMemFree (pv=0x54ef10) [0088.824] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0088.825] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0088.826] CoTaskMemFree (pv=0x54f720) [0088.826] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8798c0000, lpmodinfo=0x2329248, cb=0x18 | out: lpmodinfo=0x2329248*(lpBaseOfDll=0x7ff8798c0000, SizeOfImage=0xb000, EntryPoint=0x7ff8798c1cd0)) returned 1 [0088.827] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0088.827] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8798c0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="lmhsvc.dll") returned 0xa [0088.829] CoTaskMemFree (pv=0x54ff30) [0088.829] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0088.829] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8798c0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll")) returned 0x1e [0088.830] CoTaskMemFree (pv=0x552780) [0088.830] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpmodinfo=0x232b3f0, cb=0x18 | out: lpmodinfo=0x232b3f0*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0088.832] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0088.832] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0088.833] CoTaskMemFree (pv=0x54f720) [0088.833] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0088.833] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0088.835] CoTaskMemFree (pv=0x552f90) [0088.835] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8798b0000, lpmodinfo=0x232d598, cb=0x18 | out: lpmodinfo=0x232d598*(lpBaseOfDll=0x7ff8798b0000, SizeOfImage=0x9000, EntryPoint=0x7ff8798b19a0)) returned 1 [0088.837] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0088.837] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8798b0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="nrpsrv.DLL") returned 0xa [0088.838] CoTaskMemFree (pv=0x54d6e0) [0088.838] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0088.838] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8798b0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nrpsrv.DLL" (normalized: "c:\\windows\\system32\\nrpsrv.dll")) returned 0x1e [0088.840] CoTaskMemFree (pv=0x54def0) [0088.840] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878960000, lpmodinfo=0x232f740, cb=0x18 | out: lpmodinfo=0x232f740*(lpBaseOfDll=0x7ff878960000, SizeOfImage=0x1b1000, EntryPoint=0x7ff8789b3690)) returned 1 [0088.842] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0088.842] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878960000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="wevtsvc.dll") returned 0xb [0088.843] CoTaskMemFree (pv=0x551f70) [0088.843] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0088.843] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878960000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll")) returned 0x1f [0088.845] CoTaskMemFree (pv=0x550f50) [0088.845] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x2331a00, cb=0x18 | out: lpmodinfo=0x2331a00*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0088.848] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0088.848] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0088.850] CoTaskMemFree (pv=0x551f70) [0088.850] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0088.850] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0088.851] CoTaskMemFree (pv=0x550740) [0088.851] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x2333ba8, cb=0x18 | out: lpmodinfo=0x2333ba8*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0088.853] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0088.853] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="sspicli.dll") returned 0xb [0088.855] CoTaskMemFree (pv=0x551f70) [0088.855] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0088.855] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0088.857] CoTaskMemFree (pv=0x54ff30) [0088.857] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x2335d50, cb=0x18 | out: lpmodinfo=0x2335d50*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0088.860] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0088.860] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0088.862] CoTaskMemFree (pv=0x553fb0) [0088.862] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0088.862] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0088.864] CoTaskMemFree (pv=0x551f70) [0088.864] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87be90000, lpmodinfo=0x2337f08, cb=0x18 | out: lpmodinfo=0x2337f08*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0088.866] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0088.866] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0088.875] CoTaskMemFree (pv=0x550f50) [0088.875] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0088.875] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0088.877] CoTaskMemFree (pv=0x553fb0) [0088.877] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpmodinfo=0x233a0b0, cb=0x18 | out: lpmodinfo=0x233a0b0*(lpBaseOfDll=0x7ff87b5c0000, SizeOfImage=0x24000, EntryPoint=0x7ff87b5c3260)) returned 1 [0088.879] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0088.879] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="gpapi.dll") returned 0x9 [0088.882] CoTaskMemFree (pv=0x551f70) [0088.882] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0088.882] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0088.885] CoTaskMemFree (pv=0x550740) [0088.885] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpmodinfo=0x233c258, cb=0x18 | out: lpmodinfo=0x233c258*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0088.887] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0088.887] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0088.889] CoTaskMemFree (pv=0x552780) [0088.889] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0088.889] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0088.891] CoTaskMemFree (pv=0x54f720) [0088.891] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875b50000, lpmodinfo=0x233e400, cb=0x18 | out: lpmodinfo=0x233e400*(lpBaseOfDll=0x7ff875b50000, SizeOfImage=0x10b000, EntryPoint=0x7ff875b92610)) returned 1 [0088.893] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0088.893] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875b50000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="audiosrv.dll") returned 0xc [0088.896] CoTaskMemFree (pv=0x553fb0) [0088.896] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0088.896] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875b50000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll")) returned 0x20 [0088.898] CoTaskMemFree (pv=0x54def0) [0088.898] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x23405b8, cb=0x18 | out: lpmodinfo=0x23405b8*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0088.900] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0088.900] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0088.908] CoTaskMemFree (pv=0x551760) [0088.908] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0088.908] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0088.910] CoTaskMemFree (pv=0x5537a0) [0088.911] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878090000, lpmodinfo=0x2342770, cb=0x18 | out: lpmodinfo=0x2342770*(lpBaseOfDll=0x7ff878090000, SizeOfImage=0x70000, EntryPoint=0x7ff8780b2960)) returned 1 [0088.913] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0088.913] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878090000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="MMDevAPI.DLL") returned 0xc [0088.915] CoTaskMemFree (pv=0x551f70) [0088.915] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0088.916] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878090000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\MMDevAPI.DLL" (normalized: "c:\\windows\\system32\\mmdevapi.dll")) returned 0x20 [0088.918] CoTaskMemFree (pv=0x551760) [0088.918] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpmodinfo=0x2344928, cb=0x18 | out: lpmodinfo=0x2344928*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0088.920] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0088.920] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0088.923] CoTaskMemFree (pv=0x550f50) [0088.923] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0088.923] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0088.925] CoTaskMemFree (pv=0x54def0) [0088.925] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x2346ad0, cb=0x18 | out: lpmodinfo=0x2346ad0*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0088.928] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0088.928] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0088.930] CoTaskMemFree (pv=0x54f720) [0088.930] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0088.930] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0088.942] CoTaskMemFree (pv=0x54d6e0) [0088.942] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpmodinfo=0x2348c88, cb=0x18 | out: lpmodinfo=0x2348c88*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0088.946] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0088.946] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0088.950] CoTaskMemFree (pv=0x54ff30) [0088.950] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0088.950] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0088.962] CoTaskMemFree (pv=0x551760) [0088.962] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875ae0000, lpmodinfo=0x234ae30, cb=0x18 | out: lpmodinfo=0x234ae30*(lpBaseOfDll=0x7ff875ae0000, SizeOfImage=0x5d000, EntryPoint=0x7ff875af2bf0)) returned 1 [0088.965] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0088.965] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875ae0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="dhcpcore.dll") returned 0xc [0088.967] CoTaskMemFree (pv=0x54def0) [0088.967] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0088.967] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875ae0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll")) returned 0x20 [0088.970] CoTaskMemFree (pv=0x54f720) [0088.970] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b030000, lpmodinfo=0x234cfe8, cb=0x18 | out: lpmodinfo=0x234cfe8*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0088.973] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0088.973] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b030000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0088.976] CoTaskMemFree (pv=0x54def0) [0088.976] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0088.976] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b030000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0088.979] CoTaskMemFree (pv=0x54ef10) [0088.979] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpmodinfo=0x234f190, cb=0x18 | out: lpmodinfo=0x234f190*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0088.982] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0088.982] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0088.985] CoTaskMemFree (pv=0x54d6e0) [0088.985] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0088.985] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0088.988] CoTaskMemFree (pv=0x550740) [0088.988] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87cdb0000, lpmodinfo=0x2351328, cb=0x18 | out: lpmodinfo=0x2351328*(lpBaseOfDll=0x7ff87cdb0000, SizeOfImage=0x86000, EntryPoint=0x7ff87cdbd8f0)) returned 1 [0088.991] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0088.991] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87cdb0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="firewallapi.dll") returned 0xf [0088.994] CoTaskMemFree (pv=0x54e700) [0088.994] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0088.994] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87cdb0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\firewallapi.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0088.999] CoTaskMemFree (pv=0x5547c0) [0088.999] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b340000, lpmodinfo=0x23536f8, cb=0x18 | out: lpmodinfo=0x23536f8*(lpBaseOfDll=0x7ff87b340000, SizeOfImage=0x32000, EntryPoint=0x7ff87b352340)) returned 1 [0089.002] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0089.002] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b340000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="fwbase.dll") returned 0xa [0089.005] CoTaskMemFree (pv=0x54f720) [0089.005] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0089.005] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b340000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")) returned 0x1e [0089.008] CoTaskMemFree (pv=0x54def0) [0089.008] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x23558a0, cb=0x18 | out: lpmodinfo=0x23558a0*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0089.011] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0089.011] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0089.014] CoTaskMemFree (pv=0x5537a0) [0089.014] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0089.014] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0089.017] CoTaskMemFree (pv=0x54def0) [0089.017] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpmodinfo=0x2357a48, cb=0x18 | out: lpmodinfo=0x2357a48*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0089.021] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0089.021] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="winsta.dll") returned 0xa [0089.024] CoTaskMemFree (pv=0x550740) [0089.024] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0089.024] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0089.028] CoTaskMemFree (pv=0x5537a0) [0089.028] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpmodinfo=0x2359bf0, cb=0x18 | out: lpmodinfo=0x2359bf0*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0089.037] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0089.037] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0089.040] CoTaskMemFree (pv=0x552f90) [0089.040] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0089.040] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0089.044] CoTaskMemFree (pv=0x54ff30) [0089.044] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8754c0000, lpmodinfo=0x235bda8, cb=0x18 | out: lpmodinfo=0x235bda8*(lpBaseOfDll=0x7ff8754c0000, SizeOfImage=0x99000, EntryPoint=0x7ff8754da090)) returned 1 [0089.047] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0089.047] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8754c0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="wcmsvc.dll") returned 0xa [0089.050] CoTaskMemFree (pv=0x5547c0) [0089.050] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0089.050] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8754c0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wcmsvc.dll" (normalized: "c:\\windows\\system32\\wcmsvc.dll")) returned 0x1e [0089.055] CoTaskMemFree (pv=0x54d6e0) [0089.055] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d170000, lpmodinfo=0x235df50, cb=0x18 | out: lpmodinfo=0x235df50*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0089.059] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0089.059] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0089.062] CoTaskMemFree (pv=0x54f720) [0089.062] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0089.062] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0089.065] CoTaskMemFree (pv=0x54f720) [0089.065] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpmodinfo=0x23600f8, cb=0x18 | out: lpmodinfo=0x23600f8*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0089.068] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0089.068] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0089.079] CoTaskMemFree (pv=0x5547c0) [0089.079] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0089.079] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0089.082] CoTaskMemFree (pv=0x5547c0) [0089.082] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x23622a0, cb=0x18 | out: lpmodinfo=0x23622a0*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0089.086] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0089.086] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0089.090] CoTaskMemFree (pv=0x54ef10) [0089.090] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0089.090] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0089.093] CoTaskMemFree (pv=0x54d6e0) [0089.093] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875480000, lpmodinfo=0x2364458, cb=0x18 | out: lpmodinfo=0x2364458*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0089.097] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0089.097] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875480000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0089.101] CoTaskMemFree (pv=0x550f50) [0089.101] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0089.101] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875480000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0089.104] CoTaskMemFree (pv=0x54e700) [0089.104] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8752e0000, lpmodinfo=0x2366610, cb=0x18 | out: lpmodinfo=0x2366610*(lpBaseOfDll=0x7ff8752e0000, SizeOfImage=0x38000, EntryPoint=0x7ff8752e68f0)) returned 1 [0089.108] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0089.108] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8752e0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="wcmcsp.dll") returned 0xa [0089.119] CoTaskMemFree (pv=0x5537a0) [0089.119] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0089.119] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8752e0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wcmcsp.dll" (normalized: "c:\\windows\\system32\\wcmcsp.dll")) returned 0x1e [0089.123] CoTaskMemFree (pv=0x54def0) [0089.123] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875d20000, lpmodinfo=0x23687b8, cb=0x18 | out: lpmodinfo=0x23687b8*(lpBaseOfDll=0x7ff875d20000, SizeOfImage=0x11000, EntryPoint=0x7ff875d23320)) returned 1 [0089.126] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0089.126] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875d20000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="WMICLNT.dll") returned 0xb [0089.130] CoTaskMemFree (pv=0x551f70) [0089.130] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0089.130] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875d20000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WMICLNT.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")) returned 0x1f [0089.134] CoTaskMemFree (pv=0x550740) [0089.134] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8752d0000, lpmodinfo=0x236a960, cb=0x18 | out: lpmodinfo=0x236a960*(lpBaseOfDll=0x7ff8752d0000, SizeOfImage=0xe000, EntryPoint=0x7ff8752d2e50)) returned 1 [0089.138] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0089.138] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8752d0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="cmintegrator.dll") returned 0x10 [0089.141] CoTaskMemFree (pv=0x5547c0) [0089.141] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0089.141] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8752d0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cmintegrator.dll" (normalized: "c:\\windows\\system32\\cmintegrator.dll")) returned 0x24 [0089.146] CoTaskMemFree (pv=0x552f90) [0089.146] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875270000, lpmodinfo=0x236cb28, cb=0x18 | out: lpmodinfo=0x236cb28*(lpBaseOfDll=0x7ff875270000, SizeOfImage=0x16000, EntryPoint=0x7ff8752719f0)) returned 1 [0089.149] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0089.149] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875270000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0089.156] CoTaskMemFree (pv=0x550f50) [0089.156] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0089.156] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875270000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0089.160] CoTaskMemFree (pv=0x550f50) [0089.160] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875250000, lpmodinfo=0x236ece0, cb=0x18 | out: lpmodinfo=0x236ece0*(lpBaseOfDll=0x7ff875250000, SizeOfImage=0x1a000, EntryPoint=0x7ff875252430)) returned 1 [0089.164] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0089.164] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875250000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0089.168] CoTaskMemFree (pv=0x552780) [0089.168] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0089.168] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875250000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0089.172] CoTaskMemFree (pv=0x5537a0) [0089.172] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8786b0000, lpmodinfo=0x2370e98, cb=0x18 | out: lpmodinfo=0x2370e98*(lpBaseOfDll=0x7ff8786b0000, SizeOfImage=0x18000, EntryPoint=0x7ff8786b5910)) returned 1 [0089.177] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0089.177] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8786b0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="nlaapi.dll") returned 0xa [0089.181] CoTaskMemFree (pv=0x550f50) [0089.181] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0089.181] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8786b0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0089.185] CoTaskMemFree (pv=0x54ef10) [0089.185] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8750e0000, lpmodinfo=0x2373040, cb=0x18 | out: lpmodinfo=0x2373040*(lpBaseOfDll=0x7ff8750e0000, SizeOfImage=0x48000, EntryPoint=0x7ff8750ea1e0)) returned 1 [0089.201] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0089.201] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8750e0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="dhcpcore6.dll") returned 0xd [0089.206] CoTaskMemFree (pv=0x54f720) [0089.206] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0089.206] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8750e0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll")) returned 0x21 [0089.211] CoTaskMemFree (pv=0x552f90) [0089.211] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpmodinfo=0x23751f8, cb=0x18 | out: lpmodinfo=0x23751f8*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0089.222] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0089.223] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0089.227] CoTaskMemFree (pv=0x5547c0) [0089.227] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0089.227] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0089.231] CoTaskMemFree (pv=0x551760) [0089.231] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c060000, lpmodinfo=0x23773a0, cb=0x18 | out: lpmodinfo=0x23773a0*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0089.236] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0089.236] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0089.241] CoTaskMemFree (pv=0x54def0) [0089.241] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0089.241] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0089.246] CoTaskMemFree (pv=0x54f720) [0089.246] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff866b90000, lpmodinfo=0x2379558, cb=0x18 | out: lpmodinfo=0x2379558*(lpBaseOfDll=0x7ff866b90000, SizeOfImage=0x1b8000, EntryPoint=0x7ff866b95550)) returned 1 [0089.251] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0089.251] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff866b90000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="WMALFXGFXDSP.dll") returned 0x10 [0089.256] CoTaskMemFree (pv=0x551f70) [0089.256] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0089.256] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff866b90000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WMALFXGFXDSP.dll" (normalized: "c:\\windows\\system32\\wmalfxgfxdsp.dll")) returned 0x24 [0089.261] CoTaskMemFree (pv=0x5537a0) [0089.261] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpmodinfo=0x237b720, cb=0x18 | out: lpmodinfo=0x237b720*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0089.266] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0089.266] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0089.270] CoTaskMemFree (pv=0x54ff30) [0089.270] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0089.270] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0089.275] CoTaskMemFree (pv=0x551760) [0089.275] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874590000, lpmodinfo=0x237d8c8, cb=0x18 | out: lpmodinfo=0x237d8c8*(lpBaseOfDll=0x7ff874590000, SizeOfImage=0x10d000, EntryPoint=0x7ff8745bf420)) returned 1 [0089.280] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0089.280] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874590000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="mfplat.DLL") returned 0xa [0089.285] CoTaskMemFree (pv=0x54ff30) [0089.285] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0089.285] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874590000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\mfplat.DLL" (normalized: "c:\\windows\\system32\\mfplat.dll")) returned 0x1e [0089.290] CoTaskMemFree (pv=0x54d6e0) [0089.290] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874560000, lpmodinfo=0x237fa70, cb=0x18 | out: lpmodinfo=0x237fa70*(lpBaseOfDll=0x7ff874560000, SizeOfImage=0x2b000, EntryPoint=0x7ff87456c3c0)) returned 1 [0089.294] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0089.294] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874560000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="RTWorkQ.DLL") returned 0xb [0089.307] CoTaskMemFree (pv=0x551760) [0089.308] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0089.308] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874560000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RTWorkQ.DLL" (normalized: "c:\\windows\\system32\\rtworkq.dll")) returned 0x1f [0089.313] CoTaskMemFree (pv=0x54f720) [0089.313] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878df0000, lpmodinfo=0x2381c18, cb=0x18 | out: lpmodinfo=0x2381c18*(lpBaseOfDll=0x7ff878df0000, SizeOfImage=0x4a000, EntryPoint=0x7ff878dfac30)) returned 1 [0089.318] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0089.318] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878df0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="deviceaccess.dll") returned 0x10 [0089.323] CoTaskMemFree (pv=0x550f50) [0089.323] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0089.323] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878df0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")) returned 0x24 [0089.327] CoTaskMemFree (pv=0x54def0) [0089.327] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff867de0000, lpmodinfo=0x2383de0, cb=0x18 | out: lpmodinfo=0x2383de0*(lpBaseOfDll=0x7ff867de0000, SizeOfImage=0x88000, EntryPoint=0x7ff867df4510)) returned 1 [0089.344] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0089.344] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff867de0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="audioses.dll") returned 0xc [0089.349] CoTaskMemFree (pv=0x54e700) [0089.349] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0089.349] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff867de0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\audioses.dll" (normalized: "c:\\windows\\system32\\audioses.dll")) returned 0x20 [0089.354] CoTaskMemFree (pv=0x5547c0) [0089.354] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff876870000, lpmodinfo=0x2385f98, cb=0x18 | out: lpmodinfo=0x2385f98*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0089.382] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0089.382] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff876870000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0089.387] CoTaskMemFree (pv=0x54ff30) [0089.387] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0089.387] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff876870000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0089.391] CoTaskMemFree (pv=0x54ef10) [0089.391] CloseHandle (hObject=0x25c) returned 1 [0089.392] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0089.392] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x108c) returned 0x25c [0089.392] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2389950, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2389950, lpcbNeeded=0x14ef68) returned 1 [0089.393] GetModuleInformation (in: hProcess=0x25c, hModule=0xaf0000, lpmodinfo=0x2389bc0, cb=0x18 | out: lpmodinfo=0x2389bc0*(lpBaseOfDll=0xaf0000, SizeOfImage=0x17000, EntryPoint=0xaf14a1)) returned 1 [0089.393] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0089.393] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xaf0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="pidgin.exe") returned 0xa [0089.393] CoTaskMemFree (pv=0x550740) [0089.393] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0089.393] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xaf0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Journal\\pidgin.exe" (normalized: "c:\\program files\\windows journal\\pidgin.exe")) returned 0x2b [0089.394] CoTaskMemFree (pv=0x5537a0) [0089.394] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x238bdb8, cb=0x18 | out: lpmodinfo=0x238bdb8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0089.394] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0089.394] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0089.395] CoTaskMemFree (pv=0x552f90) [0089.395] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0089.395] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0089.395] CoTaskMemFree (pv=0x551f70) [0089.395] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x238df60, cb=0x18 | out: lpmodinfo=0x238df60*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0089.398] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0089.398] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0089.399] CoTaskMemFree (pv=0x54ff30) [0089.399] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0089.399] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0089.399] CoTaskMemFree (pv=0x54def0) [0089.399] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2390108, cb=0x18 | out: lpmodinfo=0x2390108*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0089.400] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0089.400] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0089.400] CoTaskMemFree (pv=0x552f90) [0089.401] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0089.401] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0089.401] CoTaskMemFree (pv=0x54f720) [0089.401] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x23922c0, cb=0x18 | out: lpmodinfo=0x23922c0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0089.402] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0089.402] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0089.403] CoTaskMemFree (pv=0x54ff30) [0089.403] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0089.403] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0089.403] CoTaskMemFree (pv=0x553fb0) [0089.403] CloseHandle (hObject=0x25c) returned 1 [0089.404] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0089.404] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10c4) returned 0x25c [0089.404] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2394a98, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2394a98, lpcbNeeded=0x14ef68) returned 1 [0089.405] GetModuleInformation (in: hProcess=0x25c, hModule=0x860000, lpmodinfo=0x2394d08, cb=0x18 | out: lpmodinfo=0x2394d08*(lpBaseOfDll=0x860000, SizeOfImage=0x17000, EntryPoint=0x8614a1)) returned 1 [0089.405] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0089.405] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x860000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="trillian.exe") returned 0xc [0089.405] CoTaskMemFree (pv=0x553fb0) [0089.405] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0089.406] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x860000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\trillian.exe" (normalized: "c:\\program files (x86)\\internet explorer\\trillian.exe")) returned 0x35 [0089.406] CoTaskMemFree (pv=0x551f70) [0089.406] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2396f20, cb=0x18 | out: lpmodinfo=0x2396f20*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0089.407] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0089.407] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0089.407] CoTaskMemFree (pv=0x552780) [0089.407] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0089.407] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0089.408] CoTaskMemFree (pv=0x551f70) [0089.408] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x23990c8, cb=0x18 | out: lpmodinfo=0x23990c8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0089.408] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0089.408] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0089.409] CoTaskMemFree (pv=0x550f50) [0089.409] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0089.409] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0089.409] CoTaskMemFree (pv=0x552780) [0089.409] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x239b270, cb=0x18 | out: lpmodinfo=0x239b270*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0089.410] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0089.410] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0089.411] CoTaskMemFree (pv=0x550f50) [0089.411] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0089.411] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0089.411] CoTaskMemFree (pv=0x552f90) [0089.411] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x239d428, cb=0x18 | out: lpmodinfo=0x239d428*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0089.412] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0089.412] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0089.413] CoTaskMemFree (pv=0x54e700) [0089.413] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0089.413] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0089.414] CoTaskMemFree (pv=0x54d6e0) [0089.414] CloseHandle (hObject=0x25c) returned 1 [0089.414] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0089.414] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x8d4) returned 0x25c [0089.414] EnumProcessModules (in: hProcess=0x25c, lphModule=0x239fc00, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x239fc00, lpcbNeeded=0x14ef68) returned 1 [0089.417] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff642880000, lpmodinfo=0x239fe70, cb=0x18 | out: lpmodinfo=0x239fe70*(lpBaseOfDll=0x7ff642880000, SizeOfImage=0x11000, EntryPoint=0x7ff6428816b0)) returned 1 [0089.417] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0089.417] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff642880000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="conhost.exe") returned 0xb [0089.418] CoTaskMemFree (pv=0x54ef10) [0089.418] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0089.418] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff642880000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\conhost.exe" (normalized: "c:\\windows\\system32\\conhost.exe")) returned 0x1f [0089.418] CoTaskMemFree (pv=0x552f90) [0089.418] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x23a2050, cb=0x18 | out: lpmodinfo=0x23a2050*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0089.418] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0089.418] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0089.419] CoTaskMemFree (pv=0x553fb0) [0089.419] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0089.419] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0089.419] CoTaskMemFree (pv=0x550740) [0089.420] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x23a41f8, cb=0x18 | out: lpmodinfo=0x23a41f8*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0089.420] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0089.420] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0089.421] CoTaskMemFree (pv=0x550f50) [0089.421] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0089.421] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0089.421] CoTaskMemFree (pv=0x551760) [0089.421] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x23a63b0, cb=0x18 | out: lpmodinfo=0x23a63b0*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0089.422] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0089.422] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0089.422] CoTaskMemFree (pv=0x550f50) [0089.422] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0089.423] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0089.423] CoTaskMemFree (pv=0x54ff30) [0089.423] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x23a8568, cb=0x18 | out: lpmodinfo=0x23a8568*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0089.424] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0089.424] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0089.425] CoTaskMemFree (pv=0x550740) [0089.425] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0089.425] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0089.425] CoTaskMemFree (pv=0x54ff30) [0089.425] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff865040000, lpmodinfo=0x23aa768, cb=0x18 | out: lpmodinfo=0x23aa768*(lpBaseOfDll=0x7ff865040000, SizeOfImage=0x59000, EntryPoint=0x7ff86504fbf0)) returned 1 [0089.426] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0089.426] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff865040000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="ConhostV2.dll") returned 0xd [0089.427] CoTaskMemFree (pv=0x54ef10) [0089.427] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0089.427] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff865040000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ConhostV2.dll" (normalized: "c:\\windows\\system32\\conhostv2.dll")) returned 0x21 [0089.428] CoTaskMemFree (pv=0x551760) [0089.428] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x23ac920, cb=0x18 | out: lpmodinfo=0x23ac920*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0089.429] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0089.429] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0089.430] CoTaskMemFree (pv=0x54d6e0) [0089.430] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0089.430] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0089.431] CoTaskMemFree (pv=0x5537a0) [0089.431] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x23aeac8, cb=0x18 | out: lpmodinfo=0x23aeac8*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0089.432] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0089.432] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0089.438] CoTaskMemFree (pv=0x551760) [0089.438] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0089.438] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0089.439] CoTaskMemFree (pv=0x54f720) [0089.439] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x23b0c70, cb=0x18 | out: lpmodinfo=0x23b0c70*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0089.440] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0089.440] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0089.441] CoTaskMemFree (pv=0x550740) [0089.441] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0089.441] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0089.442] CoTaskMemFree (pv=0x54f720) [0089.442] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x23b2ee0, cb=0x18 | out: lpmodinfo=0x23b2ee0*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0089.443] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0089.443] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0089.447] CoTaskMemFree (pv=0x552780) [0089.447] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0089.447] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0089.448] CoTaskMemFree (pv=0x552f90) [0089.448] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x23b5088, cb=0x18 | out: lpmodinfo=0x23b5088*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0089.449] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0089.449] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0089.450] CoTaskMemFree (pv=0x54def0) [0089.451] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0089.451] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0089.452] CoTaskMemFree (pv=0x551f70) [0089.452] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpmodinfo=0x23b7230, cb=0x18 | out: lpmodinfo=0x23b7230*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0089.453] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0089.453] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0089.454] CoTaskMemFree (pv=0x5537a0) [0089.454] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0089.454] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0089.455] CoTaskMemFree (pv=0x5547c0) [0089.455] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x23b93d8, cb=0x18 | out: lpmodinfo=0x23b93d8*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0089.456] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0089.456] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0089.457] CoTaskMemFree (pv=0x551f70) [0089.457] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0089.457] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0089.459] CoTaskMemFree (pv=0x54e700) [0089.459] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpmodinfo=0x23bb580, cb=0x18 | out: lpmodinfo=0x23bb580*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0089.460] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0089.460] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="IMM32.dll") returned 0x9 [0089.462] CoTaskMemFree (pv=0x552780) [0089.462] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0089.462] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.dll" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0089.463] CoTaskMemFree (pv=0x54def0) [0089.463] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x23bd728, cb=0x18 | out: lpmodinfo=0x23bd728*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0089.465] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0089.465] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0089.466] CoTaskMemFree (pv=0x5547c0) [0089.466] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0089.466] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0089.468] CoTaskMemFree (pv=0x54e700) [0089.468] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpmodinfo=0x23bf8e0, cb=0x18 | out: lpmodinfo=0x23bf8e0*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0089.469] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0089.469] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0089.471] CoTaskMemFree (pv=0x54ff30) [0089.471] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0089.471] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0089.473] CoTaskMemFree (pv=0x54d6e0) [0089.473] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d650000, lpmodinfo=0x23c1a88, cb=0x18 | out: lpmodinfo=0x23c1a88*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0089.476] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0089.476] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d650000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0089.477] CoTaskMemFree (pv=0x552780) [0089.477] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0089.477] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d650000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0089.480] CoTaskMemFree (pv=0x54ef10) [0089.480] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x23c3d48, cb=0x18 | out: lpmodinfo=0x23c3d48*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0089.482] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0089.482] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0089.483] CoTaskMemFree (pv=0x550740) [0089.483] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0089.483] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0089.485] CoTaskMemFree (pv=0x54e700) [0089.485] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c760000, lpmodinfo=0x23c5f00, cb=0x18 | out: lpmodinfo=0x23c5f00*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0089.487] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0089.487] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0089.489] CoTaskMemFree (pv=0x54e700) [0089.489] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0089.489] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0089.491] CoTaskMemFree (pv=0x551f70) [0089.491] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x23c80c8, cb=0x18 | out: lpmodinfo=0x23c80c8*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0089.492] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0089.492] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0089.494] CoTaskMemFree (pv=0x551f70) [0089.494] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0089.494] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0089.496] CoTaskMemFree (pv=0x54def0) [0089.496] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpmodinfo=0x23ca280, cb=0x18 | out: lpmodinfo=0x23ca280*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0089.498] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0089.498] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0089.500] CoTaskMemFree (pv=0x5547c0) [0089.500] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0089.500] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0089.502] CoTaskMemFree (pv=0x550f50) [0089.502] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x23cc428, cb=0x18 | out: lpmodinfo=0x23cc428*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0089.504] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0089.504] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0089.506] CoTaskMemFree (pv=0x551760) [0089.506] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0089.506] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0089.509] CoTaskMemFree (pv=0x551f70) [0089.509] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x23ce5f0, cb=0x18 | out: lpmodinfo=0x23ce5f0*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0089.514] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0089.514] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0089.517] CoTaskMemFree (pv=0x550740) [0089.517] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0089.517] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0089.519] CoTaskMemFree (pv=0x551760) [0089.519] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x23d0798, cb=0x18 | out: lpmodinfo=0x23d0798*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0089.522] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0089.522] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0089.524] CoTaskMemFree (pv=0x54d6e0) [0089.524] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0089.524] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0089.526] CoTaskMemFree (pv=0x54d6e0) [0089.526] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x23d2950, cb=0x18 | out: lpmodinfo=0x23d2950*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0089.529] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0089.529] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0089.531] CoTaskMemFree (pv=0x54def0) [0089.531] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0089.531] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0089.534] CoTaskMemFree (pv=0x5537a0) [0089.534] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpmodinfo=0x23d4af8, cb=0x18 | out: lpmodinfo=0x23d4af8*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0089.536] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0089.536] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0089.538] CoTaskMemFree (pv=0x54ff30) [0089.538] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0089.538] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0089.541] CoTaskMemFree (pv=0x54def0) [0089.541] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpmodinfo=0x23d6cb0, cb=0x18 | out: lpmodinfo=0x23d6cb0*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0089.543] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0089.543] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0089.546] CoTaskMemFree (pv=0x54e700) [0089.546] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0089.546] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0089.550] CoTaskMemFree (pv=0x54e700) [0089.550] CloseHandle (hObject=0x25c) returned 1 [0089.550] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0089.550] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6cc) returned 0x25c [0089.550] EnumProcessModules (in: hProcess=0x25c, lphModule=0x23d9bb0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23d9bb0, lpcbNeeded=0x14ef68) returned 1 [0089.559] EnumProcessModules (in: hProcess=0x25c, lphModule=0x23d9dc8, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x23d9dc8, lpcbNeeded=0x14ef68) returned 1 [0089.568] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff767d70000, lpmodinfo=0x23da238, cb=0x18 | out: lpmodinfo=0x23da238*(lpBaseOfDll=0x7ff767d70000, SizeOfImage=0x2a9000, EntryPoint=0x7ff767d92188)) returned 1 [0089.568] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0089.568] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff767d70000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="OfficeClickToRun.exe") returned 0x14 [0089.568] CoTaskMemFree (pv=0x550740) [0089.568] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0089.569] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff767d70000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeClickToRun.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\officeclicktorun.exe")) returned 0x4e [0089.569] CoTaskMemFree (pv=0x54ff30) [0089.569] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x23dc490, cb=0x18 | out: lpmodinfo=0x23dc490*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0089.569] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0089.569] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0089.570] CoTaskMemFree (pv=0x553fb0) [0089.570] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0089.570] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0089.570] CoTaskMemFree (pv=0x552f90) [0089.570] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x23de638, cb=0x18 | out: lpmodinfo=0x23de638*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0089.571] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0089.571] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0089.572] CoTaskMemFree (pv=0x550f50) [0089.572] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0089.572] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0089.572] CoTaskMemFree (pv=0x54e700) [0089.572] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x23e07f0, cb=0x18 | out: lpmodinfo=0x23e07f0*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0089.573] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0089.573] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0089.574] CoTaskMemFree (pv=0x551760) [0089.574] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0089.574] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0089.574] CoTaskMemFree (pv=0x551f70) [0089.574] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x23e29a8, cb=0x18 | out: lpmodinfo=0x23e29a8*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0089.575] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0089.575] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0089.576] CoTaskMemFree (pv=0x552f90) [0089.576] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0089.576] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0089.577] CoTaskMemFree (pv=0x54d6e0) [0089.577] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x23e4bb8, cb=0x18 | out: lpmodinfo=0x23e4bb8*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0089.577] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0089.577] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0089.578] CoTaskMemFree (pv=0x552780) [0089.578] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0089.578] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0089.579] CoTaskMemFree (pv=0x552f90) [0089.579] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x23e6d60, cb=0x18 | out: lpmodinfo=0x23e6d60*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0089.580] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0089.580] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0089.581] CoTaskMemFree (pv=0x54ef10) [0089.581] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0089.581] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0089.583] CoTaskMemFree (pv=0x550f50) [0089.583] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x23e8f08, cb=0x18 | out: lpmodinfo=0x23e8f08*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0089.584] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0089.584] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0089.585] CoTaskMemFree (pv=0x54ff30) [0089.585] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0089.585] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0089.586] CoTaskMemFree (pv=0x54f720) [0089.586] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpmodinfo=0x23eb0b0, cb=0x18 | out: lpmodinfo=0x23eb0b0*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0089.587] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0089.587] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0089.588] CoTaskMemFree (pv=0x54e700) [0089.588] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0089.588] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0089.589] CoTaskMemFree (pv=0x551f70) [0089.589] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x23ed2f0, cb=0x18 | out: lpmodinfo=0x23ed2f0*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0089.592] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0089.592] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0089.593] CoTaskMemFree (pv=0x5537a0) [0089.593] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0089.593] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0089.594] CoTaskMemFree (pv=0x551760) [0089.594] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x23ef498, cb=0x18 | out: lpmodinfo=0x23ef498*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0089.595] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0089.595] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0089.597] CoTaskMemFree (pv=0x54e700) [0089.597] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0089.597] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0089.598] CoTaskMemFree (pv=0x551f70) [0089.598] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x23f1670, cb=0x18 | out: lpmodinfo=0x23f1670*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0089.599] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0089.599] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0089.600] CoTaskMemFree (pv=0x551f70) [0089.600] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0089.600] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0089.602] CoTaskMemFree (pv=0x551760) [0089.602] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x23f3818, cb=0x18 | out: lpmodinfo=0x23f3818*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0089.603] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0089.603] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0089.604] CoTaskMemFree (pv=0x54ff30) [0089.604] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0089.604] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0089.606] CoTaskMemFree (pv=0x551760) [0089.606] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x23f59c0, cb=0x18 | out: lpmodinfo=0x23f59c0*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0089.607] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0089.607] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0089.609] CoTaskMemFree (pv=0x5547c0) [0089.609] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0089.609] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0089.610] CoTaskMemFree (pv=0x553fb0) [0089.610] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d340000, lpmodinfo=0x23f7b78, cb=0x18 | out: lpmodinfo=0x23f7b78*(lpBaseOfDll=0x7ff87d340000, SizeOfImage=0x55000, EntryPoint=0x7ff87d357970)) returned 1 [0089.612] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0089.612] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d340000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0089.613] CoTaskMemFree (pv=0x553fb0) [0089.613] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0089.613] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d340000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0089.615] CoTaskMemFree (pv=0x550740) [0089.615] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpmodinfo=0x23f9d30, cb=0x18 | out: lpmodinfo=0x23f9d30*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0089.617] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0089.617] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0089.618] CoTaskMemFree (pv=0x54f720) [0089.618] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0089.618] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0089.620] CoTaskMemFree (pv=0x5537a0) [0089.620] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d170000, lpmodinfo=0x23fbed8, cb=0x18 | out: lpmodinfo=0x23fbed8*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0089.621] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0089.621] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0089.623] CoTaskMemFree (pv=0x54d6e0) [0089.623] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0089.623] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0089.625] CoTaskMemFree (pv=0x54d6e0) [0089.625] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpmodinfo=0x23fe198, cb=0x18 | out: lpmodinfo=0x23fe198*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0089.628] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0089.628] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0089.630] CoTaskMemFree (pv=0x54ef10) [0089.630] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0089.630] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0089.632] CoTaskMemFree (pv=0x54ef10) [0089.632] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87efb0000, lpmodinfo=0x2400340, cb=0x18 | out: lpmodinfo=0x2400340*(lpBaseOfDll=0x7ff87efb0000, SizeOfImage=0x429000, EntryPoint=0x7ff87efd8740)) returned 1 [0089.634] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0089.634] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87efb0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0089.636] CoTaskMemFree (pv=0x552780) [0089.636] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0089.636] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87efb0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0089.638] CoTaskMemFree (pv=0x54f720) [0089.638] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x24024f8, cb=0x18 | out: lpmodinfo=0x24024f8*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0089.640] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0089.640] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0089.642] CoTaskMemFree (pv=0x54d6e0) [0089.642] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0089.642] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0089.644] CoTaskMemFree (pv=0x551760) [0089.644] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8723e0000, lpmodinfo=0x24046b0, cb=0x18 | out: lpmodinfo=0x24046b0*(lpBaseOfDll=0x7ff8723e0000, SizeOfImage=0x17000, EntryPoint=0x7ff8723ec440)) returned 1 [0089.646] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0089.646] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8723e0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="VCRUNTIME140.dll") returned 0x10 [0089.648] CoTaskMemFree (pv=0x5537a0) [0089.648] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0089.648] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8723e0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\VCRUNTIME140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\vcruntime140.dll")) returned 0x4a [0089.650] CoTaskMemFree (pv=0x551760) [0089.650] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872340000, lpmodinfo=0x24068c0, cb=0x18 | out: lpmodinfo=0x24068c0*(lpBaseOfDll=0x7ff872340000, SizeOfImage=0x9e000, EntryPoint=0x7ff872389d40)) returned 1 [0089.652] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0089.652] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872340000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="MSVCP140.dll") returned 0xc [0089.654] CoTaskMemFree (pv=0x551760) [0089.654] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0089.654] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872340000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\MSVCP140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\msvcp140.dll")) returned 0x46 [0089.655] CoTaskMemFree (pv=0x5547c0) [0089.656] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b760000, lpmodinfo=0x2408ac0, cb=0x18 | out: lpmodinfo=0x2408ac0*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0089.658] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0089.658] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0089.660] CoTaskMemFree (pv=0x551760) [0089.660] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0089.660] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0089.726] CoTaskMemFree (pv=0x552f90) [0089.726] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872300000, lpmodinfo=0x240ac78, cb=0x18 | out: lpmodinfo=0x240ac78*(lpBaseOfDll=0x7ff872300000, SizeOfImage=0x33000, EntryPoint=0x7ff8723021f0)) returned 1 [0089.728] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0089.728] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872300000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="RstrtMgr.DLL") returned 0xc [0089.730] CoTaskMemFree (pv=0x54d6e0) [0089.730] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0089.730] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872300000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RstrtMgr.DLL" (normalized: "c:\\windows\\system32\\rstrtmgr.dll")) returned 0x20 [0089.733] CoTaskMemFree (pv=0x552780) [0089.733] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpmodinfo=0x240ce30, cb=0x18 | out: lpmodinfo=0x240ce30*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0089.735] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0089.735] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0089.737] CoTaskMemFree (pv=0x54ef10) [0089.737] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0089.737] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0089.740] CoTaskMemFree (pv=0x54def0) [0089.740] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpmodinfo=0x240efd8, cb=0x18 | out: lpmodinfo=0x240efd8*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0089.742] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0089.742] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0089.745] CoTaskMemFree (pv=0x552780) [0089.745] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0089.745] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0089.747] CoTaskMemFree (pv=0x54def0) [0089.747] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8722d0000, lpmodinfo=0x2411190, cb=0x18 | out: lpmodinfo=0x2411190*(lpBaseOfDll=0x7ff8722d0000, SizeOfImage=0x2a000, EntryPoint=0x7ff8722d5b40)) returned 1 [0089.750] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0089.750] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8722d0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="ApiClient.dll") returned 0xd [0089.752] CoTaskMemFree (pv=0x553fb0) [0089.752] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0089.752] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8722d0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\ApiClient.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\apiclient.dll")) returned 0x47 [0089.755] CoTaskMemFree (pv=0x550740) [0089.755] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875480000, lpmodinfo=0x2413390, cb=0x18 | out: lpmodinfo=0x2413390*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0089.758] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0089.758] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875480000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0089.772] CoTaskMemFree (pv=0x553fb0) [0089.772] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0089.772] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875480000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0089.774] CoTaskMemFree (pv=0x54def0) [0089.775] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878fc0000, lpmodinfo=0x2415548, cb=0x18 | out: lpmodinfo=0x2415548*(lpBaseOfDll=0x7ff878fc0000, SizeOfImage=0x29000, EntryPoint=0x7ff878fcca00)) returned 1 [0089.777] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0089.777] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878fc0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="Cabinet.dll") returned 0xb [0089.780] CoTaskMemFree (pv=0x54ef10) [0089.780] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0089.780] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878fc0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")) returned 0x1f [0089.782] CoTaskMemFree (pv=0x54d6e0) [0089.782] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c130000, lpmodinfo=0x24176f0, cb=0x18 | out: lpmodinfo=0x24176f0*(lpBaseOfDll=0x7ff87c130000, SizeOfImage=0x27000, EntryPoint=0x7ff87c140aa0)) returned 1 [0089.786] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0089.786] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c130000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0089.789] CoTaskMemFree (pv=0x54d6e0) [0089.789] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0089.789] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c130000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0089.791] CoTaskMemFree (pv=0x553fb0) [0089.791] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x2419898, cb=0x18 | out: lpmodinfo=0x2419898*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0089.794] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0089.794] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0089.797] CoTaskMemFree (pv=0x5537a0) [0089.797] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0089.797] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0089.800] CoTaskMemFree (pv=0x5537a0) [0089.800] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c0f0000, lpmodinfo=0x241ba40, cb=0x18 | out: lpmodinfo=0x241ba40*(lpBaseOfDll=0x7ff87c0f0000, SizeOfImage=0x3a000, EntryPoint=0x7ff87c0f8d20)) returned 1 [0089.802] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0089.802] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c0f0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0089.809] CoTaskMemFree (pv=0x54ef10) [0089.809] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0089.809] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c0f0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0089.812] CoTaskMemFree (pv=0x54ff30) [0089.812] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c060000, lpmodinfo=0x241dbe8, cb=0x18 | out: lpmodinfo=0x241dbe8*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0089.815] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0089.815] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="CRYPTBASE.DLL") returned 0xd [0089.818] CoTaskMemFree (pv=0x54d6e0) [0089.818] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0089.818] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.DLL" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0089.821] CoTaskMemFree (pv=0x553fb0) [0089.821] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872050000, lpmodinfo=0x241ffb8, cb=0x18 | out: lpmodinfo=0x241ffb8*(lpBaseOfDll=0x7ff872050000, SizeOfImage=0x274000, EntryPoint=0x7ff8720c0400)) returned 1 [0089.824] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0089.824] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872050000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="Comctl32.dll") returned 0xc [0089.827] CoTaskMemFree (pv=0x54def0) [0089.827] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0089.827] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872050000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\Comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")) returned 0x79 [0089.831] CoTaskMemFree (pv=0x54ff30) [0089.831] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff871d40000, lpmodinfo=0x2422220, cb=0x18 | out: lpmodinfo=0x2422220*(lpBaseOfDll=0x7ff871d40000, SizeOfImage=0x304000, EntryPoint=0x7ff871de6094)) returned 1 [0089.834] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0089.834] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff871d40000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="mso20win32client.dll") returned 0x14 [0089.837] CoTaskMemFree (pv=0x5537a0) [0089.837] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0089.837] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff871d40000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\mso20win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\mso20win32client.dll")) returned 0x4e [0089.840] CoTaskMemFree (pv=0x5537a0) [0089.840] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8718c0000, lpmodinfo=0x2424440, cb=0x18 | out: lpmodinfo=0x2424440*(lpBaseOfDll=0x7ff8718c0000, SizeOfImage=0x478000, EntryPoint=0x7ff871939154)) returned 1 [0089.854] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0089.854] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8718c0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="mso30win32client.dll") returned 0x14 [0089.858] CoTaskMemFree (pv=0x5547c0) [0089.858] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0089.858] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8718c0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\mso30win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\mso30win32client.dll")) returned 0x4e [0089.862] CoTaskMemFree (pv=0x553fb0) [0089.862] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870fd0000, lpmodinfo=0x2426660, cb=0x18 | out: lpmodinfo=0x2426660*(lpBaseOfDll=0x7ff870fd0000, SizeOfImage=0x8eb000, EntryPoint=0x7ff8710d5a48)) returned 1 [0089.865] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0089.865] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870fd0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="mso40uiwin32client.dll") returned 0x16 [0089.868] CoTaskMemFree (pv=0x552780) [0089.869] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0089.869] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870fd0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\mso40uiwin32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\mso40uiwin32client.dll")) returned 0x50 [0089.872] CoTaskMemFree (pv=0x550740) [0089.872] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870e10000, lpmodinfo=0x2428888, cb=0x18 | out: lpmodinfo=0x2428888*(lpBaseOfDll=0x7ff870e10000, SizeOfImage=0x1a9000, EntryPoint=0x7ff870e64060)) returned 1 [0089.875] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0089.875] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870e10000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0089.878] CoTaskMemFree (pv=0x54ef10) [0089.878] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0089.878] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870e10000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll")) returned 0x70 [0089.882] CoTaskMemFree (pv=0x54ff30) [0089.882] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x242aad8, cb=0x18 | out: lpmodinfo=0x242aad8*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0089.885] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0089.885] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0089.892] CoTaskMemFree (pv=0x551760) [0089.892] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0089.892] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0089.895] CoTaskMemFree (pv=0x551f70) [0089.895] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872ad0000, lpmodinfo=0x242cca0, cb=0x18 | out: lpmodinfo=0x242cca0*(lpBaseOfDll=0x7ff872ad0000, SizeOfImage=0x33a000, EntryPoint=0x7ff872ad8520)) returned 1 [0089.899] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0089.899] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872ad0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="msi.dll") returned 0x7 [0089.903] CoTaskMemFree (pv=0x54def0) [0089.903] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0089.903] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872ad0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll")) returned 0x1b [0089.906] CoTaskMemFree (pv=0x54def0) [0089.906] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d650000, lpmodinfo=0x242ee38, cb=0x18 | out: lpmodinfo=0x242ee38*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0089.910] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0089.910] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d650000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0089.913] CoTaskMemFree (pv=0x552f90) [0089.913] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0089.913] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d650000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0089.916] CoTaskMemFree (pv=0x54ef10) [0089.916] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c760000, lpmodinfo=0x2430fe0, cb=0x18 | out: lpmodinfo=0x2430fe0*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0089.920] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0089.920] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0089.924] CoTaskMemFree (pv=0x54def0) [0089.924] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0089.924] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0089.931] CoTaskMemFree (pv=0x552780) [0089.931] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x24331a8, cb=0x18 | out: lpmodinfo=0x24331a8*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0089.935] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0089.935] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0089.939] CoTaskMemFree (pv=0x552780) [0089.939] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0089.939] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0089.943] CoTaskMemFree (pv=0x551f70) [0089.943] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x2435350, cb=0x18 | out: lpmodinfo=0x2435350*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0089.947] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0089.947] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0089.951] CoTaskMemFree (pv=0x54ef10) [0089.951] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0089.951] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0089.955] CoTaskMemFree (pv=0x54f720) [0089.955] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x2437508, cb=0x18 | out: lpmodinfo=0x2437508*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0089.959] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0089.959] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0089.963] CoTaskMemFree (pv=0x550740) [0089.963] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0089.970] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0089.974] CoTaskMemFree (pv=0x54e700) [0089.974] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879030000, lpmodinfo=0x24396b0, cb=0x18 | out: lpmodinfo=0x24396b0*(lpBaseOfDll=0x7ff879030000, SizeOfImage=0x545000, EntryPoint=0x7ff8791ca450)) returned 1 [0089.978] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0089.978] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879030000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="d2d1.dll") returned 0x8 [0089.981] CoTaskMemFree (pv=0x54ef10) [0089.981] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0089.981] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879030000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll")) returned 0x1c [0089.985] CoTaskMemFree (pv=0x54f720) [0089.985] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpmodinfo=0x243b858, cb=0x18 | out: lpmodinfo=0x243b858*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0089.990] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0089.990] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0089.995] CoTaskMemFree (pv=0x54ff30) [0089.995] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0089.995] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0089.999] CoTaskMemFree (pv=0x552780) [0089.999] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpmodinfo=0x243da00, cb=0x18 | out: lpmodinfo=0x243da00*(lpBaseOfDll=0x7ff878ff0000, SizeOfImage=0x36000, EntryPoint=0x7ff879000070)) returned 1 [0090.014] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0090.014] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0090.019] CoTaskMemFree (pv=0x54f720) [0090.019] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0090.019] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878ff0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0090.023] CoTaskMemFree (pv=0x552f90) [0090.023] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a230000, lpmodinfo=0x2250458, cb=0x18 | out: lpmodinfo=0x2250458*(lpBaseOfDll=0x7ff87a230000, SizeOfImage=0xa2000, EntryPoint=0x7ff87a250a40)) returned 1 [0090.028] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0090.028] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a230000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="dxgi.dll") returned 0x8 [0090.032] CoTaskMemFree (pv=0x54d6e0) [0090.032] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0090.032] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a230000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")) returned 0x1c [0090.037] CoTaskMemFree (pv=0x54def0) [0090.037] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870dc0000, lpmodinfo=0x2252600, cb=0x18 | out: lpmodinfo=0x2252600*(lpBaseOfDll=0x7ff870dc0000, SizeOfImage=0xc000, EntryPoint=0x7ff870dc35c0)) returned 1 [0090.041] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0090.041] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870dc0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="Secur32.dll") returned 0xb [0090.045] CoTaskMemFree (pv=0x551f70) [0090.045] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0090.045] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870dc0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0090.057] CoTaskMemFree (pv=0x550f50) [0090.057] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x22547a8, cb=0x18 | out: lpmodinfo=0x22547a8*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0090.061] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0090.061] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0090.066] CoTaskMemFree (pv=0x551f70) [0090.066] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0090.066] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0090.070] CoTaskMemFree (pv=0x550740) [0090.071] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870d80000, lpmodinfo=0x2256950, cb=0x18 | out: lpmodinfo=0x2256950*(lpBaseOfDll=0x7ff870d80000, SizeOfImage=0xa000, EntryPoint=0x7ff870d81350)) returned 1 [0090.075] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0090.075] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870d80000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0090.080] CoTaskMemFree (pv=0x551f70) [0090.080] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0090.080] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870d80000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0090.085] CoTaskMemFree (pv=0x54ff30) [0090.085] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpmodinfo=0x2258af8, cb=0x18 | out: lpmodinfo=0x2258af8*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0090.089] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0090.090] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0090.100] CoTaskMemFree (pv=0x553fb0) [0090.100] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0090.100] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0090.104] CoTaskMemFree (pv=0x551f70) [0090.105] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870260000, lpmodinfo=0x225aca0, cb=0x18 | out: lpmodinfo=0x225aca0*(lpBaseOfDll=0x7ff870260000, SizeOfImage=0x105000, EntryPoint=0x7ff87026dae8)) returned 1 [0090.117] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0090.117] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870260000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="StreamServer.dll") returned 0x10 [0090.122] CoTaskMemFree (pv=0x550f50) [0090.122] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0090.122] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870260000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\StreamServer.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\streamserver.dll")) returned 0x4a [0090.127] CoTaskMemFree (pv=0x553fb0) [0090.127] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8701d0000, lpmodinfo=0x225ceb0, cb=0x18 | out: lpmodinfo=0x225ceb0*(lpBaseOfDll=0x7ff8701d0000, SizeOfImage=0x82000, EntryPoint=0x7ff870221550)) returned 1 [0090.133] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0090.133] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8701d0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="msdelta.dll") returned 0xb [0090.138] CoTaskMemFree (pv=0x551f70) [0090.138] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0090.138] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8701d0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msdelta.dll" (normalized: "c:\\windows\\system32\\msdelta.dll")) returned 0x1f [0090.145] CoTaskMemFree (pv=0x550740) [0090.145] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpmodinfo=0x225f058, cb=0x18 | out: lpmodinfo=0x225f058*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0090.149] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0090.150] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="cryptsp.dll") returned 0xb [0090.154] CoTaskMemFree (pv=0x552780) [0090.154] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0090.154] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0090.159] CoTaskMemFree (pv=0x54f720) [0090.160] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpmodinfo=0x2261200, cb=0x18 | out: lpmodinfo=0x2261200*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0090.164] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0090.165] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0090.170] CoTaskMemFree (pv=0x553fb0) [0090.170] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0090.170] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0090.183] CoTaskMemFree (pv=0x54def0) [0090.183] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870150000, lpmodinfo=0x22633a8, cb=0x18 | out: lpmodinfo=0x22633a8*(lpBaseOfDll=0x7ff870150000, SizeOfImage=0x75000, EntryPoint=0x7ff87017d4f0)) returned 1 [0090.190] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0090.190] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870150000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="AppVIsvApi.dll") returned 0xe [0090.196] CoTaskMemFree (pv=0x551760) [0090.196] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0090.196] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870150000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppVIsvApi.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvapi.dll")) returned 0x48 [0090.202] CoTaskMemFree (pv=0x5537a0) [0090.202] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d0a0000, lpmodinfo=0x22655b0, cb=0x18 | out: lpmodinfo=0x22655b0*(lpBaseOfDll=0x7ff87d0a0000, SizeOfImage=0x17000, EntryPoint=0x7ff87d0a1390)) returned 1 [0090.207] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0090.207] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d0a0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="NETAPI32.dll") returned 0xc [0090.212] CoTaskMemFree (pv=0x551f70) [0090.212] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0090.212] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d0a0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NETAPI32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")) returned 0x20 [0090.227] CoTaskMemFree (pv=0x551760) [0090.227] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870010000, lpmodinfo=0x2267768, cb=0x18 | out: lpmodinfo=0x2267768*(lpBaseOfDll=0x7ff870010000, SizeOfImage=0x13f000, EntryPoint=0x7ff8700705e4)) returned 1 [0090.233] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0090.233] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870010000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="APPVPOLICY.dll") returned 0xe [0090.238] CoTaskMemFree (pv=0x550f50) [0090.238] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0090.238] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870010000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\APPVPOLICY.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvpolicy.dll")) returned 0x48 [0090.243] CoTaskMemFree (pv=0x54def0) [0090.243] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86ff60000, lpmodinfo=0x2269970, cb=0x18 | out: lpmodinfo=0x2269970*(lpBaseOfDll=0x7ff86ff60000, SizeOfImage=0xa6000, EntryPoint=0x7ff86ffaefec)) returned 1 [0090.248] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0090.248] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86ff60000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="MSVCP120.dll") returned 0xc [0090.254] CoTaskMemFree (pv=0x54f720) [0090.254] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0090.254] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86ff60000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\MSVCP120.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\msvcp120.dll")) returned 0x46 [0090.260] CoTaskMemFree (pv=0x54d6e0) [0090.260] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86fe70000, lpmodinfo=0x226bb70, cb=0x18 | out: lpmodinfo=0x226bb70*(lpBaseOfDll=0x7ff86fe70000, SizeOfImage=0xef000, EntryPoint=0x7ff86fe929cc)) returned 1 [0090.267] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0090.267] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86fe70000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="MSVCR120.dll") returned 0xc [0090.272] CoTaskMemFree (pv=0x54ff30) [0090.272] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0090.273] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86fe70000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\MSVCR120.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\msvcr120.dll")) returned 0x46 [0090.278] CoTaskMemFree (pv=0x551760) [0090.278] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpmodinfo=0x226dd70, cb=0x18 | out: lpmodinfo=0x226dd70*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0090.283] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0090.284] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0090.289] CoTaskMemFree (pv=0x54def0) [0090.289] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0090.289] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0090.294] CoTaskMemFree (pv=0x54f720) [0090.294] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpmodinfo=0x226ff18, cb=0x18 | out: lpmodinfo=0x226ff18*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0090.305] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0090.305] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="NETUTILS.DLL") returned 0xc [0090.311] CoTaskMemFree (pv=0x54def0) [0090.311] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0090.311] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NETUTILS.DLL" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0090.317] CoTaskMemFree (pv=0x54ef10) [0090.317] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875a10000, lpmodinfo=0x22720d0, cb=0x18 | out: lpmodinfo=0x22720d0*(lpBaseOfDll=0x7ff875a10000, SizeOfImage=0x19000, EntryPoint=0x7ff875a14520)) returned 1 [0090.322] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0090.322] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875a10000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="SAMCLI.DLL") returned 0xa [0090.328] CoTaskMemFree (pv=0x54d6e0) [0090.328] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0090.328] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875a10000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SAMCLI.DLL" (normalized: "c:\\windows\\system32\\samcli.dll")) returned 0x1e [0090.334] CoTaskMemFree (pv=0x550740) [0090.334] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86fd80000, lpmodinfo=0x2274690, cb=0x18 | out: lpmodinfo=0x2274690*(lpBaseOfDll=0x7ff86fd80000, SizeOfImage=0xea000, EntryPoint=0x7ff86fdeca10)) returned 1 [0090.341] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0090.341] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86fd80000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="AppVOrchestration.dll") returned 0x15 [0090.347] CoTaskMemFree (pv=0x54e700) [0090.347] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0090.347] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86fd80000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppVOrchestration.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvorchestration.dll")) returned 0x4f [0090.353] CoTaskMemFree (pv=0x5547c0) [0090.353] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86fd40000, lpmodinfo=0x22768b0, cb=0x18 | out: lpmodinfo=0x22768b0*(lpBaseOfDll=0x7ff86fd40000, SizeOfImage=0x36000, EntryPoint=0x7ff86fd4daa0)) returned 1 [0090.373] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0090.373] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86fd40000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="AppVIsvStreamingManager.dll") returned 0x1b [0090.378] CoTaskMemFree (pv=0x54f720) [0090.378] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0090.379] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86fd40000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppVIsvStreamingManager.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstreamingmanager.dll")) returned 0x55 [0090.384] CoTaskMemFree (pv=0x54def0) [0090.384] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86fc10000, lpmodinfo=0x2278ae8, cb=0x18 | out: lpmodinfo=0x2278ae8*(lpBaseOfDll=0x7ff86fc10000, SizeOfImage=0x12f000, EntryPoint=0x7ff86fc6f2a4)) returned 1 [0090.391] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0090.391] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86fc10000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="APPVMANIFEST.dll") returned 0x10 [0090.397] CoTaskMemFree (pv=0x5537a0) [0090.397] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0090.397] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86fc10000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\APPVMANIFEST.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvmanifest.dll")) returned 0x4a [0090.404] CoTaskMemFree (pv=0x54def0) [0090.404] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86fb60000, lpmodinfo=0x227acf8, cb=0x18 | out: lpmodinfo=0x227acf8*(lpBaseOfDll=0x7ff86fb60000, SizeOfImage=0xa2000, EntryPoint=0x7ff86fba988c)) returned 1 [0090.410] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0090.410] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86fb60000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="AppVCatalog.dll") returned 0xf [0090.416] CoTaskMemFree (pv=0x550740) [0090.416] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0090.416] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86fb60000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppVCatalog.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvcatalog.dll")) returned 0x49 [0090.422] CoTaskMemFree (pv=0x5537a0) [0090.422] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86fad0000, lpmodinfo=0x227cf00, cb=0x18 | out: lpmodinfo=0x227cf00*(lpBaseOfDll=0x7ff86fad0000, SizeOfImage=0x8d000, EntryPoint=0x7ff86fb10cc4)) returned 1 [0090.430] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0090.430] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86fad0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="AppVIsvVirtualization.dll") returned 0x19 [0090.435] CoTaskMemFree (pv=0x552f90) [0090.435] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0090.435] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86fad0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppVIsvVirtualization.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvvirtualization.dll")) returned 0x53 [0090.441] CoTaskMemFree (pv=0x54ff30) [0090.441] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87eec0000, lpmodinfo=0x227f130, cb=0x18 | out: lpmodinfo=0x227f130*(lpBaseOfDll=0x7ff87eec0000, SizeOfImage=0x8000, EntryPoint=0x7ff87eec10b0)) returned 1 [0090.448] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0090.448] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87eec0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="PSAPI.DLL") returned 0x9 [0090.455] CoTaskMemFree (pv=0x5547c0) [0090.455] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0090.455] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87eec0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PSAPI.DLL" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0090.467] CoTaskMemFree (pv=0x54d6e0) [0090.467] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f8c0000, lpmodinfo=0x22812d8, cb=0x18 | out: lpmodinfo=0x22812d8*(lpBaseOfDll=0x7ff86f8c0000, SizeOfImage=0x20a000, EntryPoint=0x7ff86f9bb0a0)) returned 1 [0090.473] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0090.473] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f8c0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="AppVIntegration.dll") returned 0x13 [0090.479] CoTaskMemFree (pv=0x54f720) [0090.479] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0090.479] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f8c0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppVIntegration.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvintegration.dll")) returned 0x4d [0090.485] CoTaskMemFree (pv=0x54f720) [0090.485] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f760000, lpmodinfo=0x22834f0, cb=0x18 | out: lpmodinfo=0x22834f0*(lpBaseOfDll=0x7ff86f760000, SizeOfImage=0x15a000, EntryPoint=0x7ff86f81565c)) returned 1 [0090.491] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0090.491] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f760000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="AppVIsvSubsystemController.dll") returned 0x1e [0090.498] CoTaskMemFree (pv=0x5547c0) [0090.498] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0090.498] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f760000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppVIsvSubsystemController.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystemcontroller.dll")) returned 0x58 [0090.513] CoTaskMemFree (pv=0x5547c0) [0090.513] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f710000, lpmodinfo=0x2285738, cb=0x18 | out: lpmodinfo=0x2285738*(lpBaseOfDll=0x7ff86f710000, SizeOfImage=0x4d000, EntryPoint=0x7ff86f72792c)) returned 1 [0090.520] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0090.520] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f710000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="APPVFILESYSTEMMETADATA.dll") returned 0x1a [0090.526] CoTaskMemFree (pv=0x54ef10) [0090.526] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0090.526] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f710000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\APPVFILESYSTEMMETADATA.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvfilesystemmetadata.dll")) returned 0x54 [0090.533] CoTaskMemFree (pv=0x54d6e0) [0090.533] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x2287970, cb=0x18 | out: lpmodinfo=0x2287970*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0090.539] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0090.539] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0090.546] CoTaskMemFree (pv=0x550f50) [0090.546] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0090.546] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0090.575] CoTaskMemFree (pv=0x54e700) [0090.575] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8727c0000, lpmodinfo=0x2289b18, cb=0x18 | out: lpmodinfo=0x2289b18*(lpBaseOfDll=0x7ff8727c0000, SizeOfImage=0x40000, EntryPoint=0x7ff8727d6c60)) returned 1 [0090.582] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0090.582] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8727c0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0090.589] CoTaskMemFree (pv=0x5537a0) [0090.589] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0090.589] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8727c0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0090.595] CoTaskMemFree (pv=0x54def0) [0090.595] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874a90000, lpmodinfo=0x228bcd0, cb=0x18 | out: lpmodinfo=0x228bcd0*(lpBaseOfDll=0x7ff874a90000, SizeOfImage=0xe000, EntryPoint=0x7ff874a91460)) returned 1 [0090.602] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0090.602] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874a90000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0090.622] CoTaskMemFree (pv=0x551f70) [0090.622] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0090.622] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874a90000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0090.629] CoTaskMemFree (pv=0x550740) [0090.629] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86efa0000, lpmodinfo=0x228de88, cb=0x18 | out: lpmodinfo=0x228de88*(lpBaseOfDll=0x7ff86efa0000, SizeOfImage=0x11000, EntryPoint=0x7ff86efa2fc0)) returned 1 [0090.635] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0090.635] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86efa0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0090.642] CoTaskMemFree (pv=0x5547c0) [0090.642] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0090.642] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86efa0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0090.649] CoTaskMemFree (pv=0x552f90) [0090.649] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870c70000, lpmodinfo=0x2290048, cb=0x18 | out: lpmodinfo=0x2290048*(lpBaseOfDll=0x7ff870c70000, SizeOfImage=0x7f000, EntryPoint=0x7ff870c87110)) returned 1 [0090.676] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0090.676] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870c70000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="wbemcomn.dll") returned 0xc [0090.683] CoTaskMemFree (pv=0x550f50) [0090.683] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0090.683] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870c70000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")) returned 0x20 [0090.691] CoTaskMemFree (pv=0x550f50) [0090.691] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e970000, lpmodinfo=0x2292200, cb=0x18 | out: lpmodinfo=0x2292200*(lpBaseOfDll=0x7ff86e970000, SizeOfImage=0x14000, EntryPoint=0x7ff86e971800)) returned 1 [0090.706] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0090.706] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e970000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0090.714] CoTaskMemFree (pv=0x552780) [0090.714] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0090.714] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e970000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0090.724] CoTaskMemFree (pv=0x5537a0) [0090.724] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e990000, lpmodinfo=0x22943b8, cb=0x18 | out: lpmodinfo=0x22943b8*(lpBaseOfDll=0x7ff86e990000, SizeOfImage=0xf6000, EntryPoint=0x7ff86e9c9590)) returned 1 [0090.731] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0090.731] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e990000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="fastprox.dll") returned 0xc [0090.738] CoTaskMemFree (pv=0x550f50) [0090.738] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0090.738] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e990000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0090.745] CoTaskMemFree (pv=0x54ef10) [0090.745] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d640000, lpmodinfo=0x2296578, cb=0x18 | out: lpmodinfo=0x2296578*(lpBaseOfDll=0x7ff87d640000, SizeOfImage=0x7000, EntryPoint=0x0)) returned 1 [0090.755] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0090.755] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d640000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="Normaliz.dll") returned 0xc [0090.783] CoTaskMemFree (pv=0x54f720) [0090.783] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0090.783] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d640000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll")) returned 0x20 [0090.794] CoTaskMemFree (pv=0x552f90) [0090.794] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878b20000, lpmodinfo=0x2298730, cb=0x18 | out: lpmodinfo=0x2298730*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0090.801] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0090.801] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878b20000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="WINHTTP.dll") returned 0xb [0090.809] CoTaskMemFree (pv=0x5547c0) [0090.809] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0090.810] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878b20000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINHTTP.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0090.864] CoTaskMemFree (pv=0x551760) [0090.864] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpmodinfo=0x229a8d8, cb=0x18 | out: lpmodinfo=0x229a8d8*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0090.871] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0090.871] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0090.878] CoTaskMemFree (pv=0x54def0) [0090.878] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0090.878] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0090.885] CoTaskMemFree (pv=0x54f720) [0090.885] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875270000, lpmodinfo=0x229ca70, cb=0x18 | out: lpmodinfo=0x229ca70*(lpBaseOfDll=0x7ff875270000, SizeOfImage=0x16000, EntryPoint=0x7ff8752719f0)) returned 1 [0090.892] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0090.892] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875270000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0091.009] CoTaskMemFree (pv=0x551f70) [0091.009] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0091.009] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875270000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0091.018] CoTaskMemFree (pv=0x5537a0) [0091.018] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875250000, lpmodinfo=0x229ec28, cb=0x18 | out: lpmodinfo=0x229ec28*(lpBaseOfDll=0x7ff875250000, SizeOfImage=0x1a000, EntryPoint=0x7ff875252430)) returned 1 [0091.025] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0091.025] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875250000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0091.032] CoTaskMemFree (pv=0x54ff30) [0091.032] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0091.032] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875250000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0091.053] CoTaskMemFree (pv=0x551760) [0091.053] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874ab0000, lpmodinfo=0x22a0de0, cb=0x18 | out: lpmodinfo=0x22a0de0*(lpBaseOfDll=0x7ff874ab0000, SizeOfImage=0x15000, EntryPoint=0x7ff874ab2dc0)) returned 1 [0091.060] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0091.060] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874ab0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0091.068] CoTaskMemFree (pv=0x54ff30) [0091.068] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0091.068] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874ab0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0091.075] CoTaskMemFree (pv=0x54d6e0) [0091.075] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870840000, lpmodinfo=0x22a2fc8, cb=0x18 | out: lpmodinfo=0x22a2fc8*(lpBaseOfDll=0x7ff870840000, SizeOfImage=0x1b8000, EntryPoint=0x7ff8708ae630)) returned 1 [0091.082] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0091.082] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870840000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="urlmon.dll") returned 0xa [0091.089] CoTaskMemFree (pv=0x551760) [0091.089] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0091.089] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870840000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")) returned 0x1e [0091.098] CoTaskMemFree (pv=0x54f720) [0091.098] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpmodinfo=0x22a5170, cb=0x18 | out: lpmodinfo=0x22a5170*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0091.106] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0091.106] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0091.114] CoTaskMemFree (pv=0x550f50) [0091.114] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0091.114] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0091.122] CoTaskMemFree (pv=0x54def0) [0091.122] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86ec80000, lpmodinfo=0x22a7328, cb=0x18 | out: lpmodinfo=0x22a7328*(lpBaseOfDll=0x7ff86ec80000, SizeOfImage=0x28e000, EntryPoint=0x7ff86ed50f00)) returned 1 [0091.131] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0091.131] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86ec80000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="WININET.dll") returned 0xb [0091.139] CoTaskMemFree (pv=0x54e700) [0091.139] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0091.139] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86ec80000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WININET.dll" (normalized: "c:\\windows\\system32\\wininet.dll")) returned 0x1f [0091.147] CoTaskMemFree (pv=0x5547c0) [0091.147] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b030000, lpmodinfo=0x22a94d0, cb=0x18 | out: lpmodinfo=0x22a94d0*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0091.154] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0091.154] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b030000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0091.161] CoTaskMemFree (pv=0x54ff30) [0091.161] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0091.161] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b030000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0091.182] CoTaskMemFree (pv=0x54ef10) [0091.182] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87be90000, lpmodinfo=0x22ab678, cb=0x18 | out: lpmodinfo=0x22ab678*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0091.190] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0091.190] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0091.198] CoTaskMemFree (pv=0x550740) [0091.198] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0091.198] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0091.206] CoTaskMemFree (pv=0x5537a0) [0091.206] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpmodinfo=0x22ad820, cb=0x18 | out: lpmodinfo=0x22ad820*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0091.235] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0091.235] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0091.243] CoTaskMemFree (pv=0x552f90) [0091.243] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0091.243] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0091.251] CoTaskMemFree (pv=0x551f70) [0091.251] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86d180000, lpmodinfo=0x22af9c8, cb=0x18 | out: lpmodinfo=0x22af9c8*(lpBaseOfDll=0x7ff86d180000, SizeOfImage=0x80000, EntryPoint=0x7ff86d1ad280)) returned 1 [0091.259] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0091.259] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86d180000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0091.267] CoTaskMemFree (pv=0x54ff30) [0091.267] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0091.267] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86d180000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")) returned 0x1d [0091.281] CoTaskMemFree (pv=0x54def0) [0091.281] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874830000, lpmodinfo=0x22b1b70, cb=0x18 | out: lpmodinfo=0x22b1b70*(lpBaseOfDll=0x7ff874830000, SizeOfImage=0xa000, EntryPoint=0x7ff8748314c0)) returned 1 [0091.289] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0091.289] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874830000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0091.297] CoTaskMemFree (pv=0x552f90) [0091.297] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0091.297] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874830000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0091.305] CoTaskMemFree (pv=0x54f720) [0091.305] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpmodinfo=0x22b3d28, cb=0x18 | out: lpmodinfo=0x22b3d28*(lpBaseOfDll=0x7ff874fc0000, SizeOfImage=0x67000, EntryPoint=0x7ff874fc63e0)) returned 1 [0091.314] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0091.314] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0091.323] CoTaskMemFree (pv=0x54ff30) [0091.323] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0091.323] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0091.331] CoTaskMemFree (pv=0x553fb0) [0091.331] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bb10000, lpmodinfo=0x22b5ee0, cb=0x18 | out: lpmodinfo=0x22b5ee0*(lpBaseOfDll=0x7ff87bb10000, SizeOfImage=0x7a000, EntryPoint=0x7ff87bb31a50)) returned 1 [0091.339] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0091.339] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bb10000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0091.355] CoTaskMemFree (pv=0x553fb0) [0091.355] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0091.355] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bb10000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0091.367] CoTaskMemFree (pv=0x551f70) [0091.367] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c8b0000, lpmodinfo=0x22b8098, cb=0x18 | out: lpmodinfo=0x22b8098*(lpBaseOfDll=0x7ff86c8b0000, SizeOfImage=0x14000, EntryPoint=0x7ff86c8b3710)) returned 1 [0091.395] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0091.395] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c8b0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0091.404] CoTaskMemFree (pv=0x552780) [0091.404] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0091.404] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c8b0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0091.427] CoTaskMemFree (pv=0x551f70) [0091.427] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c960000, lpmodinfo=0x22ba260, cb=0x18 | out: lpmodinfo=0x22ba260*(lpBaseOfDll=0x7ff86c960000, SizeOfImage=0x1e000, EntryPoint=0x7ff86c96ef80)) returned 1 [0091.437] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0091.437] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c960000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0091.445] CoTaskMemFree (pv=0x550f50) [0091.445] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0091.445] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c960000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0091.454] CoTaskMemFree (pv=0x552780) [0091.454] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872800000, lpmodinfo=0x22bc418, cb=0x18 | out: lpmodinfo=0x22bc418*(lpBaseOfDll=0x7ff872800000, SizeOfImage=0x162000, EntryPoint=0x7ff872851b30)) returned 1 [0091.465] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0091.465] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872800000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="webservices.dll") returned 0xf [0091.474] CoTaskMemFree (pv=0x550f50) [0091.474] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0091.474] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872800000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\webservices.dll" (normalized: "c:\\windows\\system32\\webservices.dll")) returned 0x23 [0091.481] CoTaskMemFree (pv=0x552f90) [0091.481] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpmodinfo=0x22be5d0, cb=0x18 | out: lpmodinfo=0x22be5d0*(lpBaseOfDll=0x7ff87bc10000, SizeOfImage=0xa000, EntryPoint=0x7ff87bc11830)) returned 1 [0091.489] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0091.489] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="DPAPI.DLL") returned 0x9 [0091.501] CoTaskMemFree (pv=0x54e700) [0091.501] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0091.501] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DPAPI.DLL" (normalized: "c:\\windows\\system32\\dpapi.dll")) returned 0x1d [0091.510] CoTaskMemFree (pv=0x54d6e0) [0091.510] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872540000, lpmodinfo=0x22c0778, cb=0x18 | out: lpmodinfo=0x22c0778*(lpBaseOfDll=0x7ff872540000, SizeOfImage=0x27a000, EntryPoint=0x7ff87255a7a0)) returned 1 [0091.518] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0091.518] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872540000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="msxml6.dll") returned 0xa [0091.528] CoTaskMemFree (pv=0x54ef10) [0091.528] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0091.528] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872540000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")) returned 0x1e [0091.550] CoTaskMemFree (pv=0x552f90) [0091.551] CloseHandle (hObject=0x25c) returned 1 [0091.553] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0091.553] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1180) returned 0x25c [0091.553] EnumProcessModules (in: hProcess=0x25c, lphModule=0x22c5040, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22c5040, lpcbNeeded=0x14ef68) returned 1 [0091.554] GetModuleInformation (in: hProcess=0x25c, hModule=0xaf0000, lpmodinfo=0x22c52b0, cb=0x18 | out: lpmodinfo=0x22c52b0*(lpBaseOfDll=0xaf0000, SizeOfImage=0x17000, EntryPoint=0xaf14a1)) returned 1 [0091.554] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0091.554] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xaf0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="mxslipstream.exe") returned 0x10 [0091.555] CoTaskMemFree (pv=0x553fb0) [0091.555] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0091.555] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xaf0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Journal\\mxslipstream.exe" (normalized: "c:\\program files\\windows journal\\mxslipstream.exe")) returned 0x31 [0091.555] CoTaskMemFree (pv=0x550740) [0091.555] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x22c74c8, cb=0x18 | out: lpmodinfo=0x22c74c8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0091.556] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0091.556] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0091.556] CoTaskMemFree (pv=0x550f50) [0091.556] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0091.556] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0091.557] CoTaskMemFree (pv=0x551760) [0091.557] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x22c9670, cb=0x18 | out: lpmodinfo=0x22c9670*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0091.557] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0091.557] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0091.558] CoTaskMemFree (pv=0x550f50) [0091.558] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0091.558] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0091.559] CoTaskMemFree (pv=0x54ff30) [0091.559] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x22cb818, cb=0x18 | out: lpmodinfo=0x22cb818*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0091.559] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0091.559] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0091.560] CoTaskMemFree (pv=0x550740) [0091.560] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0091.560] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0091.561] CoTaskMemFree (pv=0x54ff30) [0091.561] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x22cd9d0, cb=0x18 | out: lpmodinfo=0x22cd9d0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0091.561] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0091.561] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0091.562] CoTaskMemFree (pv=0x54ef10) [0091.562] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0091.562] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0091.563] CoTaskMemFree (pv=0x551760) [0091.563] CloseHandle (hObject=0x25c) returned 1 [0091.563] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0091.563] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x294) returned 0x25c [0091.563] EnumProcessModules (in: hProcess=0x25c, lphModule=0x22d01a8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22d01a8, lpcbNeeded=0x14ef68) returned 1 [0091.566] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpmodinfo=0x22d0418, cb=0x18 | out: lpmodinfo=0x22d0418*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0091.567] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0091.567] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0091.567] CoTaskMemFree (pv=0x54d6e0) [0091.567] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0091.567] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0091.568] CoTaskMemFree (pv=0x5537a0) [0091.568] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x22d25f8, cb=0x18 | out: lpmodinfo=0x22d25f8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0091.569] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0091.569] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0091.569] CoTaskMemFree (pv=0x551760) [0091.569] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0091.569] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0091.570] CoTaskMemFree (pv=0x54f720) [0091.570] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x22d47a0, cb=0x18 | out: lpmodinfo=0x22d47a0*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0091.574] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0091.574] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0091.576] CoTaskMemFree (pv=0x550740) [0091.576] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0091.576] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0091.576] CoTaskMemFree (pv=0x54f720) [0091.576] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x22d6958, cb=0x18 | out: lpmodinfo=0x22d6958*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0091.577] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0091.577] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0091.578] CoTaskMemFree (pv=0x552780) [0091.578] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0091.578] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0091.579] CoTaskMemFree (pv=0x552f90) [0091.579] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x22d8b10, cb=0x18 | out: lpmodinfo=0x22d8b10*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0091.580] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0091.580] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0091.581] CoTaskMemFree (pv=0x54def0) [0091.581] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0091.581] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0091.582] CoTaskMemFree (pv=0x551f70) [0091.582] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x22dad10, cb=0x18 | out: lpmodinfo=0x22dad10*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0091.583] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0091.583] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0091.584] CoTaskMemFree (pv=0x5537a0) [0091.584] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0091.584] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0091.586] CoTaskMemFree (pv=0x5547c0) [0091.586] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b760000, lpmodinfo=0x22dceb8, cb=0x18 | out: lpmodinfo=0x22dceb8*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0091.587] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0091.587] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0091.588] CoTaskMemFree (pv=0x551f70) [0091.588] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0091.588] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0091.589] CoTaskMemFree (pv=0x54e700) [0091.589] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b4a0000, lpmodinfo=0x22df070, cb=0x18 | out: lpmodinfo=0x22df070*(lpBaseOfDll=0x7ff87b4a0000, SizeOfImage=0x17000, EntryPoint=0x7ff87b4a6180)) returned 1 [0091.591] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0091.591] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b4a0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="rpcepmap.dll") returned 0xc [0091.592] CoTaskMemFree (pv=0x552780) [0091.592] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0091.592] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b4a0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\rpcepmap.dll" (normalized: "c:\\windows\\system32\\rpcepmap.dll")) returned 0x20 [0091.598] CoTaskMemFree (pv=0x54def0) [0091.598] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x22e1228, cb=0x18 | out: lpmodinfo=0x22e1228*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0091.599] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0091.599] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="sspicli.dll") returned 0xb [0091.600] CoTaskMemFree (pv=0x5547c0) [0091.600] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0091.600] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0091.602] CoTaskMemFree (pv=0x54e700) [0091.602] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b480000, lpmodinfo=0x22e3468, cb=0x18 | out: lpmodinfo=0x22e3468*(lpBaseOfDll=0x7ff87b480000, SizeOfImage=0x13000, EntryPoint=0x7ff87b481b60)) returned 1 [0091.603] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0091.603] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b480000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0091.604] CoTaskMemFree (pv=0x54ff30) [0091.604] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0091.604] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b480000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0091.605] CoTaskMemFree (pv=0x54d6e0) [0091.605] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b4c0000, lpmodinfo=0x22e5620, cb=0x18 | out: lpmodinfo=0x22e5620*(lpBaseOfDll=0x7ff87b4c0000, SizeOfImage=0xe3000, EntryPoint=0x7ff87b51e0b0)) returned 1 [0091.606] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0091.606] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b4c0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="rpcss.dll") returned 0x9 [0091.608] CoTaskMemFree (pv=0x552780) [0091.608] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0091.608] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b4c0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")) returned 0x1d [0091.609] CoTaskMemFree (pv=0x54ef10) [0091.609] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x22e77c8, cb=0x18 | out: lpmodinfo=0x22e77c8*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0091.610] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0091.610] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0091.612] CoTaskMemFree (pv=0x550740) [0091.612] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0091.612] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0091.613] CoTaskMemFree (pv=0x54e700) [0091.613] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x22e9970, cb=0x18 | out: lpmodinfo=0x22e9970*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0091.614] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0091.614] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0091.616] CoTaskMemFree (pv=0x54e700) [0091.616] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0091.616] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0091.617] CoTaskMemFree (pv=0x551f70) [0091.617] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x22ebb18, cb=0x18 | out: lpmodinfo=0x22ebb18*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0091.618] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0091.619] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0091.620] CoTaskMemFree (pv=0x551f70) [0091.620] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0091.620] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0091.622] CoTaskMemFree (pv=0x54def0) [0091.622] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpmodinfo=0x22edcf0, cb=0x18 | out: lpmodinfo=0x22edcf0*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0091.623] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0091.623] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0091.625] CoTaskMemFree (pv=0x5547c0) [0091.625] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0091.625] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0091.626] CoTaskMemFree (pv=0x550f50) [0091.626] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87be90000, lpmodinfo=0x22efe98, cb=0x18 | out: lpmodinfo=0x22efe98*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0091.629] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0091.629] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0091.630] CoTaskMemFree (pv=0x551760) [0091.630] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0091.630] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0091.634] CoTaskMemFree (pv=0x551f70) [0091.634] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x22f2040, cb=0x18 | out: lpmodinfo=0x22f2040*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0091.635] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0091.635] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0091.637] CoTaskMemFree (pv=0x550740) [0091.637] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0091.637] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0091.639] CoTaskMemFree (pv=0x551760) [0091.639] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87cdb0000, lpmodinfo=0x22f4310, cb=0x18 | out: lpmodinfo=0x22f4310*(lpBaseOfDll=0x7ff87cdb0000, SizeOfImage=0x86000, EntryPoint=0x7ff87cdbd8f0)) returned 1 [0091.641] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0091.641] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87cdb0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="FirewallAPI.dll") returned 0xf [0091.643] CoTaskMemFree (pv=0x54d6e0) [0091.643] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0091.643] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87cdb0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0091.644] CoTaskMemFree (pv=0x54d6e0) [0091.644] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b340000, lpmodinfo=0x22f64c8, cb=0x18 | out: lpmodinfo=0x22f64c8*(lpBaseOfDll=0x7ff87b340000, SizeOfImage=0x32000, EntryPoint=0x7ff87b352340)) returned 1 [0091.646] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0091.646] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b340000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="fwbase.dll") returned 0xa [0091.648] CoTaskMemFree (pv=0x54def0) [0091.648] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0091.648] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b340000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")) returned 0x1e [0091.650] CoTaskMemFree (pv=0x5537a0) [0091.650] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x22f8670, cb=0x18 | out: lpmodinfo=0x22f8670*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0091.652] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0091.652] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0091.654] CoTaskMemFree (pv=0x54ff30) [0091.654] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0091.654] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0091.656] CoTaskMemFree (pv=0x54def0) [0091.656] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x22fa838, cb=0x18 | out: lpmodinfo=0x22fa838*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0091.658] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0091.658] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0091.660] CoTaskMemFree (pv=0x54e700) [0091.660] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0091.660] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0091.662] CoTaskMemFree (pv=0x54e700) [0091.662] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x22fc9e0, cb=0x18 | out: lpmodinfo=0x22fc9e0*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0091.664] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0091.664] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0091.666] CoTaskMemFree (pv=0x550740) [0091.666] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0091.666] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0091.670] CoTaskMemFree (pv=0x54ff30) [0091.670] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875b40000, lpmodinfo=0x22feb98, cb=0x18 | out: lpmodinfo=0x22feb98*(lpBaseOfDll=0x7ff875b40000, SizeOfImage=0x10000, EntryPoint=0x7ff875b42c60)) returned 1 [0091.672] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0091.672] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875b40000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="usermgrcli.dll") returned 0xe [0091.674] CoTaskMemFree (pv=0x553fb0) [0091.674] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0091.674] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875b40000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")) returned 0x22 [0091.676] CoTaskMemFree (pv=0x552f90) [0091.676] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpmodinfo=0x2300d50, cb=0x18 | out: lpmodinfo=0x2300d50*(lpBaseOfDll=0x7ff874fc0000, SizeOfImage=0x67000, EntryPoint=0x7ff874fc63e0)) returned 1 [0091.678] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0091.679] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0091.681] CoTaskMemFree (pv=0x550f50) [0091.681] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0091.681] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0091.683] CoTaskMemFree (pv=0x54e700) [0091.683] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x2302f08, cb=0x18 | out: lpmodinfo=0x2302f08*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0091.685] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0091.686] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0091.688] CoTaskMemFree (pv=0x551760) [0091.688] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0091.688] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0091.691] CoTaskMemFree (pv=0x551f70) [0091.691] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873ae0000, lpmodinfo=0x23050b0, cb=0x18 | out: lpmodinfo=0x23050b0*(lpBaseOfDll=0x7ff873ae0000, SizeOfImage=0x1b000, EntryPoint=0x7ff873aeaf40)) returned 1 [0091.693] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0091.693] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873ae0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="capauthz.dll") returned 0xc [0091.695] CoTaskMemFree (pv=0x552f90) [0091.695] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0091.695] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873ae0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll")) returned 0x20 [0091.698] CoTaskMemFree (pv=0x54d6e0) [0091.698] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpmodinfo=0x2307268, cb=0x18 | out: lpmodinfo=0x2307268*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0091.700] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0091.700] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0091.703] CoTaskMemFree (pv=0x552780) [0091.703] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0091.703] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0091.750] CoTaskMemFree (pv=0x552f90) [0091.750] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpmodinfo=0x2309420, cb=0x18 | out: lpmodinfo=0x2309420*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0091.752] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0091.752] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0091.755] CoTaskMemFree (pv=0x54ef10) [0091.755] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0091.755] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0091.758] CoTaskMemFree (pv=0x550f50) [0091.758] CloseHandle (hObject=0x25c) returned 1 [0091.758] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0091.758] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xca8) returned 0x25c [0091.758] EnumProcessModules (in: hProcess=0x25c, lphModule=0x230c378, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x230c378, lpcbNeeded=0x14ef68) returned 1 [0091.759] GetModuleInformation (in: hProcess=0x25c, hModule=0x13c0000, lpmodinfo=0x230c5e8, cb=0x18 | out: lpmodinfo=0x230c5e8*(lpBaseOfDll=0x13c0000, SizeOfImage=0x17000, EntryPoint=0x13c14a1)) returned 1 [0091.759] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0091.759] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x13c0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="back.exe") returned 0x8 [0091.760] CoTaskMemFree (pv=0x54ff30) [0091.760] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0091.760] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x13c0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Reference Assemblies\\back.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\back.exe")) returned 0x34 [0091.760] CoTaskMemFree (pv=0x54f720) [0091.760] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x230e7f8, cb=0x18 | out: lpmodinfo=0x230e7f8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0091.761] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0091.761] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0091.761] CoTaskMemFree (pv=0x54e700) [0091.761] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0091.761] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0091.762] CoTaskMemFree (pv=0x551f70) [0091.762] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x23109a0, cb=0x18 | out: lpmodinfo=0x23109a0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0091.763] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0091.763] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0091.763] CoTaskMemFree (pv=0x5537a0) [0091.763] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0091.763] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0091.764] CoTaskMemFree (pv=0x551760) [0091.764] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2312b48, cb=0x18 | out: lpmodinfo=0x2312b48*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0091.764] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0091.764] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0091.765] CoTaskMemFree (pv=0x54e700) [0091.765] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0091.765] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0091.766] CoTaskMemFree (pv=0x551f70) [0091.766] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x2314d00, cb=0x18 | out: lpmodinfo=0x2314d00*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0091.766] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0091.766] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0091.767] CoTaskMemFree (pv=0x551f70) [0091.767] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0091.767] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0091.768] CoTaskMemFree (pv=0x551760) [0091.768] CloseHandle (hObject=0x25c) returned 1 [0091.768] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0091.768] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1124) returned 0x25c [0091.768] EnumProcessModules (in: hProcess=0x25c, lphModule=0x23174d8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23174d8, lpcbNeeded=0x14ef68) returned 1 [0091.769] GetModuleInformation (in: hProcess=0x25c, hModule=0xf60000, lpmodinfo=0x2317748, cb=0x18 | out: lpmodinfo=0x2317748*(lpBaseOfDll=0xf60000, SizeOfImage=0x17000, EntryPoint=0xf614a1)) returned 1 [0091.769] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0091.769] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xf60000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="ccv_server.exe") returned 0xe [0091.770] CoTaskMemFree (pv=0x54ff30) [0091.770] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0091.770] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xf60000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\ccv_server.exe" (normalized: "c:\\program files (x86)\\windows media player\\ccv_server.exe")) returned 0x3a [0091.770] CoTaskMemFree (pv=0x551760) [0091.770] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2319968, cb=0x18 | out: lpmodinfo=0x2319968*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0091.771] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0091.771] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0091.771] CoTaskMemFree (pv=0x5547c0) [0091.771] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0091.771] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0091.772] CoTaskMemFree (pv=0x553fb0) [0091.772] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x231bb10, cb=0x18 | out: lpmodinfo=0x231bb10*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0091.772] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0091.772] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0091.773] CoTaskMemFree (pv=0x553fb0) [0091.773] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0091.773] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0091.774] CoTaskMemFree (pv=0x550740) [0091.774] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x231dcb8, cb=0x18 | out: lpmodinfo=0x231dcb8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0091.774] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0091.774] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0091.775] CoTaskMemFree (pv=0x54f720) [0091.775] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0091.775] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0091.776] CoTaskMemFree (pv=0x5537a0) [0091.776] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x231fe70, cb=0x18 | out: lpmodinfo=0x231fe70*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0091.776] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0091.776] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0091.777] CoTaskMemFree (pv=0x54d6e0) [0091.777] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0091.777] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0091.778] CoTaskMemFree (pv=0x54d6e0) [0091.778] CloseHandle (hObject=0x25c) returned 1 [0091.778] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0091.778] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xef4) returned 0x0 [0091.778] EnumProcesses (in: lpidProcess=0x2322648, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x2322648, lpcbNeeded=0x14ee58) returned 1 [0091.787] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x14eab0, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0091.790] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x67c) returned 0x25c [0091.790] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2323378, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2323378, lpcbNeeded=0x14ef68) returned 1 [0091.791] GetModuleInformation (in: hProcess=0x25c, hModule=0xe40000, lpmodinfo=0x23235e8, cb=0x18 | out: lpmodinfo=0x23235e8*(lpBaseOfDll=0xe40000, SizeOfImage=0xe000, EntryPoint=0xe44887)) returned 1 [0091.792] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0091.792] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xe40000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="SkypeHost.exe") returned 0xd [0091.792] CoTaskMemFree (pv=0x54ef10) [0091.792] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0091.792] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xe40000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\\SkypeHost.exe" (normalized: "c:\\program files\\windowsapps\\microsoft.messaging_1.10.22012.0_x86__8wekyb3d8bbwe\\skypehost.exe")) returned 0x5e [0091.792] CoTaskMemFree (pv=0x54ef10) [0091.793] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2325850, cb=0x18 | out: lpmodinfo=0x2325850*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0091.793] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0091.793] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0091.793] CoTaskMemFree (pv=0x552780) [0091.793] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0091.794] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0091.794] CoTaskMemFree (pv=0x54f720) [0091.794] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x23279f8, cb=0x18 | out: lpmodinfo=0x23279f8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0091.795] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0091.795] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0091.795] CoTaskMemFree (pv=0x54d6e0) [0091.795] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0091.795] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0091.796] CoTaskMemFree (pv=0x551760) [0091.796] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2329ba0, cb=0x18 | out: lpmodinfo=0x2329ba0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0091.796] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0091.796] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0091.797] CoTaskMemFree (pv=0x5537a0) [0091.797] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0091.797] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0091.798] CoTaskMemFree (pv=0x551760) [0091.798] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x232bd58, cb=0x18 | out: lpmodinfo=0x232bd58*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0091.798] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0091.798] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0091.799] CoTaskMemFree (pv=0x551760) [0091.799] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0091.799] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0091.800] CoTaskMemFree (pv=0x5547c0) [0091.800] CloseHandle (hObject=0x25c) returned 1 [0091.800] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0091.801] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x107c) returned 0x25c [0091.801] EnumProcessModules (in: hProcess=0x25c, lphModule=0x232e530, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x232e530, lpcbNeeded=0x14ef68) returned 1 [0091.801] GetModuleInformation (in: hProcess=0x25c, hModule=0x340000, lpmodinfo=0x232e7a0, cb=0x18 | out: lpmodinfo=0x232e7a0*(lpBaseOfDll=0x340000, SizeOfImage=0x17000, EntryPoint=0x3414a1)) returned 1 [0091.802] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0091.802] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x340000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="outlook.exe") returned 0xb [0091.802] CoTaskMemFree (pv=0x551760) [0091.802] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0091.802] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x340000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsPowerShell\\outlook.exe" (normalized: "c:\\program files\\windowspowershell\\outlook.exe")) returned 0x2e [0091.803] CoTaskMemFree (pv=0x552f90) [0091.803] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x23309a0, cb=0x18 | out: lpmodinfo=0x23309a0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0091.803] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0091.803] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0091.804] CoTaskMemFree (pv=0x54d6e0) [0091.804] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0091.804] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0091.804] CoTaskMemFree (pv=0x552780) [0091.804] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2332b48, cb=0x18 | out: lpmodinfo=0x2332b48*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0091.805] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0091.805] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0091.805] CoTaskMemFree (pv=0x54ef10) [0091.805] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0091.805] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0091.806] CoTaskMemFree (pv=0x54def0) [0091.806] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2334cf0, cb=0x18 | out: lpmodinfo=0x2334cf0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0091.806] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0091.806] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0091.807] CoTaskMemFree (pv=0x552780) [0091.807] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0091.807] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0091.808] CoTaskMemFree (pv=0x54def0) [0091.808] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x2336ea8, cb=0x18 | out: lpmodinfo=0x2336ea8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0091.808] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0091.808] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0091.809] CoTaskMemFree (pv=0x553fb0) [0091.809] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0091.809] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0091.810] CoTaskMemFree (pv=0x550740) [0091.810] CloseHandle (hObject=0x25c) returned 1 [0091.810] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0091.810] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1140) returned 0x25c [0091.810] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2339680, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2339680, lpcbNeeded=0x14ef68) returned 1 [0091.811] GetModuleInformation (in: hProcess=0x25c, hModule=0xf0000, lpmodinfo=0x23398f0, cb=0x18 | out: lpmodinfo=0x23398f0*(lpBaseOfDll=0xf0000, SizeOfImage=0x17000, EntryPoint=0xf14a1)) returned 1 [0091.811] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0091.811] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xf0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="creditservice.exe") returned 0x11 [0091.812] CoTaskMemFree (pv=0x553fb0) [0091.812] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0091.812] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xf0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Portable Devices\\creditservice.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\creditservice.exe")) returned 0x41 [0091.812] CoTaskMemFree (pv=0x54def0) [0091.812] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x233bb28, cb=0x18 | out: lpmodinfo=0x233bb28*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0091.813] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0091.813] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0091.813] CoTaskMemFree (pv=0x54ef10) [0091.813] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0091.813] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0091.814] CoTaskMemFree (pv=0x54d6e0) [0091.814] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x233dcd0, cb=0x18 | out: lpmodinfo=0x233dcd0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0091.814] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0091.815] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0091.815] CoTaskMemFree (pv=0x54d6e0) [0091.815] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0091.815] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0091.816] CoTaskMemFree (pv=0x553fb0) [0091.816] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x233fe78, cb=0x18 | out: lpmodinfo=0x233fe78*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0091.817] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0091.817] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0091.817] CoTaskMemFree (pv=0x5537a0) [0091.817] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0091.817] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0091.819] CoTaskMemFree (pv=0x5537a0) [0091.819] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x2342030, cb=0x18 | out: lpmodinfo=0x2342030*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0091.820] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0091.820] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0091.820] CoTaskMemFree (pv=0x54ef10) [0091.820] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0091.820] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0091.821] CoTaskMemFree (pv=0x54ff30) [0091.821] CloseHandle (hObject=0x25c) returned 1 [0091.822] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0091.822] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1074) returned 0x25c [0091.822] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2344808, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2344808, lpcbNeeded=0x14ef68) returned 1 [0091.823] GetModuleInformation (in: hProcess=0x25c, hModule=0xf80000, lpmodinfo=0x2344a78, cb=0x18 | out: lpmodinfo=0x2344a78*(lpBaseOfDll=0xf80000, SizeOfImage=0x17000, EntryPoint=0xf814a1)) returned 1 [0091.823] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0091.823] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xf80000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="operamail.exe") returned 0xd [0091.823] CoTaskMemFree (pv=0x54d6e0) [0091.823] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0091.823] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xf80000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Multimedia Platform\\operamail.exe" (normalized: "c:\\program files\\windows multimedia platform\\operamail.exe")) returned 0x3a [0091.824] CoTaskMemFree (pv=0x553fb0) [0091.824] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2346c98, cb=0x18 | out: lpmodinfo=0x2346c98*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0091.824] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0091.824] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0091.825] CoTaskMemFree (pv=0x54def0) [0091.825] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0091.825] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0091.825] CoTaskMemFree (pv=0x54ff30) [0091.825] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2348e40, cb=0x18 | out: lpmodinfo=0x2348e40*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0091.826] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0091.826] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0091.826] CoTaskMemFree (pv=0x5537a0) [0091.826] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0091.826] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0091.827] CoTaskMemFree (pv=0x5537a0) [0091.827] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x234afe8, cb=0x18 | out: lpmodinfo=0x234afe8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0091.828] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0091.828] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0091.828] CoTaskMemFree (pv=0x5547c0) [0091.828] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0091.828] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0091.829] CoTaskMemFree (pv=0x553fb0) [0091.829] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x234d1a0, cb=0x18 | out: lpmodinfo=0x234d1a0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0091.831] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0091.831] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0091.831] CoTaskMemFree (pv=0x552780) [0091.832] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0091.832] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0091.832] CoTaskMemFree (pv=0x550740) [0091.832] CloseHandle (hObject=0x25c) returned 1 [0091.833] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0091.833] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11b4) returned 0x25c [0091.833] EnumProcessModules (in: hProcess=0x25c, lphModule=0x234f978, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x234f978, lpcbNeeded=0x14ef68) returned 1 [0091.834] GetModuleInformation (in: hProcess=0x25c, hModule=0x1240000, lpmodinfo=0x234fbe8, cb=0x18 | out: lpmodinfo=0x234fbe8*(lpBaseOfDll=0x1240000, SizeOfImage=0x17000, EntryPoint=0x12414a1)) returned 1 [0091.834] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0091.834] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x1240000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="utg2.exe") returned 0x8 [0091.834] CoTaskMemFree (pv=0x54ef10) [0091.834] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0091.834] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x1240000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\MSBuild\\utg2.exe" (normalized: "c:\\program files (x86)\\msbuild\\utg2.exe")) returned 0x27 [0091.835] CoTaskMemFree (pv=0x54ff30) [0091.835] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2351dd8, cb=0x18 | out: lpmodinfo=0x2351dd8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0091.835] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0091.835] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0091.836] CoTaskMemFree (pv=0x551760) [0091.836] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0091.836] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0091.836] CoTaskMemFree (pv=0x551f70) [0091.836] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2353f80, cb=0x18 | out: lpmodinfo=0x2353f80*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0091.837] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0091.837] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0091.837] CoTaskMemFree (pv=0x54def0) [0091.837] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0091.837] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0091.838] CoTaskMemFree (pv=0x54def0) [0091.838] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2356128, cb=0x18 | out: lpmodinfo=0x2356128*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0091.839] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0091.839] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0091.839] CoTaskMemFree (pv=0x552f90) [0091.839] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0091.839] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0091.840] CoTaskMemFree (pv=0x54ef10) [0091.840] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x23582e0, cb=0x18 | out: lpmodinfo=0x23582e0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0091.841] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0091.841] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0091.841] CoTaskMemFree (pv=0x54def0) [0091.842] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0091.842] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0091.842] CoTaskMemFree (pv=0x552780) [0091.842] CloseHandle (hObject=0x25c) returned 1 [0091.843] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0091.843] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa00) returned 0x25c [0091.843] EnumProcessModules (in: hProcess=0x25c, lphModule=0x235aab8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x235aab8, lpcbNeeded=0x14ef68) returned 1 [0092.752] EnumProcessModules (in: hProcess=0x25c, lphModule=0x235acd0, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x235acd0, lpcbNeeded=0x14ef68) returned 1 [0093.425] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff764c40000, lpmodinfo=0x235b140, cb=0x18 | out: lpmodinfo=0x235b140*(lpBaseOfDll=0x7ff764c40000, SizeOfImage=0x203000, EntryPoint=0x7ff764ca9e80)) returned 1 [0093.434] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0093.434] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff764c40000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="ShellExperienceHost.exe") returned 0x17 [0093.449] CoTaskMemFree (pv=0x552780) [0093.449] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0093.449] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff764c40000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe" (normalized: "c:\\windows\\systemapps\\shellexperiencehost_cw5n1h2txyewy\\shellexperiencehost.exe")) returned 0x4f [0093.455] CoTaskMemFree (pv=0x551f70) [0093.455] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x235d398, cb=0x18 | out: lpmodinfo=0x235d398*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0093.462] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0093.462] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0093.628] CoTaskMemFree (pv=0x54ef10) [0093.628] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0093.628] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0093.640] CoTaskMemFree (pv=0x54f720) [0093.640] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x235f540, cb=0x18 | out: lpmodinfo=0x235f540*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0093.648] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0093.648] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0093.693] CoTaskMemFree (pv=0x550740) [0093.693] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0093.693] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0093.720] CoTaskMemFree (pv=0x54e700) [0093.720] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x23616f8, cb=0x18 | out: lpmodinfo=0x23616f8*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0093.781] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0093.782] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0093.802] CoTaskMemFree (pv=0x54ef10) [0093.802] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0093.802] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0093.834] CoTaskMemFree (pv=0x54f720) [0093.834] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x23638b0, cb=0x18 | out: lpmodinfo=0x23638b0*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0093.941] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0093.941] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0093.959] CoTaskMemFree (pv=0x54ff30) [0093.959] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0093.959] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0094.022] CoTaskMemFree (pv=0x552780) [0094.022] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x2365ab0, cb=0x18 | out: lpmodinfo=0x2365ab0*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0094.071] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0094.071] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0094.094] CoTaskMemFree (pv=0x54f720) [0094.094] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0094.094] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0094.166] CoTaskMemFree (pv=0x552f90) [0094.166] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x2367c58, cb=0x18 | out: lpmodinfo=0x2367c58*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0094.187] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0094.187] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0094.250] CoTaskMemFree (pv=0x54d6e0) [0094.250] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0094.251] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0094.317] CoTaskMemFree (pv=0x54def0) [0094.317] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x2369e00, cb=0x18 | out: lpmodinfo=0x2369e00*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0094.396] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0094.396] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0094.415] CoTaskMemFree (pv=0x551f70) [0094.415] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0094.415] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0094.480] CoTaskMemFree (pv=0x550f50) [0094.480] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpmodinfo=0x236bfd8, cb=0x18 | out: lpmodinfo=0x236bfd8*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0094.551] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0094.551] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0094.622] CoTaskMemFree (pv=0x551f70) [0094.622] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0094.622] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0094.738] CoTaskMemFree (pv=0x550740) [0094.738] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x236e218, cb=0x18 | out: lpmodinfo=0x236e218*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0094.799] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0094.799] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0094.859] CoTaskMemFree (pv=0x551f70) [0094.859] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0094.859] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0094.953] CoTaskMemFree (pv=0x54ff30) [0094.953] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x23703c0, cb=0x18 | out: lpmodinfo=0x23703c0*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0094.981] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0094.981] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0095.047] CoTaskMemFree (pv=0x553fb0) [0095.047] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0095.047] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0095.155] CoTaskMemFree (pv=0x551f70) [0095.155] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x2372568, cb=0x18 | out: lpmodinfo=0x2372568*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0095.181] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0095.181] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0095.302] CoTaskMemFree (pv=0x550f50) [0095.302] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0095.302] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0095.332] CoTaskMemFree (pv=0x553fb0) [0095.332] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff877bb0000, lpmodinfo=0x2374710, cb=0x18 | out: lpmodinfo=0x2374710*(lpBaseOfDll=0x7ff877bb0000, SizeOfImage=0x6a000, EntryPoint=0x7ff877bb9d60)) returned 1 [0095.451] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0095.451] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff877bb0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="wincorlib.DLL") returned 0xd [0095.482] CoTaskMemFree (pv=0x551f70) [0095.482] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0095.482] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff877bb0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wincorlib.DLL" (normalized: "c:\\windows\\system32\\wincorlib.dll")) returned 0x21 [0095.565] CoTaskMemFree (pv=0x550740) [0095.565] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x23768c8, cb=0x18 | out: lpmodinfo=0x23768c8*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0095.653] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0095.653] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0095.748] CoTaskMemFree (pv=0x552780) [0095.748] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0095.748] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0095.823] CoTaskMemFree (pv=0x54f720) [0095.823] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpmodinfo=0x2378a80, cb=0x18 | out: lpmodinfo=0x2378a80*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0096.013] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0096.013] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0096.098] CoTaskMemFree (pv=0x553fb0) [0096.098] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0096.098] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0096.171] CoTaskMemFree (pv=0x54def0) [0096.171] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x237ac28, cb=0x18 | out: lpmodinfo=0x237ac28*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0096.286] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0096.286] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0096.363] CoTaskMemFree (pv=0x551760) [0096.363] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0096.363] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0096.510] CoTaskMemFree (pv=0x5537a0) [0096.510] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8769b0000, lpmodinfo=0x237cdf0, cb=0x18 | out: lpmodinfo=0x237cdf0*(lpBaseOfDll=0x7ff8769b0000, SizeOfImage=0x1039000, EntryPoint=0x7ff876dcb6f0)) returned 1 [0096.548] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0096.548] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8769b0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="Windows.UI.Xaml.dll") returned 0x13 [0096.679] CoTaskMemFree (pv=0x551f70) [0096.680] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0096.680] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8769b0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.Xaml.dll" (normalized: "c:\\windows\\system32\\windows.ui.xaml.dll")) returned 0x27 [0096.827] CoTaskMemFree (pv=0x551760) [0096.827] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff876870000, lpmodinfo=0x237f0d0, cb=0x18 | out: lpmodinfo=0x237f0d0*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0096.932] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0096.932] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff876870000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0097.023] CoTaskMemFree (pv=0x550f50) [0097.023] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0097.023] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff876870000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0097.466] CoTaskMemFree (pv=0x54def0) [0097.466] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpmodinfo=0x2381288, cb=0x18 | out: lpmodinfo=0x2381288*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0097.558] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0097.558] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="CoreMessaging.dll") returned 0x11 [0097.694] CoTaskMemFree (pv=0x54f720) [0097.694] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0097.694] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0097.823] CoTaskMemFree (pv=0x54d6e0) [0097.823] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a130000, lpmodinfo=0x2383450, cb=0x18 | out: lpmodinfo=0x2383450*(lpBaseOfDll=0x7ff87a130000, SizeOfImage=0x67000, EntryPoint=0x7ff87a14e710)) returned 1 [0097.916] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0097.916] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a130000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="Bcp47Langs.dll") returned 0xe [0098.110] CoTaskMemFree (pv=0x54ff30) [0098.110] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0098.110] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a130000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Bcp47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")) returned 0x22 [0098.268] CoTaskMemFree (pv=0x551760) [0098.269] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpmodinfo=0x2385608, cb=0x18 | out: lpmodinfo=0x2385608*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0098.336] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0098.336] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0098.508] CoTaskMemFree (pv=0x54def0) [0098.508] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0098.508] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0098.686] CoTaskMemFree (pv=0x54f720) [0098.686] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x23877c0, cb=0x18 | out: lpmodinfo=0x23877c0*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0098.850] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0098.850] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0099.069] CoTaskMemFree (pv=0x54def0) [0099.069] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0099.069] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0099.181] CoTaskMemFree (pv=0x54ef10) [0099.181] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c760000, lpmodinfo=0x2389968, cb=0x18 | out: lpmodinfo=0x2389968*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0099.302] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0099.302] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0099.699] CoTaskMemFree (pv=0x54d6e0) [0099.699] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0099.699] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0099.948] CoTaskMemFree (pv=0x550740) [0099.948] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x238bb30, cb=0x18 | out: lpmodinfo=0x238bb30*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0100.133] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0100.133] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0100.317] CoTaskMemFree (pv=0x54e700) [0100.317] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0100.317] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0100.484] CoTaskMemFree (pv=0x5547c0) [0100.484] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x238dce8, cb=0x18 | out: lpmodinfo=0x238dce8*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0100.699] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0100.699] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0100.870] CoTaskMemFree (pv=0x54f720) [0100.870] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0100.870] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0101.137] CoTaskMemFree (pv=0x54def0) [0101.137] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpmodinfo=0x238fea0, cb=0x18 | out: lpmodinfo=0x238fea0*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0101.309] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0101.309] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0101.466] CoTaskMemFree (pv=0x5537a0) [0101.466] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0101.466] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0101.605] CoTaskMemFree (pv=0x54def0) [0101.605] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x2392048, cb=0x18 | out: lpmodinfo=0x2392048*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0101.941] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0101.941] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0102.116] CoTaskMemFree (pv=0x550740) [0102.116] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0102.116] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0102.251] CoTaskMemFree (pv=0x5537a0) [0102.251] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x2394200, cb=0x18 | out: lpmodinfo=0x2394200*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0102.482] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0102.482] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0102.627] CoTaskMemFree (pv=0x552f90) [0102.627] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0102.628] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0102.734] CoTaskMemFree (pv=0x54ff30) [0102.734] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpmodinfo=0x23963a8, cb=0x18 | out: lpmodinfo=0x23963a8*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0102.924] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0102.924] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0103.144] CoTaskMemFree (pv=0x5547c0) [0103.144] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0103.144] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0103.363] CoTaskMemFree (pv=0x54d6e0) [0103.363] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x2398570, cb=0x18 | out: lpmodinfo=0x2398570*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0103.557] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0103.557] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0103.702] CoTaskMemFree (pv=0x54f720) [0103.702] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0103.702] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0103.898] CoTaskMemFree (pv=0x54f720) [0103.898] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879c90000, lpmodinfo=0x239a718, cb=0x18 | out: lpmodinfo=0x239a718*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0104.051] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0104.051] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0104.251] CoTaskMemFree (pv=0x5547c0) [0104.251] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0104.251] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0104.436] CoTaskMemFree (pv=0x5547c0) [0104.436] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87af40000, lpmodinfo=0x239c8d0, cb=0x18 | out: lpmodinfo=0x239c8d0*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0104.640] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0104.640] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0104.813] CoTaskMemFree (pv=0x54ef10) [0104.813] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0104.813] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0104.956] CoTaskMemFree (pv=0x54d6e0) [0104.956] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a590000, lpmodinfo=0x239ea78, cb=0x18 | out: lpmodinfo=0x239ea78*(lpBaseOfDll=0x7ff87a590000, SizeOfImage=0x22000, EntryPoint=0x7ff87a591a40)) returned 1 [0105.254] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0105.254] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a590000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0105.661] CoTaskMemFree (pv=0x550f50) [0105.661] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0105.661] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a590000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0105.810] CoTaskMemFree (pv=0x54e700) [0105.810] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a230000, lpmodinfo=0x23a0e38, cb=0x18 | out: lpmodinfo=0x23a0e38*(lpBaseOfDll=0x7ff87a230000, SizeOfImage=0xa2000, EntryPoint=0x7ff87a250a40)) returned 1 [0106.003] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0106.003] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a230000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="dxgi.dll") returned 0x8 [0106.220] CoTaskMemFree (pv=0x5537a0) [0106.220] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0106.220] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a230000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")) returned 0x1c [0106.488] CoTaskMemFree (pv=0x54def0) [0106.488] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86b510000, lpmodinfo=0x23a2fe0, cb=0x18 | out: lpmodinfo=0x23a2fe0*(lpBaseOfDll=0x7ff86b510000, SizeOfImage=0x896000, EntryPoint=0x7ff86b69e200)) returned 1 [0106.777] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0106.777] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86b510000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="StartUI.dll") returned 0xb [0106.958] CoTaskMemFree (pv=0x551f70) [0106.959] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0106.959] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86b510000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\StartUI.dll" (normalized: "c:\\windows\\systemapps\\shellexperiencehost_cw5n1h2txyewy\\startui.dll")) returned 0x43 [0107.085] CoTaskMemFree (pv=0x550740) [0107.085] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d650000, lpmodinfo=0x23a51d0, cb=0x18 | out: lpmodinfo=0x23a51d0*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0107.407] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0107.407] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d650000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0107.670] CoTaskMemFree (pv=0x5547c0) [0107.670] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0107.670] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d650000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0108.126] CoTaskMemFree (pv=0x552f90) [0108.126] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8740b0000, lpmodinfo=0x23a7378, cb=0x18 | out: lpmodinfo=0x23a7378*(lpBaseOfDll=0x7ff8740b0000, SizeOfImage=0x4b000, EntryPoint=0x7ff8740c7b70)) returned 1 [0108.416] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0108.416] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8740b0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="VEEventDispatcher.dll") returned 0x15 [0108.521] CoTaskMemFree (pv=0x550f50) [0108.521] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0108.521] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8740b0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll")) returned 0x29 [0108.636] CoTaskMemFree (pv=0x550f50) [0108.636] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff877aa0000, lpmodinfo=0x23a9550, cb=0x18 | out: lpmodinfo=0x23a9550*(lpBaseOfDll=0x7ff877aa0000, SizeOfImage=0x10e000, EntryPoint=0x7ff877aeeaa0)) returned 1 [0108.757] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0108.757] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff877aa0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="MrmCoreR.dll") returned 0xc [0108.873] CoTaskMemFree (pv=0x552780) [0108.873] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0108.873] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff877aa0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")) returned 0x20 [0109.122] CoTaskMemFree (pv=0x5537a0) [0109.122] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878e80000, lpmodinfo=0x23ab708, cb=0x18 | out: lpmodinfo=0x23ab708*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0109.226] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0109.226] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878e80000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0109.332] CoTaskMemFree (pv=0x550f50) [0109.332] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0109.332] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878e80000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0109.471] CoTaskMemFree (pv=0x54ef10) [0109.471] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86b4f0000, lpmodinfo=0x23ad8d0, cb=0x18 | out: lpmodinfo=0x23ad8d0*(lpBaseOfDll=0x7ff86b4f0000, SizeOfImage=0x1a000, EntryPoint=0x7ff86b4f4070)) returned 1 [0109.594] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0109.594] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86b4f0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="Windows.UI.Shell.SharedUtilities.dll") returned 0x24 [0109.724] CoTaskMemFree (pv=0x54f720) [0109.724] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0109.724] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86b4f0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\Windows.UI.Shell.SharedUtilities.dll" (normalized: "c:\\windows\\systemapps\\shellexperiencehost_cw5n1h2txyewy\\windows.ui.shell.sharedutilities.dll")) returned 0x5c [0109.891] CoTaskMemFree (pv=0x552f90) [0109.891] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86b470000, lpmodinfo=0x23afb30, cb=0x18 | out: lpmodinfo=0x23afb30*(lpBaseOfDll=0x7ff86b470000, SizeOfImage=0x76000, EntryPoint=0x7ff86b482320)) returned 1 [0109.997] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0109.997] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86b470000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="QuickActions.dll") returned 0x10 [0110.149] CoTaskMemFree (pv=0x5547c0) [0110.149] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0110.149] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86b470000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\QuickActions.dll" (normalized: "c:\\windows\\systemapps\\shellexperiencehost_cw5n1h2txyewy\\quickactions.dll")) returned 0x48 [0110.268] CoTaskMemFree (pv=0x551760) [0110.269] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86b1c0000, lpmodinfo=0x23b1d40, cb=0x18 | out: lpmodinfo=0x23b1d40*(lpBaseOfDll=0x7ff86b1c0000, SizeOfImage=0x2ae000, EntryPoint=0x7ff86b22ee20)) returned 1 [0110.433] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0110.433] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86b1c0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="Windows.UI.ActionCenter.dll") returned 0x1b [0110.556] CoTaskMemFree (pv=0x54def0) [0110.556] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0110.556] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86b1c0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\Windows.UI.ActionCenter.dll" (normalized: "c:\\windows\\systemapps\\shellexperiencehost_cw5n1h2txyewy\\windows.ui.actioncenter.dll")) returned 0x53 [0110.658] CoTaskMemFree (pv=0x54f720) [0110.658] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86b180000, lpmodinfo=0x23b3f70, cb=0x18 | out: lpmodinfo=0x23b3f70*(lpBaseOfDll=0x7ff86b180000, SizeOfImage=0x39000, EntryPoint=0x7ff86b18e660)) returned 1 [0110.781] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0110.781] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86b180000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="QuickActionsDataModel.dll") returned 0x19 [0110.934] CoTaskMemFree (pv=0x551f70) [0110.934] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0110.934] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86b180000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\QuickActionsDataModel.dll" (normalized: "c:\\windows\\system32\\quickactionsdatamodel.dll")) returned 0x2d [0111.129] CoTaskMemFree (pv=0x5537a0) [0111.130] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8779f0000, lpmodinfo=0x23b6158, cb=0x18 | out: lpmodinfo=0x23b6158*(lpBaseOfDll=0x7ff8779f0000, SizeOfImage=0xa9000, EntryPoint=0x7ff877a19010)) returned 1 [0111.202] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0111.202] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8779f0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="Windows.UI.dll") returned 0xe [0111.230] CoTaskMemFree (pv=0x54ff30) [0111.230] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0111.230] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8779f0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll")) returned 0x22 [0111.252] CoTaskMemFree (pv=0x551760) [0111.252] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874220000, lpmodinfo=0x23b8310, cb=0x18 | out: lpmodinfo=0x23b8310*(lpBaseOfDll=0x7ff874220000, SizeOfImage=0x288000, EntryPoint=0x7ff87427f670)) returned 1 [0111.273] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0111.273] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874220000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="CoreUIComponents.dll") returned 0x14 [0111.365] CoTaskMemFree (pv=0x54ff30) [0111.365] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0111.365] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874220000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll")) returned 0x28 [0111.412] CoTaskMemFree (pv=0x54d6e0) [0111.413] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a2e0000, lpmodinfo=0x23ba4e8, cb=0x18 | out: lpmodinfo=0x23ba4e8*(lpBaseOfDll=0x7ff87a2e0000, SizeOfImage=0x2a8000, EntryPoint=0x7ff87a373250)) returned 1 [0111.433] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0111.433] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a2e0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="d3d11.dll") returned 0x9 [0111.465] CoTaskMemFree (pv=0x551760) [0111.465] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0111.465] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a2e0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll")) returned 0x1d [0111.488] CoTaskMemFree (pv=0x54f720) [0111.488] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879580000, lpmodinfo=0x23bc690, cb=0x18 | out: lpmodinfo=0x23bc690*(lpBaseOfDll=0x7ff879580000, SizeOfImage=0x26f000, EntryPoint=0x7ff8796322b0)) returned 1 [0111.510] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0111.510] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879580000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="d3d10warp.dll") returned 0xd [0111.530] CoTaskMemFree (pv=0x550f50) [0111.530] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0111.530] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879580000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll")) returned 0x21 [0111.551] CoTaskMemFree (pv=0x54def0) [0111.551] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879030000, lpmodinfo=0x23be848, cb=0x18 | out: lpmodinfo=0x23be848*(lpBaseOfDll=0x7ff879030000, SizeOfImage=0x545000, EntryPoint=0x7ff8791ca450)) returned 1 [0111.577] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0111.577] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879030000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="d2d1.dll") returned 0x8 [0111.599] CoTaskMemFree (pv=0x54e700) [0111.599] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0111.599] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879030000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll")) returned 0x1c [0111.621] CoTaskMemFree (pv=0x5547c0) [0111.621] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a6a0000, lpmodinfo=0x23c09f0, cb=0x18 | out: lpmodinfo=0x23c09f0*(lpBaseOfDll=0x7ff87a6a0000, SizeOfImage=0xe3000, EntryPoint=0x7ff87a6d7da0)) returned 1 [0111.642] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0111.642] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a6a0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="dcomp.dll") returned 0x9 [0111.665] CoTaskMemFree (pv=0x54ff30) [0111.665] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0111.665] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a6a0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll")) returned 0x1d [0111.687] CoTaskMemFree (pv=0x54ef10) [0111.687] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fbb0000, lpmodinfo=0x23c2b98, cb=0x18 | out: lpmodinfo=0x23c2b98*(lpBaseOfDll=0x7ff87fbb0000, SizeOfImage=0x15a000, EntryPoint=0x7ff87fbf38e0)) returned 1 [0111.709] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0111.709] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fbb0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0111.740] CoTaskMemFree (pv=0x550740) [0111.741] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0111.741] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fbb0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0111.771] CoTaskMemFree (pv=0x5537a0) [0111.771] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86e390000, lpmodinfo=0x23c4d40, cb=0x18 | out: lpmodinfo=0x23c4d40*(lpBaseOfDll=0x7ff86e390000, SizeOfImage=0x4a000, EntryPoint=0x7ff86e395800)) returned 1 [0111.844] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0111.844] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86e390000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="DataExchange.dll") returned 0x10 [0111.883] CoTaskMemFree (pv=0x552f90) [0111.883] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0111.883] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86e390000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll")) returned 0x24 [0111.906] CoTaskMemFree (pv=0x551f70) [0111.906] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c060000, lpmodinfo=0x23c6f08, cb=0x18 | out: lpmodinfo=0x23c6f08*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0111.930] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0111.930] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0111.954] CoTaskMemFree (pv=0x54ff30) [0111.954] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0111.954] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0111.979] CoTaskMemFree (pv=0x54def0) [0111.979] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875f30000, lpmodinfo=0x23c90c0, cb=0x18 | out: lpmodinfo=0x23c90c0*(lpBaseOfDll=0x7ff875f30000, SizeOfImage=0x185000, EntryPoint=0x7ff875f76180)) returned 1 [0112.002] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0112.002] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875f30000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="Windows.Globalization.dll") returned 0x19 [0112.027] CoTaskMemFree (pv=0x552f90) [0112.027] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0112.027] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875f30000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Globalization.dll" (normalized: "c:\\windows\\system32\\windows.globalization.dll")) returned 0x2d [0112.051] CoTaskMemFree (pv=0x54f720) [0112.051] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86b060000, lpmodinfo=0x23cb2a8, cb=0x18 | out: lpmodinfo=0x23cb2a8*(lpBaseOfDll=0x7ff86b060000, SizeOfImage=0x48000, EntryPoint=0x7ff86b06a430)) returned 1 [0112.076] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0112.076] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86b060000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="NotificationObjFactory.dll") returned 0x1a [0112.100] CoTaskMemFree (pv=0x54ff30) [0112.100] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0112.100] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86b060000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NotificationObjFactory.dll" (normalized: "c:\\windows\\system32\\notificationobjfactory.dll")) returned 0x2e [0112.128] CoTaskMemFree (pv=0x553fb0) [0112.128] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870840000, lpmodinfo=0x23cd490, cb=0x18 | out: lpmodinfo=0x23cd490*(lpBaseOfDll=0x7ff870840000, SizeOfImage=0x1b8000, EntryPoint=0x7ff8708ae630)) returned 1 [0112.159] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0112.159] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870840000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="urlmon.dll") returned 0xa [0112.202] CoTaskMemFree (pv=0x553fb0) [0112.202] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0112.202] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870840000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")) returned 0x1e [0112.239] CoTaskMemFree (pv=0x551f70) [0112.239] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8760c0000, lpmodinfo=0x23cf638, cb=0x18 | out: lpmodinfo=0x23cf638*(lpBaseOfDll=0x7ff8760c0000, SizeOfImage=0x260000, EntryPoint=0x7ff87616b5b0)) returned 1 [0112.264] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0112.264] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8760c0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="dwrite.dll") returned 0xa [0112.291] CoTaskMemFree (pv=0x552780) [0112.291] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0112.291] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8760c0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dwrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll")) returned 0x1e [0112.319] CoTaskMemFree (pv=0x551f70) [0112.319] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8736c0000, lpmodinfo=0x23d17e0, cb=0x18 | out: lpmodinfo=0x23d17e0*(lpBaseOfDll=0x7ff8736c0000, SizeOfImage=0x2a3000, EntryPoint=0x7ff8736e6190)) returned 1 [0112.349] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0112.349] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8736c0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="Windows.StateRepository.dll") returned 0x1b [0112.390] CoTaskMemFree (pv=0x550f50) [0112.390] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0112.390] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8736c0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")) returned 0x2f [0112.416] CoTaskMemFree (pv=0x552780) [0112.416] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873620000, lpmodinfo=0x23d39c8, cb=0x18 | out: lpmodinfo=0x23d39c8*(lpBaseOfDll=0x7ff873620000, SizeOfImage=0x94000, EntryPoint=0x7ff873659210)) returned 1 [0112.442] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0112.442] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873620000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="StateRepository.Core.dll") returned 0x18 [0112.505] CoTaskMemFree (pv=0x550f50) [0112.505] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0112.505] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873620000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")) returned 0x2c [0112.533] CoTaskMemFree (pv=0x552f90) [0112.533] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86a2e0000, lpmodinfo=0x23d5bb0, cb=0x18 | out: lpmodinfo=0x23d5bb0*(lpBaseOfDll=0x7ff86a2e0000, SizeOfImage=0x18000, EntryPoint=0x7ff86a2e3a50)) returned 1 [0112.559] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0112.559] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86a2e0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="Windows.Globalization.Fontgroups.dll") returned 0x24 [0112.588] CoTaskMemFree (pv=0x54e700) [0112.588] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0112.588] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86a2e0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Globalization.Fontgroups.dll" (normalized: "c:\\windows\\system32\\windows.globalization.fontgroups.dll")) returned 0x38 [0112.615] CoTaskMemFree (pv=0x54d6e0) [0112.615] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86a2d0000, lpmodinfo=0x23d7dc8, cb=0x18 | out: lpmodinfo=0x23d7dc8*(lpBaseOfDll=0x7ff86a2d0000, SizeOfImage=0xa000, EntryPoint=0x7ff86a2d1150)) returned 1 [0112.642] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0112.642] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86a2d0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="fontgroupsoverride.dll") returned 0x16 [0112.671] CoTaskMemFree (pv=0x54ef10) [0112.671] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0112.671] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86a2d0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\fontgroupsoverride.dll" (normalized: "c:\\windows\\system32\\fontgroupsoverride.dll")) returned 0x2a [0112.697] CoTaskMemFree (pv=0x552f90) [0112.697] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c060000, lpmodinfo=0x23d9fa0, cb=0x18 | out: lpmodinfo=0x23d9fa0*(lpBaseOfDll=0x7ff86c060000, SizeOfImage=0x55000, EntryPoint=0x7ff86c071250)) returned 1 [0112.724] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0112.724] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c060000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="Windows.Storage.ApplicationData.dll") returned 0x23 [0112.751] CoTaskMemFree (pv=0x553fb0) [0112.751] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0112.751] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c060000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll" (normalized: "c:\\windows\\system32\\windows.storage.applicationdata.dll")) returned 0x37 [0112.780] CoTaskMemFree (pv=0x550740) [0112.780] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpmodinfo=0x23dc1a8, cb=0x18 | out: lpmodinfo=0x23dc1a8*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0112.808] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0112.808] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0112.836] CoTaskMemFree (pv=0x550f50) [0112.836] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0112.836] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0112.865] CoTaskMemFree (pv=0x551760) [0112.865] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86a270000, lpmodinfo=0x23de350, cb=0x18 | out: lpmodinfo=0x23de350*(lpBaseOfDll=0x7ff86a270000, SizeOfImage=0x5f000, EntryPoint=0x7ff86a281560)) returned 1 [0112.894] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0112.894] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86a270000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="Windows.Graphics.dll") returned 0x14 [0112.923] CoTaskMemFree (pv=0x550f50) [0112.923] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0112.923] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86a270000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Graphics.dll" (normalized: "c:\\windows\\system32\\windows.graphics.dll")) returned 0x28 [0112.952] CoTaskMemFree (pv=0x54ff30) [0112.952] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8751b0000, lpmodinfo=0x23e0528, cb=0x18 | out: lpmodinfo=0x23e0528*(lpBaseOfDll=0x7ff8751b0000, SizeOfImage=0x15000, EntryPoint=0x7ff8751b6430)) returned 1 [0112.982] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0112.982] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8751b0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="threadpoolwinrt.dll") returned 0x13 [0113.012] CoTaskMemFree (pv=0x550740) [0113.012] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0113.012] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8751b0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\threadpoolwinrt.dll" (normalized: "c:\\windows\\system32\\threadpoolwinrt.dll")) returned 0x27 [0113.040] CoTaskMemFree (pv=0x54ff30) [0113.040] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f290000, lpmodinfo=0x23e26f0, cb=0x18 | out: lpmodinfo=0x23e26f0*(lpBaseOfDll=0x7ff86f290000, SizeOfImage=0xb1000, EntryPoint=0x7ff86f2a08f0)) returned 1 [0113.069] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0113.069] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f290000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="twinapi.dll") returned 0xb [0113.099] CoTaskMemFree (pv=0x54ef10) [0113.099] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0113.099] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f290000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll")) returned 0x1f [0113.130] CoTaskMemFree (pv=0x551760) [0113.130] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c340000, lpmodinfo=0x23e4cb0, cb=0x18 | out: lpmodinfo=0x23e4cb0*(lpBaseOfDll=0x7ff86c340000, SizeOfImage=0xb4000, EntryPoint=0x7ff86c3553b0)) returned 1 [0113.159] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0113.159] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c340000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="Windows.Internal.Shell.Broker.dll") returned 0x21 [0113.192] CoTaskMemFree (pv=0x54d6e0) [0113.192] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0113.192] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c340000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Windows.Internal.Shell.Broker.dll" (normalized: "c:\\windows\\system32\\windows.internal.shell.broker.dll")) returned 0x35 [0113.229] CoTaskMemFree (pv=0x5537a0) [0113.229] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpmodinfo=0x23e6eb8, cb=0x18 | out: lpmodinfo=0x23e6eb8*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0113.258] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0113.259] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0113.291] CoTaskMemFree (pv=0x551760) [0113.291] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0113.291] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0113.321] CoTaskMemFree (pv=0x54f720) [0113.321] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x23e9060, cb=0x18 | out: lpmodinfo=0x23e9060*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0113.352] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0113.352] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0113.395] CoTaskMemFree (pv=0x550740) [0113.395] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0113.395] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0113.425] CoTaskMemFree (pv=0x54f720) [0113.425] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpmodinfo=0x23eb208, cb=0x18 | out: lpmodinfo=0x23eb208*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0113.457] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0113.457] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0113.489] CoTaskMemFree (pv=0x552780) [0113.489] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0113.489] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0113.520] CoTaskMemFree (pv=0x552f90) [0113.520] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff60eb50000, lpmodinfo=0x23ed3c0, cb=0x18 | out: lpmodinfo=0x23ed3c0*(lpBaseOfDll=0x7ff60eb50000, SizeOfImage=0x7cc000, EntryPoint=0x0)) returned 1 [0113.552] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0113.552] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff60eb50000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="ntoskrnl.exe") returned 0xc [0113.585] CoTaskMemFree (pv=0x54def0) [0113.585] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0113.585] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff60eb50000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntoskrnl.exe" (normalized: "c:\\windows\\system32\\ntoskrnl.exe")) returned 0x20 [0113.617] CoTaskMemFree (pv=0x551f70) [0113.617] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ad80000, lpmodinfo=0x23ef578, cb=0x18 | out: lpmodinfo=0x23ef578*(lpBaseOfDll=0x7ff87ad80000, SizeOfImage=0x25000, EntryPoint=0x7ff87ad95220)) returned 1 [0113.648] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0113.648] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ad80000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="SLC.dll") returned 0x7 [0113.788] CoTaskMemFree (pv=0x5537a0) [0113.788] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0113.788] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ad80000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SLC.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0113.821] CoTaskMemFree (pv=0x5547c0) [0113.821] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ad20000, lpmodinfo=0x23f1710, cb=0x18 | out: lpmodinfo=0x23f1710*(lpBaseOfDll=0x7ff87ad20000, SizeOfImage=0x25000, EntryPoint=0x7ff87ad22300)) returned 1 [0113.851] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0113.851] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ad20000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="sppc.dll") returned 0x8 [0113.885] CoTaskMemFree (pv=0x551f70) [0113.885] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0113.885] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ad20000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll")) returned 0x1c [0113.918] CoTaskMemFree (pv=0x54e700) [0113.918] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878830000, lpmodinfo=0x23f38b8, cb=0x18 | out: lpmodinfo=0x23f38b8*(lpBaseOfDll=0x7ff878830000, SizeOfImage=0x55000, EntryPoint=0x7ff878833fb0)) returned 1 [0113.949] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0113.949] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878830000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="policymanager.dll") returned 0x11 [0113.983] CoTaskMemFree (pv=0x552780) [0113.983] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0113.983] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878830000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")) returned 0x25 [0114.015] CoTaskMemFree (pv=0x54def0) [0114.015] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86dea0000, lpmodinfo=0x23f5a80, cb=0x18 | out: lpmodinfo=0x23f5a80*(lpBaseOfDll=0x7ff86dea0000, SizeOfImage=0x50000, EntryPoint=0x7ff86dea2580)) returned 1 [0114.048] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0114.048] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86dea0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="edputil.dll") returned 0xb [0114.097] CoTaskMemFree (pv=0x5547c0) [0114.097] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0114.097] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86dea0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll")) returned 0x1f [0114.132] CoTaskMemFree (pv=0x54e700) [0114.132] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875ea0000, lpmodinfo=0x23f7c28, cb=0x18 | out: lpmodinfo=0x23f7c28*(lpBaseOfDll=0x7ff875ea0000, SizeOfImage=0x8b000, EntryPoint=0x7ff875ed3660)) returned 1 [0114.167] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0114.167] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875ea0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="directmanipulation.dll") returned 0x16 [0114.202] CoTaskMemFree (pv=0x54ff30) [0114.202] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0114.202] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875ea0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\directmanipulation.dll" (normalized: "c:\\windows\\system32\\directmanipulation.dll")) returned 0x2a [0114.246] CoTaskMemFree (pv=0x54d6e0) [0114.246] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879920000, lpmodinfo=0x23f9e00, cb=0x18 | out: lpmodinfo=0x23f9e00*(lpBaseOfDll=0x7ff879920000, SizeOfImage=0x1b1000, EntryPoint=0x7ff8799b61a0)) returned 1 [0114.283] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0114.283] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879920000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="windowscodecs.dll") returned 0x11 [0114.316] CoTaskMemFree (pv=0x552780) [0114.316] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0114.316] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879920000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windowscodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")) returned 0x25 [0114.350] CoTaskMemFree (pv=0x54ef10) [0114.350] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpmodinfo=0x23fbfc8, cb=0x18 | out: lpmodinfo=0x23fbfc8*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0114.423] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0114.423] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="winsta.dll") returned 0xa [0114.456] CoTaskMemFree (pv=0x550740) [0114.456] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0114.457] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0114.493] CoTaskMemFree (pv=0x54e700) [0114.493] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c4f0000, lpmodinfo=0x23fe170, cb=0x18 | out: lpmodinfo=0x23fe170*(lpBaseOfDll=0x7ff86c4f0000, SizeOfImage=0xc000, EntryPoint=0x7ff86c4f14b0)) returned 1 [0114.527] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0114.527] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c4f0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="NotificationControllerPS.dll") returned 0x1c [0114.561] CoTaskMemFree (pv=0x54e700) [0114.561] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0114.561] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c4f0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NotificationControllerPS.dll" (normalized: "c:\\windows\\system32\\notificationcontrollerps.dll")) returned 0x30 [0114.600] CoTaskMemFree (pv=0x551f70) [0114.600] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8757e0000, lpmodinfo=0x2400368, cb=0x18 | out: lpmodinfo=0x2400368*(lpBaseOfDll=0x7ff8757e0000, SizeOfImage=0x73000, EntryPoint=0x7ff8757e45c0)) returned 1 [0114.635] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0114.635] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8757e0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="RTMediaFrame.dll") returned 0x10 [0114.673] CoTaskMemFree (pv=0x551f70) [0114.673] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0114.673] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8757e0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RTMediaFrame.dll" (normalized: "c:\\windows\\system32\\rtmediaframe.dll")) returned 0x24 [0114.708] CoTaskMemFree (pv=0x54def0) [0114.708] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8756b0000, lpmodinfo=0x2402530, cb=0x18 | out: lpmodinfo=0x2402530*(lpBaseOfDll=0x7ff8756b0000, SizeOfImage=0x44000, EntryPoint=0x7ff8756d78b0)) returned 1 [0114.744] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0114.744] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8756b0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="ContentDeliveryManager.Utilities.dll") returned 0x24 [0114.896] CoTaskMemFree (pv=0x5547c0) [0114.896] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0114.896] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8756b0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll" (normalized: "c:\\windows\\system32\\contentdeliverymanager.utilities.dll")) returned 0x38 [0114.932] CoTaskMemFree (pv=0x550f50) [0114.932] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878510000, lpmodinfo=0x2404748, cb=0x18 | out: lpmodinfo=0x2404748*(lpBaseOfDll=0x7ff878510000, SizeOfImage=0x3e000, EntryPoint=0x7ff87851a050)) returned 1 [0114.968] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0114.968] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878510000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="logoncli.dll") returned 0xc [0115.006] CoTaskMemFree (pv=0x551760) [0115.006] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.006] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878510000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")) returned 0x20 [0115.043] CoTaskMemFree (pv=0x551f70) [0115.044] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86a0d0000, lpmodinfo=0x2406900, cb=0x18 | out: lpmodinfo=0x2406900*(lpBaseOfDll=0x7ff86a0d0000, SizeOfImage=0x34000, EntryPoint=0x7ff86a0e94e0)) returned 1 [0115.080] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0115.080] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86a0d0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="PersonaX.dll") returned 0xc [0115.117] CoTaskMemFree (pv=0x550740) [0115.117] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.117] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86a0d0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PersonaX.dll" (normalized: "c:\\windows\\system32\\personax.dll")) returned 0x20 [0115.155] CoTaskMemFree (pv=0x551760) [0115.156] CloseHandle (hObject=0x25c) returned 1 [0115.158] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0115.158] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfac) returned 0x25c [0115.159] EnumProcessModules (in: hProcess=0x25c, lphModule=0x240aaf8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x240aaf8, lpcbNeeded=0x14ef68) returned 1 [0115.159] GetModuleInformation (in: hProcess=0x25c, hModule=0x13e0000, lpmodinfo=0x240ad68, cb=0x18 | out: lpmodinfo=0x240ad68*(lpBaseOfDll=0x13e0000, SizeOfImage=0x17000, EntryPoint=0x13e14a1)) returned 1 [0115.160] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.160] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x13e0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="soon positive.exe") returned 0x11 [0115.160] CoTaskMemFree (pv=0x54d6e0) [0115.160] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.160] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x13e0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\soon positive.exe" (normalized: "c:\\program files (x86)\\internet explorer\\soon positive.exe")) returned 0x3a [0115.161] CoTaskMemFree (pv=0x54d6e0) [0115.161] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x240cf90, cb=0x18 | out: lpmodinfo=0x240cf90*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0115.161] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.161] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0115.162] CoTaskMemFree (pv=0x54def0) [0115.162] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0115.162] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0115.162] CoTaskMemFree (pv=0x5537a0) [0115.162] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x240f138, cb=0x18 | out: lpmodinfo=0x240f138*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0115.163] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.163] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0115.164] CoTaskMemFree (pv=0x54ff30) [0115.164] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.164] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0115.164] CoTaskMemFree (pv=0x54def0) [0115.164] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x24112e0, cb=0x18 | out: lpmodinfo=0x24112e0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0115.165] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0115.165] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0115.166] CoTaskMemFree (pv=0x54e700) [0115.166] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0115.166] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0115.166] CoTaskMemFree (pv=0x54e700) [0115.166] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x2413498, cb=0x18 | out: lpmodinfo=0x2413498*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0115.167] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0115.167] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0115.168] CoTaskMemFree (pv=0x550740) [0115.168] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.168] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0115.168] CoTaskMemFree (pv=0x54ff30) [0115.168] CloseHandle (hObject=0x25c) returned 1 [0115.169] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0115.169] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1fc) returned 0x25c [0115.169] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2415c70, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2415c70, lpcbNeeded=0x14ef68) returned 1 [0115.174] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff6a4020000, lpmodinfo=0x2415ee0, cb=0x18 | out: lpmodinfo=0x2415ee0*(lpBaseOfDll=0x7ff6a4020000, SizeOfImage=0x94000, EntryPoint=0x7ff6a4048810)) returned 1 [0115.175] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0115.175] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff6a4020000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="winlogon.exe") returned 0xc [0115.175] CoTaskMemFree (pv=0x553fb0) [0115.175] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0115.175] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff6a4020000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe")) returned 0x20 [0115.176] CoTaskMemFree (pv=0x552f90) [0115.176] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x24180d0, cb=0x18 | out: lpmodinfo=0x24180d0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0115.176] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0115.176] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0115.177] CoTaskMemFree (pv=0x550f50) [0115.177] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0115.177] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0115.177] CoTaskMemFree (pv=0x54e700) [0115.177] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x241a278, cb=0x18 | out: lpmodinfo=0x241a278*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0115.178] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.178] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0115.178] CoTaskMemFree (pv=0x551760) [0115.178] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.178] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0115.179] CoTaskMemFree (pv=0x551f70) [0115.179] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x241c430, cb=0x18 | out: lpmodinfo=0x241c430*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0115.180] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0115.180] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0115.180] CoTaskMemFree (pv=0x552f90) [0115.180] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.180] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0115.181] CoTaskMemFree (pv=0x54d6e0) [0115.181] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x241e5e8, cb=0x18 | out: lpmodinfo=0x241e5e8*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0115.182] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0115.182] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0115.183] CoTaskMemFree (pv=0x552780) [0115.183] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0115.183] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0115.184] CoTaskMemFree (pv=0x552f90) [0115.184] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x24207e8, cb=0x18 | out: lpmodinfo=0x24207e8*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0115.184] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0115.184] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0115.185] CoTaskMemFree (pv=0x54ef10) [0115.185] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0115.185] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0115.186] CoTaskMemFree (pv=0x550f50) [0115.186] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x2422990, cb=0x18 | out: lpmodinfo=0x2422990*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0115.187] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.187] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0115.188] CoTaskMemFree (pv=0x54ff30) [0115.188] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0115.188] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0115.189] CoTaskMemFree (pv=0x54f720) [0115.189] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x2424b38, cb=0x18 | out: lpmodinfo=0x2424b38*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0115.190] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0115.190] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0115.191] CoTaskMemFree (pv=0x54e700) [0115.191] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.191] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0115.192] CoTaskMemFree (pv=0x551f70) [0115.192] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x2426cf0, cb=0x18 | out: lpmodinfo=0x2426cf0*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0115.193] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0115.193] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0115.194] CoTaskMemFree (pv=0x5537a0) [0115.194] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.194] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0115.195] CoTaskMemFree (pv=0x551760) [0115.195] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x2428f40, cb=0x18 | out: lpmodinfo=0x2428f40*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0115.196] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0115.196] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0115.197] CoTaskMemFree (pv=0x54e700) [0115.197] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.197] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0115.199] CoTaskMemFree (pv=0x551f70) [0115.199] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x242b0e8, cb=0x18 | out: lpmodinfo=0x242b0e8*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0115.200] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.200] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0115.201] CoTaskMemFree (pv=0x551f70) [0115.201] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.201] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0115.203] CoTaskMemFree (pv=0x551760) [0115.203] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x242d290, cb=0x18 | out: lpmodinfo=0x242d290*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0115.204] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.204] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0115.205] CoTaskMemFree (pv=0x54ff30) [0115.206] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.206] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0115.207] CoTaskMemFree (pv=0x551760) [0115.207] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x242f438, cb=0x18 | out: lpmodinfo=0x242f438*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0115.208] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0115.208] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0115.210] CoTaskMemFree (pv=0x5547c0) [0115.210] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0115.210] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0115.211] CoTaskMemFree (pv=0x553fb0) [0115.211] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpmodinfo=0x24315e0, cb=0x18 | out: lpmodinfo=0x24315e0*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0115.212] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0115.212] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0115.221] CoTaskMemFree (pv=0x553fb0) [0115.221] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0115.221] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0115.223] CoTaskMemFree (pv=0x550740) [0115.223] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpmodinfo=0x2433788, cb=0x18 | out: lpmodinfo=0x2433788*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0115.224] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0115.224] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="winsta.dll") returned 0xa [0115.227] CoTaskMemFree (pv=0x54f720) [0115.227] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0115.227] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0115.228] CoTaskMemFree (pv=0x5537a0) [0115.228] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b010000, lpmodinfo=0x2435930, cb=0x18 | out: lpmodinfo=0x2435930*(lpBaseOfDll=0x7ff87b010000, SizeOfImage=0x1a000, EntryPoint=0x7ff87b017d00)) returned 1 [0115.230] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.230] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b010000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="UXINIT.dll") returned 0xa [0115.232] CoTaskMemFree (pv=0x54d6e0) [0115.232] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.232] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b010000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UXINIT.dll" (normalized: "c:\\windows\\system32\\uxinit.dll")) returned 0x1e [0115.233] CoTaskMemFree (pv=0x54d6e0) [0115.234] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x2437ad8, cb=0x18 | out: lpmodinfo=0x2437ad8*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0115.235] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0115.235] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0115.237] CoTaskMemFree (pv=0x54ef10) [0115.237] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0115.237] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0115.239] CoTaskMemFree (pv=0x54ef10) [0115.239] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x2439d98, cb=0x18 | out: lpmodinfo=0x2439d98*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0115.241] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0115.241] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0115.243] CoTaskMemFree (pv=0x552780) [0115.243] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0115.243] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0115.244] CoTaskMemFree (pv=0x54f720) [0115.244] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x243bf40, cb=0x18 | out: lpmodinfo=0x243bf40*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0115.246] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.246] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0115.249] CoTaskMemFree (pv=0x54d6e0) [0115.249] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.249] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0115.251] CoTaskMemFree (pv=0x551760) [0115.251] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87af40000, lpmodinfo=0x243e118, cb=0x18 | out: lpmodinfo=0x243e118*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0115.253] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0115.253] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="UxTheme.dll") returned 0xb [0115.254] CoTaskMemFree (pv=0x5537a0) [0115.254] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.254] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UxTheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0115.256] CoTaskMemFree (pv=0x551760) [0115.256] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d170000, lpmodinfo=0x24402c0, cb=0x18 | out: lpmodinfo=0x24402c0*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0115.259] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.259] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0115.261] CoTaskMemFree (pv=0x551760) [0115.261] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0115.261] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0115.264] CoTaskMemFree (pv=0x5547c0) [0115.264] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpmodinfo=0x2442468, cb=0x18 | out: lpmodinfo=0x2442468*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0115.266] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.266] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0115.268] CoTaskMemFree (pv=0x551760) [0115.268] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0115.268] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0115.271] CoTaskMemFree (pv=0x552f90) [0115.271] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpmodinfo=0x2444610, cb=0x18 | out: lpmodinfo=0x2444610*(lpBaseOfDll=0x7ff87bc10000, SizeOfImage=0xa000, EntryPoint=0x7ff87bc11830)) returned 1 [0115.273] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.273] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="DPAPI.dll") returned 0x9 [0115.275] CoTaskMemFree (pv=0x54d6e0) [0115.275] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0115.275] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bc10000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DPAPI.dll" (normalized: "c:\\windows\\system32\\dpapi.dll")) returned 0x1d [0115.277] CoTaskMemFree (pv=0x552780) [0115.277] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c060000, lpmodinfo=0x24467b8, cb=0x18 | out: lpmodinfo=0x24467b8*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0115.281] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0115.281] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0115.283] CoTaskMemFree (pv=0x54ef10) [0115.283] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.283] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0115.286] CoTaskMemFree (pv=0x54def0) [0115.286] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87af20000, lpmodinfo=0x2448970, cb=0x18 | out: lpmodinfo=0x2448970*(lpBaseOfDll=0x7ff87af20000, SizeOfImage=0x14000, EntryPoint=0x7ff87af24530)) returned 1 [0115.288] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0115.288] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87af20000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="dwminit.dll") returned 0xb [0115.291] CoTaskMemFree (pv=0x552780) [0115.291] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.291] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87af20000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dwminit.dll" (normalized: "c:\\windows\\system32\\dwminit.dll")) returned 0x1f [0115.293] CoTaskMemFree (pv=0x54def0) [0115.293] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x244ab18, cb=0x18 | out: lpmodinfo=0x244ab18*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0115.296] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0115.296] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0115.299] CoTaskMemFree (pv=0x553fb0) [0115.299] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0115.299] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0115.302] CoTaskMemFree (pv=0x550740) [0115.302] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87aa90000, lpmodinfo=0x244ccc0, cb=0x18 | out: lpmodinfo=0x244ccc0*(lpBaseOfDll=0x7ff87aa90000, SizeOfImage=0x79000, EntryPoint=0x7ff87aaafb90)) returned 1 [0115.304] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0115.304] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87aa90000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0115.307] CoTaskMemFree (pv=0x553fb0) [0115.307] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.307] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87aa90000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0115.310] CoTaskMemFree (pv=0x54def0) [0115.310] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875b40000, lpmodinfo=0x244ee68, cb=0x18 | out: lpmodinfo=0x244ee68*(lpBaseOfDll=0x7ff875b40000, SizeOfImage=0x10000, EntryPoint=0x7ff875b42c60)) returned 1 [0115.312] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0115.312] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875b40000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="usermgrcli.dll") returned 0xe [0115.315] CoTaskMemFree (pv=0x54ef10) [0115.323] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.323] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875b40000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")) returned 0x22 [0115.326] CoTaskMemFree (pv=0x54d6e0) [0115.326] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpmodinfo=0x2260198, cb=0x18 | out: lpmodinfo=0x2260198*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0115.328] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.328] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0115.331] CoTaskMemFree (pv=0x54d6e0) [0115.331] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0115.331] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0115.334] CoTaskMemFree (pv=0x553fb0) [0115.334] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874540000, lpmodinfo=0x2262340, cb=0x18 | out: lpmodinfo=0x2262340*(lpBaseOfDll=0x7ff874540000, SizeOfImage=0x1b000, EntryPoint=0x7ff874541040)) returned 1 [0115.337] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0115.337] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874540000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="MPR.dll") returned 0x7 [0115.340] CoTaskMemFree (pv=0x5537a0) [0115.340] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0115.340] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874540000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MPR.dll" (normalized: "c:\\windows\\system32\\mpr.dll")) returned 0x1b [0115.343] CoTaskMemFree (pv=0x5537a0) [0115.343] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874530000, lpmodinfo=0x22644d8, cb=0x18 | out: lpmodinfo=0x22644d8*(lpBaseOfDll=0x7ff874530000, SizeOfImage=0xb000, EntryPoint=0x7ff874531a40)) returned 1 [0115.345] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0115.345] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874530000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="drprov.dll") returned 0xa [0115.348] CoTaskMemFree (pv=0x54ef10) [0115.348] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.348] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874530000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll")) returned 0x1e [0115.351] CoTaskMemFree (pv=0x54ff30) [0115.351] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874510000, lpmodinfo=0x2266680, cb=0x18 | out: lpmodinfo=0x2266680*(lpBaseOfDll=0x7ff874510000, SizeOfImage=0x16000, EntryPoint=0x7ff874513380)) returned 1 [0115.354] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.354] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874510000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="ntlanman.dll") returned 0xc [0115.357] CoTaskMemFree (pv=0x54d6e0) [0115.357] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0115.357] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874510000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll")) returned 0x20 [0115.360] CoTaskMemFree (pv=0x553fb0) [0115.360] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8744f0000, lpmodinfo=0x2268838, cb=0x18 | out: lpmodinfo=0x2268838*(lpBaseOfDll=0x7ff8744f0000, SizeOfImage=0x20000, EntryPoint=0x7ff8744f1920)) returned 1 [0115.363] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.363] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8744f0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="davclnt.dll") returned 0xb [0115.366] CoTaskMemFree (pv=0x54def0) [0115.366] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.366] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8744f0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll")) returned 0x1f [0115.371] CoTaskMemFree (pv=0x54ff30) [0115.371] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8744e0000, lpmodinfo=0x226abf8, cb=0x18 | out: lpmodinfo=0x226abf8*(lpBaseOfDll=0x7ff8744e0000, SizeOfImage=0xc000, EntryPoint=0x7ff8744e1860)) returned 1 [0115.392] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0115.392] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8744e0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="DAVHLPR.dll") returned 0xb [0115.395] CoTaskMemFree (pv=0x5537a0) [0115.395] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0115.395] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8744e0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DAVHLPR.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll")) returned 0x1f [0115.399] CoTaskMemFree (pv=0x5537a0) [0115.399] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8744d0000, lpmodinfo=0x226cda0, cb=0x18 | out: lpmodinfo=0x226cda0*(lpBaseOfDll=0x7ff8744d0000, SizeOfImage=0xa000, EntryPoint=0x7ff8744d1010)) returned 1 [0115.402] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0115.402] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8744d0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="mprext.dll") returned 0xa [0115.405] CoTaskMemFree (pv=0x5547c0) [0115.405] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0115.405] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8744d0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mprext.dll" (normalized: "c:\\windows\\system32\\mprext.dll")) returned 0x1e [0115.408] CoTaskMemFree (pv=0x553fb0) [0115.408] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8744b0000, lpmodinfo=0x226ef48, cb=0x18 | out: lpmodinfo=0x226ef48*(lpBaseOfDll=0x7ff8744b0000, SizeOfImage=0x12000, EntryPoint=0x7ff8744b3580)) returned 1 [0115.412] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0115.412] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8744b0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="cscapi.dll") returned 0xa [0115.415] CoTaskMemFree (pv=0x552780) [0115.415] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0115.415] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8744b0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")) returned 0x1e [0115.418] CoTaskMemFree (pv=0x550740) [0115.418] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpmodinfo=0x22710f0, cb=0x18 | out: lpmodinfo=0x22710f0*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0115.424] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0115.424] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0115.427] CoTaskMemFree (pv=0x54ef10) [0115.427] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.427] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0115.431] CoTaskMemFree (pv=0x54ff30) [0115.431] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875230000, lpmodinfo=0x22732a8, cb=0x18 | out: lpmodinfo=0x22732a8*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff875231b60)) returned 1 [0115.434] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.434] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875230000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0115.437] CoTaskMemFree (pv=0x551760) [0115.438] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.438] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875230000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0115.441] CoTaskMemFree (pv=0x551f70) [0115.441] CloseHandle (hObject=0x25c) returned 1 [0115.442] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0115.442] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x664) returned 0x25c [0115.442] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2276570, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2276570, lpcbNeeded=0x14ef68) returned 1 [0115.445] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff63a8f0000, lpmodinfo=0x22767e0, cb=0x18 | out: lpmodinfo=0x22767e0*(lpBaseOfDll=0x7ff63a8f0000, SizeOfImage=0x19000, EntryPoint=0x7ff63a8f59b0)) returned 1 [0115.446] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.446] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff63a8f0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="taskhostw.exe") returned 0xd [0115.446] CoTaskMemFree (pv=0x54def0) [0115.446] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.446] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff63a8f0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe")) returned 0x21 [0115.447] CoTaskMemFree (pv=0x54def0) [0115.447] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x22789d0, cb=0x18 | out: lpmodinfo=0x22789d0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0115.447] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0115.447] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0115.448] CoTaskMemFree (pv=0x552f90) [0115.448] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0115.448] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0115.448] CoTaskMemFree (pv=0x54ef10) [0115.448] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x227ab78, cb=0x18 | out: lpmodinfo=0x227ab78*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0115.449] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.449] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0115.449] CoTaskMemFree (pv=0x54def0) [0115.449] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0115.449] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0115.450] CoTaskMemFree (pv=0x552780) [0115.450] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x227cd30, cb=0x18 | out: lpmodinfo=0x227cd30*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0115.451] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0115.451] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0115.451] CoTaskMemFree (pv=0x552780) [0115.451] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.451] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0115.452] CoTaskMemFree (pv=0x551f70) [0115.452] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x227eee8, cb=0x18 | out: lpmodinfo=0x227eee8*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0115.453] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0115.453] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0115.453] CoTaskMemFree (pv=0x54ef10) [0115.453] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0115.454] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0115.454] CoTaskMemFree (pv=0x54f720) [0115.454] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x22810e8, cb=0x18 | out: lpmodinfo=0x22810e8*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0115.455] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0115.455] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0115.456] CoTaskMemFree (pv=0x550740) [0115.456] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0115.456] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0115.457] CoTaskMemFree (pv=0x54e700) [0115.457] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x2283290, cb=0x18 | out: lpmodinfo=0x2283290*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0115.458] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0115.459] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0115.460] CoTaskMemFree (pv=0x54ef10) [0115.460] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0115.460] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0115.461] CoTaskMemFree (pv=0x54f720) [0115.461] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x2285438, cb=0x18 | out: lpmodinfo=0x2285438*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0115.462] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.462] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0115.463] CoTaskMemFree (pv=0x54ff30) [0115.463] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0115.463] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0115.464] CoTaskMemFree (pv=0x552780) [0115.464] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x2287610, cb=0x18 | out: lpmodinfo=0x2287610*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0115.465] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0115.465] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0115.466] CoTaskMemFree (pv=0x54f720) [0115.466] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0115.466] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0115.467] CoTaskMemFree (pv=0x552f90) [0115.467] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x2289860, cb=0x18 | out: lpmodinfo=0x2289860*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0115.468] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.468] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0115.469] CoTaskMemFree (pv=0x54d6e0) [0115.469] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.469] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0115.471] CoTaskMemFree (pv=0x54def0) [0115.471] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x228ba28, cb=0x18 | out: lpmodinfo=0x228ba28*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0115.472] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.472] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0115.473] CoTaskMemFree (pv=0x551f70) [0115.473] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0115.473] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0115.474] CoTaskMemFree (pv=0x550f50) [0115.474] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x228dbd0, cb=0x18 | out: lpmodinfo=0x228dbd0*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0115.476] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.476] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0115.477] CoTaskMemFree (pv=0x551f70) [0115.477] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0115.477] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0115.478] CoTaskMemFree (pv=0x550740) [0115.478] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x228fd78, cb=0x18 | out: lpmodinfo=0x228fd78*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0115.480] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.480] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0115.481] CoTaskMemFree (pv=0x551f70) [0115.481] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.481] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0115.483] CoTaskMemFree (pv=0x54ff30) [0115.483] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpmodinfo=0x2291f20, cb=0x18 | out: lpmodinfo=0x2291f20*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0115.484] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0115.484] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0115.486] CoTaskMemFree (pv=0x553fb0) [0115.486] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.486] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0115.487] CoTaskMemFree (pv=0x551f70) [0115.487] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87af40000, lpmodinfo=0x22940c8, cb=0x18 | out: lpmodinfo=0x22940c8*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0115.489] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0115.489] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0115.490] CoTaskMemFree (pv=0x550f50) [0115.490] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0115.490] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0115.494] CoTaskMemFree (pv=0x553fb0) [0115.494] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fbb0000, lpmodinfo=0x2296270, cb=0x18 | out: lpmodinfo=0x2296270*(lpBaseOfDll=0x7ff87fbb0000, SizeOfImage=0x15a000, EntryPoint=0x7ff87fbf38e0)) returned 1 [0115.496] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.496] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fbb0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0115.497] CoTaskMemFree (pv=0x551f70) [0115.497] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0115.497] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fbb0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0115.499] CoTaskMemFree (pv=0x550740) [0115.499] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a590000, lpmodinfo=0x2298418, cb=0x18 | out: lpmodinfo=0x2298418*(lpBaseOfDll=0x7ff87a590000, SizeOfImage=0x22000, EntryPoint=0x7ff87a591a40)) returned 1 [0115.501] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0115.501] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a590000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0115.503] CoTaskMemFree (pv=0x552780) [0115.503] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0115.503] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a590000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0115.504] CoTaskMemFree (pv=0x54f720) [0115.504] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x229a6d8, cb=0x18 | out: lpmodinfo=0x229a6d8*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0115.506] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0115.506] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0115.508] CoTaskMemFree (pv=0x553fb0) [0115.508] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.508] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0115.510] CoTaskMemFree (pv=0x54def0) [0115.510] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f1f0000, lpmodinfo=0x229c880, cb=0x18 | out: lpmodinfo=0x229c880*(lpBaseOfDll=0x7ff86f1f0000, SizeOfImage=0xd000, EntryPoint=0x7ff86f1f2560)) returned 1 [0115.511] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.511] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f1f0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="MsCtfMonitor.dll") returned 0x10 [0115.513] CoTaskMemFree (pv=0x551760) [0115.513] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0115.513] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f1f0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MsCtfMonitor.dll" (normalized: "c:\\windows\\system32\\msctfmonitor.dll")) returned 0x24 [0115.515] CoTaskMemFree (pv=0x5537a0) [0115.515] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f170000, lpmodinfo=0x229ea48, cb=0x18 | out: lpmodinfo=0x229ea48*(lpBaseOfDll=0x7ff86f170000, SizeOfImage=0x7a000, EntryPoint=0x7ff86f1715b0)) returned 1 [0115.517] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.517] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f170000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="MSUTB.dll") returned 0x9 [0115.519] CoTaskMemFree (pv=0x551f70) [0115.519] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.519] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f170000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSUTB.dll" (normalized: "c:\\windows\\system32\\msutb.dll")) returned 0x1d [0115.521] CoTaskMemFree (pv=0x551760) [0115.521] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpmodinfo=0x22a0bf0, cb=0x18 | out: lpmodinfo=0x22a0bf0*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0115.523] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0115.523] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0115.525] CoTaskMemFree (pv=0x550f50) [0115.525] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.525] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0115.527] CoTaskMemFree (pv=0x54def0) [0115.527] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f150000, lpmodinfo=0x22a2d98, cb=0x18 | out: lpmodinfo=0x22a2d98*(lpBaseOfDll=0x7ff86f150000, SizeOfImage=0x1a000, EntryPoint=0x7ff86f152a10)) returned 1 [0115.529] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0115.529] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f150000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="PlaySndSrv.dll") returned 0xe [0115.532] CoTaskMemFree (pv=0x54f720) [0115.532] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.532] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f150000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PlaySndSrv.dll" (normalized: "c:\\windows\\system32\\playsndsrv.dll")) returned 0x22 [0115.534] CoTaskMemFree (pv=0x54d6e0) [0115.534] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86ec80000, lpmodinfo=0x22a4f50, cb=0x18 | out: lpmodinfo=0x22a4f50*(lpBaseOfDll=0x7ff86ec80000, SizeOfImage=0x28e000, EntryPoint=0x7ff86ed50f00)) returned 1 [0115.536] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.536] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86ec80000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="wininet.dll") returned 0xb [0115.538] CoTaskMemFree (pv=0x54ff30) [0115.538] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.538] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86ec80000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")) returned 0x1f [0115.540] CoTaskMemFree (pv=0x551760) [0115.540] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpmodinfo=0x22a70f8, cb=0x18 | out: lpmodinfo=0x22a70f8*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0115.543] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.543] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0115.545] CoTaskMemFree (pv=0x54def0) [0115.545] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0115.545] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0115.547] CoTaskMemFree (pv=0x54f720) [0115.547] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpmodinfo=0x22a92a0, cb=0x18 | out: lpmodinfo=0x22a92a0*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0115.549] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.549] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0115.552] CoTaskMemFree (pv=0x54def0) [0115.552] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0115.552] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0115.554] CoTaskMemFree (pv=0x54ef10) [0115.554] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x22ab458, cb=0x18 | out: lpmodinfo=0x22ab458*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0115.557] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.557] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0115.559] CoTaskMemFree (pv=0x54d6e0) [0115.559] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0115.559] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0115.562] CoTaskMemFree (pv=0x550740) [0115.562] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c760000, lpmodinfo=0x22ad600, cb=0x18 | out: lpmodinfo=0x22ad600*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0115.565] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0115.565] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0115.567] CoTaskMemFree (pv=0x54e700) [0115.567] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0115.567] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0115.570] CoTaskMemFree (pv=0x5547c0) [0115.570] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x22af7c8, cb=0x18 | out: lpmodinfo=0x22af7c8*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0115.573] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0115.573] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0115.575] CoTaskMemFree (pv=0x54f720) [0115.575] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.575] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0115.578] CoTaskMemFree (pv=0x54def0) [0115.578] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x22b1980, cb=0x18 | out: lpmodinfo=0x22b1980*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0115.581] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0115.581] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0115.583] CoTaskMemFree (pv=0x5537a0) [0115.583] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.583] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0115.586] CoTaskMemFree (pv=0x54def0) [0115.586] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x22b3b38, cb=0x18 | out: lpmodinfo=0x22b3b38*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0115.589] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0115.589] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0115.593] CoTaskMemFree (pv=0x550740) [0115.593] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0115.594] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0115.596] CoTaskMemFree (pv=0x5537a0) [0115.596] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x22b5cf0, cb=0x18 | out: lpmodinfo=0x22b5cf0*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0115.599] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0115.599] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0115.602] CoTaskMemFree (pv=0x552f90) [0115.602] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.602] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0115.605] CoTaskMemFree (pv=0x54ff30) [0115.605] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpmodinfo=0x22b7e98, cb=0x18 | out: lpmodinfo=0x22b7e98*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0115.608] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0115.608] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0115.611] CoTaskMemFree (pv=0x5547c0) [0115.611] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.611] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0115.614] CoTaskMemFree (pv=0x54d6e0) [0115.614] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872f10000, lpmodinfo=0x22ba040, cb=0x18 | out: lpmodinfo=0x22ba040*(lpBaseOfDll=0x7ff872f10000, SizeOfImage=0x2f9000, EntryPoint=0x7ff872fd7280)) returned 1 [0115.617] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0115.617] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872f10000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="ESENT.dll") returned 0x9 [0115.620] CoTaskMemFree (pv=0x54f720) [0115.620] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0115.620] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872f10000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ESENT.dll" (normalized: "c:\\windows\\system32\\esent.dll")) returned 0x1d [0115.623] CoTaskMemFree (pv=0x54f720) [0115.623] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d650000, lpmodinfo=0x22bc400, cb=0x18 | out: lpmodinfo=0x22bc400*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0115.626] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0115.626] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d650000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0115.629] CoTaskMemFree (pv=0x5547c0) [0115.629] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0115.629] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d650000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0115.632] CoTaskMemFree (pv=0x5547c0) [0115.632] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c060000, lpmodinfo=0x22be5a8, cb=0x18 | out: lpmodinfo=0x22be5a8*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0115.636] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0115.636] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="CRYPTBASE.DLL") returned 0xd [0115.639] CoTaskMemFree (pv=0x54ef10) [0115.639] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.639] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.DLL" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0115.643] CoTaskMemFree (pv=0x54d6e0) [0115.643] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87adb0000, lpmodinfo=0x22c0760, cb=0x18 | out: lpmodinfo=0x22c0760*(lpBaseOfDll=0x7ff87adb0000, SizeOfImage=0x23000, EntryPoint=0x7ff87adb3670)) returned 1 [0115.646] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0115.646] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87adb0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="WINMM.dll") returned 0x9 [0115.649] CoTaskMemFree (pv=0x550f50) [0115.649] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0115.649] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87adb0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINMM.dll" (normalized: "c:\\windows\\system32\\winmm.dll")) returned 0x1d [0115.653] CoTaskMemFree (pv=0x54e700) [0115.653] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ad50000, lpmodinfo=0x22c2908, cb=0x18 | out: lpmodinfo=0x22c2908*(lpBaseOfDll=0x7ff87ad50000, SizeOfImage=0x2c000, EntryPoint=0x7ff87ad58210)) returned 1 [0115.656] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0115.656] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ad50000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="WINMMBASE.dll") returned 0xd [0115.661] CoTaskMemFree (pv=0x5537a0) [0115.661] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.661] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ad50000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINMMBASE.dll" (normalized: "c:\\windows\\system32\\winmmbase.dll")) returned 0x21 [0115.664] CoTaskMemFree (pv=0x54def0) [0115.664] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpmodinfo=0x22c4ac0, cb=0x18 | out: lpmodinfo=0x22c4ac0*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0115.668] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.668] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="userenv.dll") returned 0xb [0115.671] CoTaskMemFree (pv=0x551f70) [0115.671] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0115.671] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0115.675] CoTaskMemFree (pv=0x550740) [0115.675] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86d200000, lpmodinfo=0x22c6c68, cb=0x18 | out: lpmodinfo=0x22c6c68*(lpBaseOfDll=0x7ff86d200000, SizeOfImage=0x15000, EntryPoint=0x7ff86d205740)) returned 1 [0115.678] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0115.678] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86d200000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="profext.dll") returned 0xb [0115.682] CoTaskMemFree (pv=0x5547c0) [0115.682] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0115.682] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86d200000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll")) returned 0x1f [0115.686] CoTaskMemFree (pv=0x552f90) [0115.686] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpmodinfo=0x22c8e10, cb=0x18 | out: lpmodinfo=0x22c8e10*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0115.689] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0115.689] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0115.694] CoTaskMemFree (pv=0x550f50) [0115.694] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0115.694] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0115.698] CoTaskMemFree (pv=0x550f50) [0115.698] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x22cafb8, cb=0x18 | out: lpmodinfo=0x22cafb8*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0115.701] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0115.701] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0115.705] CoTaskMemFree (pv=0x552780) [0115.705] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0115.705] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0115.709] CoTaskMemFree (pv=0x5537a0) [0115.710] CloseHandle (hObject=0x25c) returned 1 [0115.710] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0115.710] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x41c) returned 0x25c [0115.710] EnumProcessModules (in: hProcess=0x25c, lphModule=0x22ce388, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22ce388, lpcbNeeded=0x14ef68) returned 1 [0115.716] EnumProcessModules (in: hProcess=0x25c, lphModule=0x22ce5a0, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x22ce5a0, lpcbNeeded=0x14ef68) returned 1 [0115.722] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpmodinfo=0x22cea10, cb=0x18 | out: lpmodinfo=0x22cea10*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0115.722] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0115.722] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0115.722] CoTaskMemFree (pv=0x550f50) [0115.723] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0115.723] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff6a3140000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0115.723] CoTaskMemFree (pv=0x54ef10) [0115.723] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x22d0bf0, cb=0x18 | out: lpmodinfo=0x22d0bf0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0115.724] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0115.724] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0115.724] CoTaskMemFree (pv=0x54f720) [0115.724] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0115.724] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0115.725] CoTaskMemFree (pv=0x552f90) [0115.725] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x22d2d98, cb=0x18 | out: lpmodinfo=0x22d2d98*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0115.725] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0115.725] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0115.726] CoTaskMemFree (pv=0x5547c0) [0115.726] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.726] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0115.726] CoTaskMemFree (pv=0x551760) [0115.726] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x22d4f50, cb=0x18 | out: lpmodinfo=0x22d4f50*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0115.727] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.727] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0115.728] CoTaskMemFree (pv=0x54def0) [0115.728] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0115.728] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0115.728] CoTaskMemFree (pv=0x54f720) [0115.728] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x22d7108, cb=0x18 | out: lpmodinfo=0x22d7108*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0115.729] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.729] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0115.730] CoTaskMemFree (pv=0x551f70) [0115.730] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0115.730] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0115.730] CoTaskMemFree (pv=0x5537a0) [0115.731] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x22d9308, cb=0x18 | out: lpmodinfo=0x22d9308*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0115.731] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.731] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0115.732] CoTaskMemFree (pv=0x54ff30) [0115.732] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.732] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0115.733] CoTaskMemFree (pv=0x551760) [0115.733] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b760000, lpmodinfo=0x22db4b0, cb=0x18 | out: lpmodinfo=0x22db4b0*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0115.734] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.734] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0115.735] CoTaskMemFree (pv=0x54ff30) [0115.735] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.735] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0115.736] CoTaskMemFree (pv=0x54d6e0) [0115.736] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x22dd668, cb=0x18 | out: lpmodinfo=0x22dd668*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0115.737] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.737] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0115.738] CoTaskMemFree (pv=0x551760) [0115.738] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0115.738] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0115.739] CoTaskMemFree (pv=0x54f720) [0115.739] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x22df810, cb=0x18 | out: lpmodinfo=0x22df810*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0115.740] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0115.740] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0115.741] CoTaskMemFree (pv=0x550f50) [0115.741] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.741] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0115.742] CoTaskMemFree (pv=0x54def0) [0115.742] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x22e1a50, cb=0x18 | out: lpmodinfo=0x22e1a50*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0115.743] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0115.743] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0115.745] CoTaskMemFree (pv=0x54e700) [0115.745] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0115.745] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0115.746] CoTaskMemFree (pv=0x5547c0) [0115.746] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x22e3c28, cb=0x18 | out: lpmodinfo=0x22e3c28*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0115.747] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.747] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0115.748] CoTaskMemFree (pv=0x54ff30) [0115.748] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0115.748] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0115.750] CoTaskMemFree (pv=0x54ef10) [0115.750] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x22e5df0, cb=0x18 | out: lpmodinfo=0x22e5df0*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0115.751] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0115.751] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0115.752] CoTaskMemFree (pv=0x550740) [0115.752] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0115.752] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0115.754] CoTaskMemFree (pv=0x5537a0) [0115.754] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x22e7f98, cb=0x18 | out: lpmodinfo=0x22e7f98*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0115.755] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0115.755] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0115.756] CoTaskMemFree (pv=0x552f90) [0115.756] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.756] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0115.758] CoTaskMemFree (pv=0x551f70) [0115.758] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpmodinfo=0x22ea140, cb=0x18 | out: lpmodinfo=0x22ea140*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0115.759] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.759] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0115.761] CoTaskMemFree (pv=0x54ff30) [0115.761] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.761] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87eed0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0115.762] CoTaskMemFree (pv=0x54def0) [0115.762] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpmodinfo=0x22ec2e8, cb=0x18 | out: lpmodinfo=0x22ec2e8*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0115.764] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0115.764] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0115.765] CoTaskMemFree (pv=0x552f90) [0115.765] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0115.766] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87efa0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0115.767] CoTaskMemFree (pv=0x54f720) [0115.767] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b030000, lpmodinfo=0x22ee480, cb=0x18 | out: lpmodinfo=0x22ee480*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0115.769] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.769] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b030000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0115.770] CoTaskMemFree (pv=0x54ff30) [0115.770] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0115.770] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b030000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0115.772] CoTaskMemFree (pv=0x553fb0) [0115.772] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpmodinfo=0x22f0628, cb=0x18 | out: lpmodinfo=0x22f0628*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0115.774] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0115.774] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0115.776] CoTaskMemFree (pv=0x553fb0) [0115.776] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.776] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8750d0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0115.777] CoTaskMemFree (pv=0x551f70) [0115.777] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x22f28e8, cb=0x18 | out: lpmodinfo=0x22f28e8*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0115.780] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0115.780] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0115.782] CoTaskMemFree (pv=0x552780) [0115.782] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.782] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0115.784] CoTaskMemFree (pv=0x551f70) [0115.784] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpmodinfo=0x22f4a90, cb=0x18 | out: lpmodinfo=0x22f4a90*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0115.786] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0115.786] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0115.787] CoTaskMemFree (pv=0x550f50) [0115.787] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0115.787] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bd20000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0115.790] CoTaskMemFree (pv=0x552780) [0115.790] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x22f6c38, cb=0x18 | out: lpmodinfo=0x22f6c38*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0115.792] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0115.792] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0115.795] CoTaskMemFree (pv=0x550f50) [0115.795] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0115.795] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0115.797] CoTaskMemFree (pv=0x552f90) [0115.797] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpmodinfo=0x22f8de0, cb=0x18 | out: lpmodinfo=0x22f8de0*(lpBaseOfDll=0x7ff87b5c0000, SizeOfImage=0x24000, EntryPoint=0x7ff87b5c3260)) returned 1 [0115.799] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0115.799] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="gpapi.dll") returned 0x9 [0115.801] CoTaskMemFree (pv=0x54e700) [0115.801] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.801] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b5c0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0115.803] CoTaskMemFree (pv=0x54d6e0) [0115.803] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874df0000, lpmodinfo=0x22faf88, cb=0x18 | out: lpmodinfo=0x22faf88*(lpBaseOfDll=0x7ff874df0000, SizeOfImage=0x60000, EntryPoint=0x7ff874e10fc0)) returned 1 [0115.805] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0115.805] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874df0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="nlasvc.dll") returned 0xa [0115.807] CoTaskMemFree (pv=0x54ef10) [0115.808] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0115.808] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874df0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nlasvc.dll" (normalized: "c:\\windows\\system32\\nlasvc.dll")) returned 0x1e [0115.810] CoTaskMemFree (pv=0x552f90) [0115.810] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x22fd130, cb=0x18 | out: lpmodinfo=0x22fd130*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0115.812] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0115.812] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0115.814] CoTaskMemFree (pv=0x553fb0) [0115.814] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0115.814] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0115.817] CoTaskMemFree (pv=0x550740) [0115.817] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875480000, lpmodinfo=0x22ff2e8, cb=0x18 | out: lpmodinfo=0x22ff2e8*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0115.819] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0115.819] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875480000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0115.821] CoTaskMemFree (pv=0x550f50) [0115.821] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.821] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875480000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0115.824] CoTaskMemFree (pv=0x551760) [0115.824] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875250000, lpmodinfo=0x23014a0, cb=0x18 | out: lpmodinfo=0x23014a0*(lpBaseOfDll=0x7ff875250000, SizeOfImage=0x1a000, EntryPoint=0x7ff875252430)) returned 1 [0115.826] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0115.826] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875250000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0115.828] CoTaskMemFree (pv=0x550f50) [0115.828] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.828] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875250000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0115.831] CoTaskMemFree (pv=0x54ff30) [0115.831] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874d80000, lpmodinfo=0x2303658, cb=0x18 | out: lpmodinfo=0x2303658*(lpBaseOfDll=0x7ff874d80000, SizeOfImage=0x69000, EntryPoint=0x7ff874d9bb10)) returned 1 [0115.834] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0115.834] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874d80000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="ncsi.dll") returned 0x8 [0115.836] CoTaskMemFree (pv=0x550740) [0115.836] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.836] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874d80000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ncsi.dll" (normalized: "c:\\windows\\system32\\ncsi.dll")) returned 0x1c [0115.838] CoTaskMemFree (pv=0x54ff30) [0115.839] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c240000, lpmodinfo=0x2305800, cb=0x18 | out: lpmodinfo=0x2305800*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0115.841] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0115.841] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="sspicli.dll") returned 0xb [0115.844] CoTaskMemFree (pv=0x54ef10) [0115.844] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.844] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c240000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0115.846] CoTaskMemFree (pv=0x551760) [0115.846] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874d60000, lpmodinfo=0x23079a8, cb=0x18 | out: lpmodinfo=0x23079a8*(lpBaseOfDll=0x7ff874d60000, SizeOfImage=0x15000, EntryPoint=0x7ff874d63460)) returned 1 [0115.849] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.849] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874d60000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="ssdpapi.dll") returned 0xb [0115.852] CoTaskMemFree (pv=0x54d6e0) [0115.852] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0115.852] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874d60000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")) returned 0x1f [0115.855] CoTaskMemFree (pv=0x5537a0) [0115.855] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x2309b50, cb=0x18 | out: lpmodinfo=0x2309b50*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0115.857] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.857] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0115.860] CoTaskMemFree (pv=0x551760) [0115.860] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0115.860] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0115.863] CoTaskMemFree (pv=0x54f720) [0115.863] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875270000, lpmodinfo=0x230bd08, cb=0x18 | out: lpmodinfo=0x230bd08*(lpBaseOfDll=0x7ff875270000, SizeOfImage=0x16000, EntryPoint=0x7ff8752719f0)) returned 1 [0115.866] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0115.866] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875270000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0115.869] CoTaskMemFree (pv=0x550740) [0115.869] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0115.869] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875270000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0115.871] CoTaskMemFree (pv=0x54f720) [0115.871] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875d20000, lpmodinfo=0x230dec0, cb=0x18 | out: lpmodinfo=0x230dec0*(lpBaseOfDll=0x7ff875d20000, SizeOfImage=0x11000, EntryPoint=0x7ff875d23320)) returned 1 [0115.874] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0115.874] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875d20000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="WMICLNT.dll") returned 0xb [0115.877] CoTaskMemFree (pv=0x552780) [0115.877] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0115.877] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875d20000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WMICLNT.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")) returned 0x1f [0115.880] CoTaskMemFree (pv=0x552f90) [0115.880] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87be90000, lpmodinfo=0x2310068, cb=0x18 | out: lpmodinfo=0x2310068*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0115.883] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.883] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0115.886] CoTaskMemFree (pv=0x54def0) [0115.886] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.886] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87be90000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0115.889] CoTaskMemFree (pv=0x551f70) [0115.889] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875230000, lpmodinfo=0x2312210, cb=0x18 | out: lpmodinfo=0x2312210*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff875231b60)) returned 1 [0115.892] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0115.892] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875230000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0115.896] CoTaskMemFree (pv=0x5537a0) [0115.896] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0115.896] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875230000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0115.899] CoTaskMemFree (pv=0x5547c0) [0115.899] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878bf0000, lpmodinfo=0x23145d0, cb=0x18 | out: lpmodinfo=0x23145d0*(lpBaseOfDll=0x7ff878bf0000, SizeOfImage=0x61000, EntryPoint=0x7ff878bf4b50)) returned 1 [0115.902] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.902] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878bf0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="WlanApi.dll") returned 0xb [0115.905] CoTaskMemFree (pv=0x551f70) [0115.905] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0115.905] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878bf0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WlanApi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")) returned 0x1f [0115.909] CoTaskMemFree (pv=0x54e700) [0115.909] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8788f0000, lpmodinfo=0x2316778, cb=0x18 | out: lpmodinfo=0x2316778*(lpBaseOfDll=0x7ff8788f0000, SizeOfImage=0x64000, EntryPoint=0x7ff878905ae0)) returned 1 [0115.912] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0115.912] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8788f0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0115.915] CoTaskMemFree (pv=0x552780) [0115.915] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.915] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8788f0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0115.918] CoTaskMemFree (pv=0x54def0) [0115.918] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpmodinfo=0x2318920, cb=0x18 | out: lpmodinfo=0x2318920*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0115.922] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0115.922] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0115.926] CoTaskMemFree (pv=0x5547c0) [0115.926] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0115.926] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ad00000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0115.929] CoTaskMemFree (pv=0x54e700) [0115.929] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpmodinfo=0x231aad8, cb=0x18 | out: lpmodinfo=0x231aad8*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0115.932] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0115.932] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0115.935] CoTaskMemFree (pv=0x54ff30) [0115.935] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0115.936] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c3d0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0115.939] CoTaskMemFree (pv=0x54d6e0) [0115.939] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875200000, lpmodinfo=0x231cc80, cb=0x18 | out: lpmodinfo=0x231cc80*(lpBaseOfDll=0x7ff875200000, SizeOfImage=0x2e000, EntryPoint=0x7ff875207550)) returned 1 [0115.943] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0115.943] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875200000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="netjoin.dll") returned 0xb [0115.946] CoTaskMemFree (pv=0x552780) [0115.946] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0115.946] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875200000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")) returned 0x1f [0115.949] CoTaskMemFree (pv=0x54ef10) [0115.949] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c0a0000, lpmodinfo=0x231ee28, cb=0x18 | out: lpmodinfo=0x231ee28*(lpBaseOfDll=0x7ff87c0a0000, SizeOfImage=0x21000, EntryPoint=0x7ff87c0b0250)) returned 1 [0115.953] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0115.953] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c0a0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="JoinUtil.dll") returned 0xc [0115.957] CoTaskMemFree (pv=0x550740) [0115.957] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0115.957] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c0a0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\JoinUtil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll")) returned 0x20 [0115.960] CoTaskMemFree (pv=0x54e700) [0115.960] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpmodinfo=0x2320fe0, cb=0x18 | out: lpmodinfo=0x2320fe0*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0115.964] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0115.964] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0115.967] CoTaskMemFree (pv=0x54e700) [0115.967] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.967] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b9d0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0115.971] CoTaskMemFree (pv=0x551f70) [0115.971] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x2323198, cb=0x18 | out: lpmodinfo=0x2323198*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0115.974] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0115.974] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0115.978] CoTaskMemFree (pv=0x551f70) [0115.978] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0115.978] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0115.982] CoTaskMemFree (pv=0x54def0) [0115.982] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878b20000, lpmodinfo=0x2325350, cb=0x18 | out: lpmodinfo=0x2325350*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0115.986] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0115.986] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878b20000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="WINHTTP.dll") returned 0xb [0115.989] CoTaskMemFree (pv=0x5547c0) [0115.989] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0115.989] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878b20000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINHTTP.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0115.995] CoTaskMemFree (pv=0x550f50) [0115.995] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874ab0000, lpmodinfo=0x23274f8, cb=0x18 | out: lpmodinfo=0x23274f8*(lpBaseOfDll=0x7ff874ab0000, SizeOfImage=0x15000, EntryPoint=0x7ff874ab2dc0)) returned 1 [0115.999] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0115.999] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874ab0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0116.003] CoTaskMemFree (pv=0x551760) [0116.003] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0116.003] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874ab0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0116.007] CoTaskMemFree (pv=0x551f70) [0116.007] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c060000, lpmodinfo=0x23296e0, cb=0x18 | out: lpmodinfo=0x23296e0*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0116.011] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0116.011] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0116.015] CoTaskMemFree (pv=0x550740) [0116.015] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0116.015] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0116.019] CoTaskMemFree (pv=0x551760) [0116.019] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8748a0000, lpmodinfo=0x232b898, cb=0x18 | out: lpmodinfo=0x232b898*(lpBaseOfDll=0x7ff8748a0000, SizeOfImage=0x48000, EntryPoint=0x7ff8748aabb0)) returned 1 [0116.023] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0116.023] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8748a0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="wkssvc.dll") returned 0xa [0116.027] CoTaskMemFree (pv=0x54d6e0) [0116.027] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0116.027] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8748a0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wkssvc.dll" (normalized: "c:\\windows\\system32\\wkssvc.dll")) returned 0x1e [0116.082] CoTaskMemFree (pv=0x54d6e0) [0116.082] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x232da40, cb=0x18 | out: lpmodinfo=0x232da40*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0116.086] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.086] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0116.090] CoTaskMemFree (pv=0x54def0) [0116.090] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0116.090] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0116.095] CoTaskMemFree (pv=0x5537a0) [0116.095] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x232fbf8, cb=0x18 | out: lpmodinfo=0x232fbf8*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0116.099] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0116.099] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0116.104] CoTaskMemFree (pv=0x54ff30) [0116.104] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.104] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0116.108] CoTaskMemFree (pv=0x54def0) [0116.108] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878230000, lpmodinfo=0x2331da0, cb=0x18 | out: lpmodinfo=0x2331da0*(lpBaseOfDll=0x7ff878230000, SizeOfImage=0xbf000, EntryPoint=0x7ff878251c50)) returned 1 [0116.112] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0116.112] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878230000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0116.117] CoTaskMemFree (pv=0x54e700) [0116.117] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0116.117] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878230000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0116.121] CoTaskMemFree (pv=0x54e700) [0116.121] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870dd0000, lpmodinfo=0x2333f58, cb=0x18 | out: lpmodinfo=0x2333f58*(lpBaseOfDll=0x7ff870dd0000, SizeOfImage=0x18000, EntryPoint=0x7ff870dd7a00)) returned 1 [0116.125] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0116.125] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870dd0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="cryptsvc.dll") returned 0xc [0116.129] CoTaskMemFree (pv=0x550740) [0116.129] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0116.129] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870dd0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\cryptsvc.dll" (normalized: "c:\\windows\\system32\\cryptsvc.dll")) returned 0x20 [0116.134] CoTaskMemFree (pv=0x54ff30) [0116.134] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d170000, lpmodinfo=0x2336110, cb=0x18 | out: lpmodinfo=0x2336110*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0116.138] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0116.138] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0116.142] CoTaskMemFree (pv=0x553fb0) [0116.142] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0116.142] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d170000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0116.146] CoTaskMemFree (pv=0x552f90) [0116.146] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpmodinfo=0x23382b8, cb=0x18 | out: lpmodinfo=0x23382b8*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0116.151] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0116.151] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0116.155] CoTaskMemFree (pv=0x550f50) [0116.155] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0116.155] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5c0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0116.160] CoTaskMemFree (pv=0x54e700) [0116.160] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870d60000, lpmodinfo=0x233a460, cb=0x18 | out: lpmodinfo=0x233a460*(lpBaseOfDll=0x7ff870d60000, SizeOfImage=0x13000, EntryPoint=0x7ff870d61450)) returned 1 [0116.165] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0116.165] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870d60000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="crypttpmeksvc.dll") returned 0x11 [0116.169] CoTaskMemFree (pv=0x551760) [0116.169] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0116.169] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870d60000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\crypttpmeksvc.dll" (normalized: "c:\\windows\\system32\\crypttpmeksvc.dll")) returned 0x25 [0116.174] CoTaskMemFree (pv=0x551f70) [0116.174] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870d30000, lpmodinfo=0x233c628, cb=0x18 | out: lpmodinfo=0x233c628*(lpBaseOfDll=0x7ff870d30000, SizeOfImage=0x23000, EntryPoint=0x7ff870d37a30)) returned 1 [0116.178] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0116.178] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870d30000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="cryptcatsvc.dll") returned 0xf [0116.187] CoTaskMemFree (pv=0x552f90) [0116.187] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0116.187] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870d30000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cryptcatsvc.dll" (normalized: "c:\\windows\\system32\\cryptcatsvc.dll")) returned 0x23 [0116.192] CoTaskMemFree (pv=0x54d6e0) [0116.192] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8706b0000, lpmodinfo=0x233e7e0, cb=0x18 | out: lpmodinfo=0x233e7e0*(lpBaseOfDll=0x7ff8706b0000, SizeOfImage=0x182000, EntryPoint=0x7ff8706c82a0)) returned 1 [0116.198] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0116.198] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8706b0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="VSSAPI.DLL") returned 0xa [0116.202] CoTaskMemFree (pv=0x552780) [0116.202] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0116.202] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8706b0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VSSAPI.DLL" (normalized: "c:\\windows\\system32\\vssapi.dll")) returned 0x1e [0116.207] CoTaskMemFree (pv=0x552f90) [0116.207] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff870690000, lpmodinfo=0x2340988, cb=0x18 | out: lpmodinfo=0x2340988*(lpBaseOfDll=0x7ff870690000, SizeOfImage=0x18000, EntryPoint=0x7ff870692000)) returned 1 [0116.211] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0116.211] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff870690000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="VssTrace.DLL") returned 0xc [0116.223] CoTaskMemFree (pv=0x54ef10) [0116.223] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0116.223] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff870690000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VssTrace.DLL" (normalized: "c:\\windows\\system32\\vsstrace.dll")) returned 0x20 [0116.228] CoTaskMemFree (pv=0x550f50) [0116.228] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875a10000, lpmodinfo=0x2342b40, cb=0x18 | out: lpmodinfo=0x2342b40*(lpBaseOfDll=0x7ff875a10000, SizeOfImage=0x19000, EntryPoint=0x7ff875a14520)) returned 1 [0116.233] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0116.233] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875a10000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="samcli.dll") returned 0xa [0116.238] CoTaskMemFree (pv=0x54ff30) [0116.238] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0116.238] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875a10000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")) returned 0x1e [0116.243] CoTaskMemFree (pv=0x54f720) [0116.243] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87aca0000, lpmodinfo=0x2344ce8, cb=0x18 | out: lpmodinfo=0x2344ce8*(lpBaseOfDll=0x7ff87aca0000, SizeOfImage=0x1c000, EntryPoint=0x7ff87aca37a0)) returned 1 [0116.248] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0116.248] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87aca0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="SAMLIB.dll") returned 0xa [0116.253] CoTaskMemFree (pv=0x54e700) [0116.253] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0116.253] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87aca0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SAMLIB.dll" (normalized: "c:\\windows\\system32\\samlib.dll")) returned 0x1e [0116.258] CoTaskMemFree (pv=0x551f70) [0116.258] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878580000, lpmodinfo=0x2346e90, cb=0x18 | out: lpmodinfo=0x2346e90*(lpBaseOfDll=0x7ff878580000, SizeOfImage=0x7a000, EntryPoint=0x7ff8785a7630)) returned 1 [0116.263] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0116.263] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878580000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="ES.DLL") returned 0x6 [0116.269] CoTaskMemFree (pv=0x5537a0) [0116.269] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0116.269] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878580000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ES.DLL" (normalized: "c:\\windows\\system32\\es.dll")) returned 0x1a [0116.274] CoTaskMemFree (pv=0x551760) [0116.274] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpmodinfo=0x2349028, cb=0x18 | out: lpmodinfo=0x2349028*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0116.279] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0116.279] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0116.284] CoTaskMemFree (pv=0x54e700) [0116.284] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0116.284] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0116.289] CoTaskMemFree (pv=0x551f70) [0116.289] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872f10000, lpmodinfo=0x234b1d0, cb=0x18 | out: lpmodinfo=0x234b1d0*(lpBaseOfDll=0x7ff872f10000, SizeOfImage=0x2f9000, EntryPoint=0x7ff872fd7280)) returned 1 [0116.294] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0116.294] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872f10000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="ESENT.dll") returned 0x9 [0116.301] CoTaskMemFree (pv=0x551f70) [0116.301] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0116.301] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872f10000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ESENT.dll" (normalized: "c:\\windows\\system32\\esent.dll")) returned 0x1d [0116.306] CoTaskMemFree (pv=0x551760) [0116.306] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874830000, lpmodinfo=0x234d378, cb=0x18 | out: lpmodinfo=0x234d378*(lpBaseOfDll=0x7ff874830000, SizeOfImage=0xa000, EntryPoint=0x7ff8748314c0)) returned 1 [0116.311] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0116.311] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874830000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0116.316] CoTaskMemFree (pv=0x54ff30) [0116.316] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0116.316] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874830000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0116.321] CoTaskMemFree (pv=0x551760) [0116.321] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875030000, lpmodinfo=0x234f530, cb=0x18 | out: lpmodinfo=0x234f530*(lpBaseOfDll=0x7ff875030000, SizeOfImage=0x4a000, EntryPoint=0x7ff875040100)) returned 1 [0116.326] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0116.326] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875030000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="dnsrslvr.dll") returned 0xc [0116.331] CoTaskMemFree (pv=0x5547c0) [0116.331] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0116.331] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875030000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dnsrslvr.dll" (normalized: "c:\\windows\\system32\\dnsrslvr.dll")) returned 0x20 [0116.338] CoTaskMemFree (pv=0x553fb0) [0116.338] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpmodinfo=0x23516e8, cb=0x18 | out: lpmodinfo=0x23516e8*(lpBaseOfDll=0x7ff874fc0000, SizeOfImage=0x67000, EntryPoint=0x7ff874fc63e0)) returned 1 [0116.343] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0116.343] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="Fwpuclnt.dll") returned 0xc [0116.353] CoTaskMemFree (pv=0x553fb0) [0116.353] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0116.357] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874fc0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0116.363] CoTaskMemFree (pv=0x550740) [0116.363] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875580000, lpmodinfo=0x23538a0, cb=0x18 | out: lpmodinfo=0x23538a0*(lpBaseOfDll=0x7ff875580000, SizeOfImage=0xa000, EntryPoint=0x7ff875581840)) returned 1 [0116.368] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0116.368] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875580000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="dnsext.dll") returned 0xa [0116.388] CoTaskMemFree (pv=0x54f720) [0116.389] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0116.389] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875580000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dnsext.dll" (normalized: "c:\\windows\\system32\\dnsext.dll")) returned 0x1e [0116.395] CoTaskMemFree (pv=0x5537a0) [0116.395] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878fc0000, lpmodinfo=0x2355a48, cb=0x18 | out: lpmodinfo=0x2355a48*(lpBaseOfDll=0x7ff878fc0000, SizeOfImage=0x29000, EntryPoint=0x7ff878fcca00)) returned 1 [0116.402] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0116.402] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878fc0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="Cabinet.dll") returned 0xb [0116.408] CoTaskMemFree (pv=0x54d6e0) [0116.408] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0116.408] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878fc0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")) returned 0x1f [0116.413] CoTaskMemFree (pv=0x54d6e0) [0116.413] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpmodinfo=0x2358008, cb=0x18 | out: lpmodinfo=0x2358008*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0116.418] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0116.418] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0116.424] CoTaskMemFree (pv=0x54ef10) [0116.424] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0116.424] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0116.430] CoTaskMemFree (pv=0x54ef10) [0116.430] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpmodinfo=0x235a1b0, cb=0x18 | out: lpmodinfo=0x235a1b0*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0116.435] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0116.435] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0116.441] CoTaskMemFree (pv=0x552780) [0116.441] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0116.441] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0116.447] CoTaskMemFree (pv=0x54f720) [0116.447] CloseHandle (hObject=0x25c) returned 1 [0116.448] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0116.448] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5a4) returned 0x25c [0116.448] EnumProcessModules (in: hProcess=0x25c, lphModule=0x235de70, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x235de70, lpcbNeeded=0x14ef68) returned 1 [0116.448] GetModuleInformation (in: hProcess=0x25c, hModule=0x990000, lpmodinfo=0x235e0e0, cb=0x18 | out: lpmodinfo=0x235e0e0*(lpBaseOfDll=0x990000, SizeOfImage=0x17000, EntryPoint=0x9914a1)) returned 1 [0116.449] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0116.449] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x990000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="coreftp.exe") returned 0xb [0116.449] CoTaskMemFree (pv=0x54d6e0) [0116.449] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0116.449] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x990000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Program Files\\Microsoft Office 15\\coreftp.exe" (normalized: "c:\\program files\\microsoft office 15\\coreftp.exe")) returned 0x30 [0116.450] CoTaskMemFree (pv=0x551760) [0116.450] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x23602e8, cb=0x18 | out: lpmodinfo=0x23602e8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0116.450] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0116.450] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0116.451] CoTaskMemFree (pv=0x5537a0) [0116.451] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0116.451] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0116.451] CoTaskMemFree (pv=0x551760) [0116.451] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2362490, cb=0x18 | out: lpmodinfo=0x2362490*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0116.452] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0116.452] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0116.452] CoTaskMemFree (pv=0x551760) [0116.452] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0116.452] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0116.453] CoTaskMemFree (pv=0x5547c0) [0116.453] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2364638, cb=0x18 | out: lpmodinfo=0x2364638*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0116.454] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0116.454] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0116.454] CoTaskMemFree (pv=0x551760) [0116.454] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0116.454] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0116.455] CoTaskMemFree (pv=0x552f90) [0116.455] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x23667f0, cb=0x18 | out: lpmodinfo=0x23667f0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0116.455] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0116.456] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0116.457] CoTaskMemFree (pv=0x54d6e0) [0116.457] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0116.457] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0116.457] CoTaskMemFree (pv=0x552780) [0116.457] CloseHandle (hObject=0x25c) returned 1 [0116.458] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0116.458] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10ac) returned 0x25c [0116.458] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2368fc8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2368fc8, lpcbNeeded=0x14ef68) returned 1 [0116.459] GetModuleInformation (in: hProcess=0x25c, hModule=0xa80000, lpmodinfo=0x2369238, cb=0x18 | out: lpmodinfo=0x2369238*(lpBaseOfDll=0xa80000, SizeOfImage=0x17000, EntryPoint=0xa814a1)) returned 1 [0116.459] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0116.459] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xa80000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="smartftp.exe") returned 0xc [0116.459] CoTaskMemFree (pv=0x54ef10) [0116.459] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.459] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xa80000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Portable Devices\\smartftp.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\smartftp.exe")) returned 0x3c [0116.460] CoTaskMemFree (pv=0x54def0) [0116.460] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x236b460, cb=0x18 | out: lpmodinfo=0x236b460*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0116.460] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0116.460] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0116.461] CoTaskMemFree (pv=0x552780) [0116.461] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.461] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0116.462] CoTaskMemFree (pv=0x54def0) [0116.462] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x236d608, cb=0x18 | out: lpmodinfo=0x236d608*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0116.462] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0116.462] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0116.463] CoTaskMemFree (pv=0x553fb0) [0116.463] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0116.463] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0116.463] CoTaskMemFree (pv=0x550740) [0116.463] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x236f7b0, cb=0x18 | out: lpmodinfo=0x236f7b0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0116.464] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0116.464] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0116.464] CoTaskMemFree (pv=0x553fb0) [0116.464] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.464] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0116.465] CoTaskMemFree (pv=0x54def0) [0116.465] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x2371968, cb=0x18 | out: lpmodinfo=0x2371968*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0116.467] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0116.467] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0116.468] CoTaskMemFree (pv=0x54ef10) [0116.468] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0116.468] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0116.468] CoTaskMemFree (pv=0x54d6e0) [0116.468] CloseHandle (hObject=0x25c) returned 1 [0116.469] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0116.469] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1c8) returned 0x0 [0116.469] EnumProcesses (in: lpidProcess=0x2374140, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x2374140, lpcbNeeded=0x14ee58) returned 1 [0116.476] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x14eab0, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0116.480] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1244) returned 0x25c [0116.480] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2374e50, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2374e50, lpcbNeeded=0x14ef68) returned 1 [0116.485] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff623080000, lpmodinfo=0x23750c0, cb=0x18 | out: lpmodinfo=0x23750c0*(lpBaseOfDll=0x7ff623080000, SizeOfImage=0x7000, EntryPoint=0x7ff623081460)) returned 1 [0116.485] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0116.485] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff623080000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="backgroundTaskHost.exe") returned 0x16 [0116.485] CoTaskMemFree (pv=0x54d6e0) [0116.486] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0116.486] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff623080000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\backgroundTaskHost.exe" (normalized: "c:\\windows\\system32\\backgroundtaskhost.exe")) returned 0x2a [0116.486] CoTaskMemFree (pv=0x553fb0) [0116.486] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x23772d0, cb=0x18 | out: lpmodinfo=0x23772d0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0116.486] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0116.486] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0116.487] CoTaskMemFree (pv=0x5537a0) [0116.487] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0116.487] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0116.487] CoTaskMemFree (pv=0x5537a0) [0116.487] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x2379478, cb=0x18 | out: lpmodinfo=0x2379478*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0116.488] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0116.488] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0116.488] CoTaskMemFree (pv=0x54ef10) [0116.488] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0116.489] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0116.489] CoTaskMemFree (pv=0x54ff30) [0116.489] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x237b630, cb=0x18 | out: lpmodinfo=0x237b630*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0116.490] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0116.490] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0116.490] CoTaskMemFree (pv=0x54d6e0) [0116.491] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0116.491] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0116.491] CoTaskMemFree (pv=0x553fb0) [0116.491] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x237d7e8, cb=0x18 | out: lpmodinfo=0x237d7e8*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0116.492] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.492] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0116.493] CoTaskMemFree (pv=0x54def0) [0116.493] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0116.493] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0116.494] CoTaskMemFree (pv=0x54ff30) [0116.494] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x237f9e8, cb=0x18 | out: lpmodinfo=0x237f9e8*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0116.494] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0116.494] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0116.495] CoTaskMemFree (pv=0x5537a0) [0116.495] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0116.495] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0116.496] CoTaskMemFree (pv=0x5537a0) [0116.496] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x2381b90, cb=0x18 | out: lpmodinfo=0x2381b90*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0116.497] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0116.497] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0116.498] CoTaskMemFree (pv=0x5547c0) [0116.498] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0116.498] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0116.498] CoTaskMemFree (pv=0x553fb0) [0116.499] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x2383d38, cb=0x18 | out: lpmodinfo=0x2383d38*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0116.500] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0116.500] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0116.502] CoTaskMemFree (pv=0x552780) [0116.502] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0116.502] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0116.503] CoTaskMemFree (pv=0x550740) [0116.503] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x2385f10, cb=0x18 | out: lpmodinfo=0x2385f10*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0116.503] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0116.504] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0116.505] CoTaskMemFree (pv=0x54ef10) [0116.505] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0116.505] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0116.506] CoTaskMemFree (pv=0x54ff30) [0116.506] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpmodinfo=0x2388170, cb=0x18 | out: lpmodinfo=0x2388170*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0116.507] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0116.507] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0116.508] CoTaskMemFree (pv=0x551760) [0116.508] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0116.508] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0116.509] CoTaskMemFree (pv=0x551f70) [0116.509] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x238a338, cb=0x18 | out: lpmodinfo=0x238a338*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0116.510] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.510] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0116.511] CoTaskMemFree (pv=0x54def0) [0116.511] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.511] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0116.512] CoTaskMemFree (pv=0x54def0) [0116.513] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x238c4e0, cb=0x18 | out: lpmodinfo=0x238c4e0*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0116.514] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0116.514] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0116.515] CoTaskMemFree (pv=0x552f90) [0116.515] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0116.515] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0116.516] CoTaskMemFree (pv=0x54ef10) [0116.516] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff876870000, lpmodinfo=0x238e688, cb=0x18 | out: lpmodinfo=0x238e688*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0116.517] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.517] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff876870000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="WinTypes.dll") returned 0xc [0116.519] CoTaskMemFree (pv=0x54def0) [0116.519] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0116.519] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff876870000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0116.520] CoTaskMemFree (pv=0x552780) [0116.520] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x2390840, cb=0x18 | out: lpmodinfo=0x2390840*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0116.522] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0116.522] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0116.523] CoTaskMemFree (pv=0x552780) [0116.523] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0116.523] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0116.524] CoTaskMemFree (pv=0x551f70) [0116.524] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x23929e8, cb=0x18 | out: lpmodinfo=0x23929e8*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0116.526] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0116.526] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0116.527] CoTaskMemFree (pv=0x54ef10) [0116.527] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0116.527] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0116.529] CoTaskMemFree (pv=0x54f720) [0116.529] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x2394b90, cb=0x18 | out: lpmodinfo=0x2394b90*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0116.530] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0116.530] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0116.532] CoTaskMemFree (pv=0x550740) [0116.532] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0116.532] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0116.533] CoTaskMemFree (pv=0x54e700) [0116.533] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpmodinfo=0x2396d38, cb=0x18 | out: lpmodinfo=0x2396d38*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0116.535] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0116.535] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0116.538] CoTaskMemFree (pv=0x54ef10) [0116.538] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0116.538] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0116.540] CoTaskMemFree (pv=0x54f720) [0116.540] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff877aa0000, lpmodinfo=0x2398ff8, cb=0x18 | out: lpmodinfo=0x2398ff8*(lpBaseOfDll=0x7ff877aa0000, SizeOfImage=0x10e000, EntryPoint=0x7ff877aeeaa0)) returned 1 [0116.541] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0116.541] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff877aa0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="mrmcorer.dll") returned 0xc [0116.543] CoTaskMemFree (pv=0x54ff30) [0116.543] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0116.543] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff877aa0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mrmcorer.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")) returned 0x20 [0116.545] CoTaskMemFree (pv=0x552780) [0116.545] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x239b1b0, cb=0x18 | out: lpmodinfo=0x239b1b0*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0116.546] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0116.546] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0116.548] CoTaskMemFree (pv=0x54f720) [0116.548] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0116.548] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0116.550] CoTaskMemFree (pv=0x552f90) [0116.550] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8779f0000, lpmodinfo=0x239d358, cb=0x18 | out: lpmodinfo=0x239d358*(lpBaseOfDll=0x7ff8779f0000, SizeOfImage=0xa9000, EntryPoint=0x7ff877a19010)) returned 1 [0116.552] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0116.552] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8779f0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="Windows.UI.dll") returned 0xe [0116.554] CoTaskMemFree (pv=0x54d6e0) [0116.554] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.554] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8779f0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll")) returned 0x22 [0116.556] CoTaskMemFree (pv=0x54def0) [0116.556] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879c90000, lpmodinfo=0x239f510, cb=0x18 | out: lpmodinfo=0x239f510*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0116.558] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0116.558] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0116.560] CoTaskMemFree (pv=0x551f70) [0116.560] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0116.560] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0116.562] CoTaskMemFree (pv=0x550f50) [0116.562] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a130000, lpmodinfo=0x23a16c8, cb=0x18 | out: lpmodinfo=0x23a16c8*(lpBaseOfDll=0x7ff87a130000, SizeOfImage=0x67000, EntryPoint=0x7ff87a14e710)) returned 1 [0116.564] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0116.564] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a130000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="Bcp47Langs.dll") returned 0xe [0116.566] CoTaskMemFree (pv=0x551f70) [0116.566] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0116.566] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a130000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Bcp47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")) returned 0x22 [0116.568] CoTaskMemFree (pv=0x550740) [0116.568] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87af40000, lpmodinfo=0x23a3880, cb=0x18 | out: lpmodinfo=0x23a3880*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0116.570] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0116.570] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0116.572] CoTaskMemFree (pv=0x551f70) [0116.572] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0116.572] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0116.574] CoTaskMemFree (pv=0x54ff30) [0116.574] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878e40000, lpmodinfo=0x23a5a28, cb=0x18 | out: lpmodinfo=0x23a5a28*(lpBaseOfDll=0x7ff878e40000, SizeOfImage=0x33000, EntryPoint=0x7ff878e4d5a0)) returned 1 [0116.576] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0116.576] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878e40000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="biwinrt.dll") returned 0xb [0116.578] CoTaskMemFree (pv=0x553fb0) [0116.578] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0116.578] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878e40000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\biwinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll")) returned 0x1f [0116.581] CoTaskMemFree (pv=0x551f70) [0116.581] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861d10000, lpmodinfo=0x23a7bd0, cb=0x18 | out: lpmodinfo=0x23a7bd0*(lpBaseOfDll=0x7ff861d10000, SizeOfImage=0x335000, EntryPoint=0x7ff861e642a4)) returned 1 [0116.583] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0116.583] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861d10000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="CallsCore.dll") returned 0xd [0116.585] CoTaskMemFree (pv=0x550f50) [0116.585] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0116.585] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861d10000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe\\CallsCore.dll" (normalized: "c:\\program files\\windowsapps\\microsoft.commsphone_1.10.15000.0_x64__8wekyb3d8bbwe\\callscore.dll")) returned 0x5f [0116.588] CoTaskMemFree (pv=0x553fb0) [0116.588] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861cb0000, lpmodinfo=0x23a9e00, cb=0x18 | out: lpmodinfo=0x23a9e00*(lpBaseOfDll=0x7ff861cb0000, SizeOfImage=0x5e000, EntryPoint=0x7ff861cda050)) returned 1 [0116.590] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0116.590] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861cb0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="vccorlib140_app.DLL") returned 0x13 [0116.593] CoTaskMemFree (pv=0x551f70) [0116.593] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0116.593] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861cb0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\vccorlib140_app.DLL" (normalized: "c:\\program files\\windowsapps\\microsoft.vclibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\vccorlib140_app.dll")) returned 0x68 [0116.595] CoTaskMemFree (pv=0x550740) [0116.595] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x23ac050, cb=0x18 | out: lpmodinfo=0x23ac050*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0116.597] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0116.597] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0116.602] CoTaskMemFree (pv=0x552780) [0116.602] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0116.602] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0116.604] CoTaskMemFree (pv=0x54f720) [0116.604] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861c10000, lpmodinfo=0x23ae208, cb=0x18 | out: lpmodinfo=0x23ae208*(lpBaseOfDll=0x7ff861c10000, SizeOfImage=0x98000, EntryPoint=0x7ff861c59390)) returned 1 [0116.606] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0116.606] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861c10000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="MSVCP140_APP.dll") returned 0x10 [0116.610] CoTaskMemFree (pv=0x553fb0) [0116.610] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.610] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861c10000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\MSVCP140_APP.dll" (normalized: "c:\\program files\\windowsapps\\microsoft.vclibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\msvcp140_app.dll")) returned 0x65 [0116.613] CoTaskMemFree (pv=0x54def0) [0116.613] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861bc0000, lpmodinfo=0x23b0450, cb=0x18 | out: lpmodinfo=0x23b0450*(lpBaseOfDll=0x7ff861bc0000, SizeOfImage=0x4c000, EntryPoint=0x7ff861bea8c0)) returned 1 [0116.615] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0116.615] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861bc0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="CONCRT140_APP.dll") returned 0x11 [0116.617] CoTaskMemFree (pv=0x551760) [0116.617] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0116.617] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861bc0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\CONCRT140_APP.dll" (normalized: "c:\\program files\\windowsapps\\microsoft.vclibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\concrt140_app.dll")) returned 0x66 [0116.620] CoTaskMemFree (pv=0x5537a0) [0116.620] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861ba0000, lpmodinfo=0x23b2698, cb=0x18 | out: lpmodinfo=0x23b2698*(lpBaseOfDll=0x7ff861ba0000, SizeOfImage=0x17000, EntryPoint=0x7ff861babed0)) returned 1 [0116.623] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0116.623] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861ba0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="VCRUNTIME140_APP.dll") returned 0x14 [0116.625] CoTaskMemFree (pv=0x551f70) [0116.625] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0116.625] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861ba0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\VCRUNTIME140_APP.dll" (normalized: "c:\\program files\\windowsapps\\microsoft.vclibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\vcruntime140_app.dll")) returned 0x69 [0116.628] CoTaskMemFree (pv=0x551760) [0116.628] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b760000, lpmodinfo=0x23b48f0, cb=0x18 | out: lpmodinfo=0x23b48f0*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0116.631] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0116.631] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0116.633] CoTaskMemFree (pv=0x550f50) [0116.633] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.633] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b760000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0116.636] CoTaskMemFree (pv=0x54def0) [0116.636] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861b40000, lpmodinfo=0x23b6aa8, cb=0x18 | out: lpmodinfo=0x23b6aa8*(lpBaseOfDll=0x7ff861b40000, SizeOfImage=0x5e000, EntryPoint=0x7ff861b75110)) returned 1 [0116.639] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0116.639] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861b40000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="CallsPresenters.dll") returned 0x13 [0116.642] CoTaskMemFree (pv=0x54f720) [0116.642] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0116.642] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861b40000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe\\CallsPresenters.dll" (normalized: "c:\\program files\\windowsapps\\microsoft.commsphone_1.10.15000.0_x64__8wekyb3d8bbwe\\callspresenters.dll")) returned 0x65 [0116.645] CoTaskMemFree (pv=0x54d6e0) [0116.645] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpmodinfo=0x23b8cf0, cb=0x18 | out: lpmodinfo=0x23b8cf0*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0116.648] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0116.648] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0116.651] CoTaskMemFree (pv=0x54ff30) [0116.651] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0116.651] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0116.653] CoTaskMemFree (pv=0x551760) [0116.653] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875720000, lpmodinfo=0x23bb0b0, cb=0x18 | out: lpmodinfo=0x23bb0b0*(lpBaseOfDll=0x7ff875720000, SizeOfImage=0x4c000, EntryPoint=0x7ff8757540d0)) returned 1 [0116.657] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.657] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875720000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="PhoneUtil.dll") returned 0xd [0116.660] CoTaskMemFree (pv=0x54def0) [0116.660] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0116.660] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875720000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PhoneUtil.dll" (normalized: "c:\\windows\\system32\\phoneutil.dll")) returned 0x21 [0116.663] CoTaskMemFree (pv=0x54f720) [0116.663] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8640f0000, lpmodinfo=0x23bd268, cb=0x18 | out: lpmodinfo=0x23bd268*(lpBaseOfDll=0x7ff8640f0000, SizeOfImage=0x11000, EntryPoint=0x7ff8640f7400)) returned 1 [0116.666] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.666] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8640f0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="UserDataLanguageUtil.dll") returned 0x18 [0116.669] CoTaskMemFree (pv=0x54def0) [0116.669] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0116.669] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8640f0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UserDataLanguageUtil.dll" (normalized: "c:\\windows\\system32\\userdatalanguageutil.dll")) returned 0x2c [0116.672] CoTaskMemFree (pv=0x54ef10) [0116.672] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861b10000, lpmodinfo=0x23bf450, cb=0x18 | out: lpmodinfo=0x23bf450*(lpBaseOfDll=0x7ff861b10000, SizeOfImage=0x2c000, EntryPoint=0x7ff861b115c0)) returned 1 [0116.675] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0116.675] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861b10000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="CallHistoryClient.dll") returned 0x15 [0116.678] CoTaskMemFree (pv=0x54d6e0) [0116.678] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0116.678] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861b10000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CallHistoryClient.dll" (normalized: "c:\\windows\\system32\\callhistoryclient.dll")) returned 0x29 [0116.683] CoTaskMemFree (pv=0x550740) [0116.683] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861ab0000, lpmodinfo=0x23c1628, cb=0x18 | out: lpmodinfo=0x23c1628*(lpBaseOfDll=0x7ff861ab0000, SizeOfImage=0x5d000, EntryPoint=0x7ff861ab1b20)) returned 1 [0116.686] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0116.686] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861ab0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="PhoneOm.dll") returned 0xb [0116.689] CoTaskMemFree (pv=0x54e700) [0116.689] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0116.689] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861ab0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PhoneOm.dll" (normalized: "c:\\windows\\system32\\phoneom.dll")) returned 0x1f [0116.692] CoTaskMemFree (pv=0x5547c0) [0116.692] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861a10000, lpmodinfo=0x23c37d0, cb=0x18 | out: lpmodinfo=0x23c37d0*(lpBaseOfDll=0x7ff861a10000, SizeOfImage=0x94000, EntryPoint=0x7ff861a770d0)) returned 1 [0116.695] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0116.695] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861a10000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="XAudio2_9.dll") returned 0xd [0116.698] CoTaskMemFree (pv=0x54f720) [0116.699] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.699] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861a10000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\XAudio2_9.dll" (normalized: "c:\\windows\\system32\\xaudio2_9.dll")) returned 0x21 [0116.703] CoTaskMemFree (pv=0x54def0) [0116.703] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875770000, lpmodinfo=0x23c5988, cb=0x18 | out: lpmodinfo=0x23c5988*(lpBaseOfDll=0x7ff875770000, SizeOfImage=0x16000, EntryPoint=0x7ff875779f30)) returned 1 [0116.706] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0116.706] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875770000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="UserDataPlatformHelperUtil.dll") returned 0x1e [0116.712] CoTaskMemFree (pv=0x5537a0) [0116.712] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.712] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875770000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UserDataPlatformHelperUtil.dll" (normalized: "c:\\windows\\system32\\userdataplatformhelperutil.dll")) returned 0x32 [0116.715] CoTaskMemFree (pv=0x54def0) [0116.715] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875590000, lpmodinfo=0x23c7b80, cb=0x18 | out: lpmodinfo=0x23c7b80*(lpBaseOfDll=0x7ff875590000, SizeOfImage=0x11000, EntryPoint=0x7ff8755973f0)) returned 1 [0116.719] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0116.719] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875590000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="UserDataTypeHelperUtil.dll") returned 0x1a [0116.722] CoTaskMemFree (pv=0x550740) [0116.722] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0116.722] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875590000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UserDataTypeHelperUtil.dll" (normalized: "c:\\windows\\system32\\userdatatypehelperutil.dll")) returned 0x2e [0116.726] CoTaskMemFree (pv=0x5537a0) [0116.726] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878090000, lpmodinfo=0x23c9d68, cb=0x18 | out: lpmodinfo=0x23c9d68*(lpBaseOfDll=0x7ff878090000, SizeOfImage=0x70000, EntryPoint=0x7ff8780b2960)) returned 1 [0116.729] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0116.729] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878090000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="MMDevAPI.DLL") returned 0xc [0116.732] CoTaskMemFree (pv=0x552f90) [0116.733] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0116.733] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878090000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MMDevAPI.DLL" (normalized: "c:\\windows\\system32\\mmdevapi.dll")) returned 0x20 [0116.736] CoTaskMemFree (pv=0x54ff30) [0116.736] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879830000, lpmodinfo=0x23cbf20, cb=0x18 | out: lpmodinfo=0x23cbf20*(lpBaseOfDll=0x7ff879830000, SizeOfImage=0xb000, EntryPoint=0x7ff879831650)) returned 1 [0116.739] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0116.739] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879830000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="AVRT.dll") returned 0x8 [0116.743] CoTaskMemFree (pv=0x5547c0) [0116.743] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0116.743] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879830000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\AVRT.dll" (normalized: "c:\\windows\\system32\\avrt.dll")) returned 0x1c [0116.746] CoTaskMemFree (pv=0x54d6e0) [0116.746] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpmodinfo=0x23ce0c8, cb=0x18 | out: lpmodinfo=0x23ce0c8*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0116.750] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0116.750] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0116.758] CoTaskMemFree (pv=0x54f720) [0116.758] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0116.758] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87afe0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0116.763] CoTaskMemFree (pv=0x54f720) [0116.763] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x23d0270, cb=0x18 | out: lpmodinfo=0x23d0270*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0116.766] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0116.766] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0116.770] CoTaskMemFree (pv=0x5547c0) [0116.770] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0116.770] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0116.775] CoTaskMemFree (pv=0x5547c0) [0116.775] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpmodinfo=0x23d2428, cb=0x18 | out: lpmodinfo=0x23d2428*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0116.787] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0116.787] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0116.791] CoTaskMemFree (pv=0x54ef10) [0116.791] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0116.791] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ab10000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0116.795] CoTaskMemFree (pv=0x54d6e0) [0116.795] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c060000, lpmodinfo=0x23d45d0, cb=0x18 | out: lpmodinfo=0x23d45d0*(lpBaseOfDll=0x7ff86c060000, SizeOfImage=0x55000, EntryPoint=0x7ff86c071250)) returned 1 [0116.800] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0116.800] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c060000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="Windows.Storage.ApplicationData.dll") returned 0x23 [0116.804] CoTaskMemFree (pv=0x550f50) [0116.804] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0116.804] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c060000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll" (normalized: "c:\\windows\\system32\\windows.storage.applicationdata.dll")) returned 0x37 [0116.808] CoTaskMemFree (pv=0x54e700) [0116.808] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c760000, lpmodinfo=0x23d67d8, cb=0x18 | out: lpmodinfo=0x23d67d8*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0116.812] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0116.812] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0116.816] CoTaskMemFree (pv=0x5537a0) [0116.816] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.816] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0116.820] CoTaskMemFree (pv=0x54def0) [0116.820] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x23d89a0, cb=0x18 | out: lpmodinfo=0x23d89a0*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0116.824] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0116.824] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0116.828] CoTaskMemFree (pv=0x551f70) [0116.828] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0116.828] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0116.833] CoTaskMemFree (pv=0x550740) [0116.833] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x23dab58, cb=0x18 | out: lpmodinfo=0x23dab58*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0116.838] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0116.838] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0116.842] CoTaskMemFree (pv=0x5547c0) [0116.842] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0116.842] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0116.846] CoTaskMemFree (pv=0x552f90) [0116.846] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpmodinfo=0x23dcd10, cb=0x18 | out: lpmodinfo=0x23dcd10*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0116.851] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0116.851] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0116.855] CoTaskMemFree (pv=0x550f50) [0116.855] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0116.855] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0116.859] CoTaskMemFree (pv=0x550f50) [0116.859] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff872970000, lpmodinfo=0x23deeb8, cb=0x18 | out: lpmodinfo=0x23deeb8*(lpBaseOfDll=0x7ff872970000, SizeOfImage=0x9c000, EntryPoint=0x7ff8729c96a0)) returned 1 [0116.863] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0116.863] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff872970000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="efswrt.dll") returned 0xa [0116.868] CoTaskMemFree (pv=0x552780) [0116.868] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0116.868] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff872970000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\efswrt.dll" (normalized: "c:\\windows\\system32\\efswrt.dll")) returned 0x1e [0116.872] CoTaskMemFree (pv=0x5537a0) [0116.872] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86dea0000, lpmodinfo=0x23e1060, cb=0x18 | out: lpmodinfo=0x23e1060*(lpBaseOfDll=0x7ff86dea0000, SizeOfImage=0x50000, EntryPoint=0x7ff86dea2580)) returned 1 [0116.877] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0116.877] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86dea0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="edputil.dll") returned 0xb [0116.881] CoTaskMemFree (pv=0x550f50) [0116.881] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0116.881] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86dea0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll")) returned 0x1f [0116.885] CoTaskMemFree (pv=0x54ef10) [0116.885] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86c250000, lpmodinfo=0x23e3208, cb=0x18 | out: lpmodinfo=0x23e3208*(lpBaseOfDll=0x7ff86c250000, SizeOfImage=0x38000, EntryPoint=0x7ff86c272120)) returned 1 [0116.890] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0116.890] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86c250000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="rometadata.dll") returned 0xe [0116.894] CoTaskMemFree (pv=0x54f720) [0116.894] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0116.894] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86c250000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rometadata.dll" (normalized: "c:\\windows\\system32\\rometadata.dll")) returned 0x22 [0116.900] CoTaskMemFree (pv=0x552f90) [0116.901] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878510000, lpmodinfo=0x23e53c0, cb=0x18 | out: lpmodinfo=0x23e53c0*(lpBaseOfDll=0x7ff878510000, SizeOfImage=0x3e000, EntryPoint=0x7ff87851a050)) returned 1 [0116.905] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0116.905] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878510000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="logoncli.dll") returned 0xc [0116.911] CoTaskMemFree (pv=0x5547c0) [0116.911] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0116.911] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878510000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")) returned 0x20 [0116.915] CoTaskMemFree (pv=0x551760) [0116.915] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86b0b0000, lpmodinfo=0x23e7578, cb=0x18 | out: lpmodinfo=0x23e7578*(lpBaseOfDll=0x7ff86b0b0000, SizeOfImage=0xc5000, EntryPoint=0x7ff86b0be740)) returned 1 [0116.920] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.920] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86b0b0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="Windows.Web.dll") returned 0xf [0116.924] CoTaskMemFree (pv=0x54def0) [0116.924] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0116.924] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86b0b0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Web.dll" (normalized: "c:\\windows\\system32\\windows.web.dll")) returned 0x23 [0116.929] CoTaskMemFree (pv=0x54f720) [0116.929] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpmodinfo=0x23e9730, cb=0x18 | out: lpmodinfo=0x23e9730*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0116.934] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0116.934] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0116.938] CoTaskMemFree (pv=0x551f70) [0116.938] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0116.938] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8764e0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0116.943] CoTaskMemFree (pv=0x5537a0) [0116.943] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861920000, lpmodinfo=0x23eb8e8, cb=0x18 | out: lpmodinfo=0x23eb8e8*(lpBaseOfDll=0x7ff861920000, SizeOfImage=0xea000, EntryPoint=0x7ff86193e6d0)) returned 1 [0116.948] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0116.948] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861920000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="ContactApis.dll") returned 0xf [0116.953] CoTaskMemFree (pv=0x54ff30) [0116.954] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0116.954] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861920000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ContactApis.dll" (normalized: "c:\\windows\\system32\\contactapis.dll")) returned 0x23 [0116.958] CoTaskMemFree (pv=0x551760) [0116.958] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff861900000, lpmodinfo=0x23edaa0, cb=0x18 | out: lpmodinfo=0x23edaa0*(lpBaseOfDll=0x7ff861900000, SizeOfImage=0x13000, EntryPoint=0x7ff8619013a0)) returned 1 [0116.963] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0116.963] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff861900000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="ContactActivation.dll") returned 0x15 [0116.968] CoTaskMemFree (pv=0x54ff30) [0116.968] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0116.968] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff861900000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ContactActivation.dll" (normalized: "c:\\windows\\system32\\contactactivation.dll")) returned 0x29 [0116.973] CoTaskMemFree (pv=0x54d6e0) [0116.973] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ae30000, lpmodinfo=0x23efc78, cb=0x18 | out: lpmodinfo=0x23efc78*(lpBaseOfDll=0x7ff87ae30000, SizeOfImage=0xc000, EntryPoint=0x7ff87ae31470)) returned 1 [0116.978] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0116.978] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ae30000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="dsclient.dll") returned 0xc [0116.984] CoTaskMemFree (pv=0x551760) [0116.984] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0116.984] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ae30000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dsclient.dll" (normalized: "c:\\windows\\system32\\dsclient.dll")) returned 0x20 [0116.989] CoTaskMemFree (pv=0x54f720) [0116.989] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff86f460000, lpmodinfo=0x23f1e30, cb=0x18 | out: lpmodinfo=0x23f1e30*(lpBaseOfDll=0x7ff86f460000, SizeOfImage=0xb000, EntryPoint=0x7ff86f461e70)) returned 1 [0116.994] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0116.994] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff86f460000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="SystemEventsBrokerClient.dll") returned 0x1c [0116.999] CoTaskMemFree (pv=0x550f50) [0116.999] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0116.999] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff86f460000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\systemeventsbrokerclient.dll")) returned 0x30 [0117.005] CoTaskMemFree (pv=0x54def0) [0117.005] CloseHandle (hObject=0x25c) returned 1 [0117.005] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0117.005] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc8c) returned 0x25c [0117.006] EnumProcessModules (in: hProcess=0x25c, lphModule=0x23f58d8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23f58d8, lpcbNeeded=0x14ef68) returned 1 [0117.006] GetModuleInformation (in: hProcess=0x25c, hModule=0xac0000, lpmodinfo=0x23f5b48, cb=0x18 | out: lpmodinfo=0x23f5b48*(lpBaseOfDll=0xac0000, SizeOfImage=0x17000, EntryPoint=0xac14a1)) returned 1 [0117.007] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.007] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xac0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="card.exe") returned 0x8 [0117.007] CoTaskMemFree (pv=0x54e700) [0117.007] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0117.007] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xac0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\MSBuild\\card.exe" (normalized: "c:\\program files (x86)\\msbuild\\card.exe")) returned 0x27 [0117.007] CoTaskMemFree (pv=0x5547c0) [0117.007] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x23f7d38, cb=0x18 | out: lpmodinfo=0x23f7d38*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0117.008] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.008] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0117.008] CoTaskMemFree (pv=0x54ff30) [0117.008] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.008] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0117.009] CoTaskMemFree (pv=0x54ef10) [0117.009] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x23f9ee0, cb=0x18 | out: lpmodinfo=0x23f9ee0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0117.009] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.009] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0117.010] CoTaskMemFree (pv=0x550740) [0117.010] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0117.010] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0117.010] CoTaskMemFree (pv=0x5537a0) [0117.011] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x23fc088, cb=0x18 | out: lpmodinfo=0x23fc088*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0117.011] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0117.011] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0117.012] CoTaskMemFree (pv=0x552f90) [0117.012] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.012] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0117.013] CoTaskMemFree (pv=0x551f70) [0117.013] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x23fe240, cb=0x18 | out: lpmodinfo=0x23fe240*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0117.013] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.013] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0117.014] CoTaskMemFree (pv=0x54ff30) [0117.014] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.014] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0117.015] CoTaskMemFree (pv=0x54def0) [0117.015] CloseHandle (hObject=0x25c) returned 1 [0117.015] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0117.015] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1064) returned 0x25c [0117.015] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2400a18, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2400a18, lpcbNeeded=0x14ef68) returned 1 [0117.016] GetModuleInformation (in: hProcess=0x25c, hModule=0xbc0000, lpmodinfo=0x2400c88, cb=0x18 | out: lpmodinfo=0x2400c88*(lpBaseOfDll=0xbc0000, SizeOfImage=0x17000, EntryPoint=0xbc14a1)) returned 1 [0117.016] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0117.016] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xbc0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="notepad.exe") returned 0xb [0117.017] CoTaskMemFree (pv=0x552f90) [0117.017] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0117.017] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xbc0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Office\\notepad.exe" (normalized: "c:\\program files (x86)\\microsoft office\\notepad.exe")) returned 0x33 [0117.017] CoTaskMemFree (pv=0x54f720) [0117.017] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2402e90, cb=0x18 | out: lpmodinfo=0x2402e90*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0117.018] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.018] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0117.018] CoTaskMemFree (pv=0x54ff30) [0117.018] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0117.018] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0117.019] CoTaskMemFree (pv=0x553fb0) [0117.019] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x2405038, cb=0x18 | out: lpmodinfo=0x2405038*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0117.019] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0117.019] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0117.020] CoTaskMemFree (pv=0x553fb0) [0117.020] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.020] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0117.020] CoTaskMemFree (pv=0x551f70) [0117.020] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x24071e0, cb=0x18 | out: lpmodinfo=0x24071e0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0117.021] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.021] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0117.022] CoTaskMemFree (pv=0x552780) [0117.022] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.022] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0117.022] CoTaskMemFree (pv=0x551f70) [0117.022] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x2409398, cb=0x18 | out: lpmodinfo=0x2409398*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0117.023] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0117.023] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0117.024] CoTaskMemFree (pv=0x550f50) [0117.024] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.024] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0117.024] CoTaskMemFree (pv=0x552780) [0117.024] CloseHandle (hObject=0x25c) returned 1 [0117.025] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0117.025] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4d8) returned 0x25c [0117.025] EnumProcessModules (in: hProcess=0x25c, lphModule=0x240bb70, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x240bb70, lpcbNeeded=0x14ef68) returned 1 [0117.026] GetModuleInformation (in: hProcess=0x25c, hModule=0x1e0000, lpmodinfo=0x240bde0, cb=0x18 | out: lpmodinfo=0x240bde0*(lpBaseOfDll=0x1e0000, SizeOfImage=0x17000, EntryPoint=0x1e14a1)) returned 1 [0117.026] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0117.026] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x1e0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="hit-make.exe") returned 0xc [0117.026] CoTaskMemFree (pv=0x550f50) [0117.026] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0117.026] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x1e0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Reference Assemblies\\hit-make.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\hit-make.exe")) returned 0x38 [0117.027] CoTaskMemFree (pv=0x552f90) [0117.027] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x240e000, cb=0x18 | out: lpmodinfo=0x240e000*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0117.027] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.027] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0117.028] CoTaskMemFree (pv=0x54e700) [0117.028] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.028] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0117.029] CoTaskMemFree (pv=0x54d6e0) [0117.029] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x24101a8, cb=0x18 | out: lpmodinfo=0x24101a8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0117.029] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.029] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0117.030] CoTaskMemFree (pv=0x54ef10) [0117.030] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0117.030] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0117.031] CoTaskMemFree (pv=0x552f90) [0117.031] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x2412350, cb=0x18 | out: lpmodinfo=0x2412350*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0117.031] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0117.031] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0117.032] CoTaskMemFree (pv=0x553fb0) [0117.032] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.032] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0117.032] CoTaskMemFree (pv=0x550740) [0117.032] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x2414508, cb=0x18 | out: lpmodinfo=0x2414508*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0117.033] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0117.034] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0117.034] CoTaskMemFree (pv=0x550f50) [0117.034] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.034] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0117.035] CoTaskMemFree (pv=0x551760) [0117.035] CloseHandle (hObject=0x25c) returned 1 [0117.035] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0117.035] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe10) returned 0x25c [0117.036] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2416ce0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2416ce0, lpcbNeeded=0x14ef68) returned 1 [0117.036] GetModuleInformation (in: hProcess=0x25c, hModule=0xb80000, lpmodinfo=0x2416f50, cb=0x18 | out: lpmodinfo=0x2416f50*(lpBaseOfDll=0xb80000, SizeOfImage=0x17000, EntryPoint=0xb814a1)) returned 1 [0117.037] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0117.037] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xb80000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="recognize.exe") returned 0xd [0117.037] CoTaskMemFree (pv=0x550f50) [0117.037] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.037] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xb80000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Multimedia Platform\\recognize.exe" (normalized: "c:\\program files\\windows multimedia platform\\recognize.exe")) returned 0x3a [0117.037] CoTaskMemFree (pv=0x54ff30) [0117.038] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x2419170, cb=0x18 | out: lpmodinfo=0x2419170*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0117.038] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.038] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0117.038] CoTaskMemFree (pv=0x550740) [0117.038] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.038] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0117.039] CoTaskMemFree (pv=0x54ff30) [0117.039] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x241b318, cb=0x18 | out: lpmodinfo=0x241b318*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0117.039] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.040] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0117.040] CoTaskMemFree (pv=0x54ef10) [0117.040] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.040] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0117.041] CoTaskMemFree (pv=0x551760) [0117.041] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x241d4c0, cb=0x18 | out: lpmodinfo=0x241d4c0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0117.041] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.041] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0117.042] CoTaskMemFree (pv=0x54d6e0) [0117.042] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0117.042] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0117.042] CoTaskMemFree (pv=0x5537a0) [0117.042] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x241f678, cb=0x18 | out: lpmodinfo=0x241f678*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0117.043] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.043] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0117.044] CoTaskMemFree (pv=0x551760) [0117.044] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0117.044] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0117.045] CoTaskMemFree (pv=0x54f720) [0117.045] CloseHandle (hObject=0x25c) returned 1 [0117.045] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0117.045] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x598) returned 0x25c [0117.045] EnumProcessModules (in: hProcess=0x25c, lphModule=0x2421e50, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2421e50, lpcbNeeded=0x14ef68) returned 1 [0117.050] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff764dc0000, lpmodinfo=0x24220c0, cb=0x18 | out: lpmodinfo=0x24220c0*(lpBaseOfDll=0x7ff764dc0000, SizeOfImage=0x16000, EntryPoint=0x7ff764dc5190)) returned 1 [0117.050] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.050] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff764dc0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="sihost.exe") returned 0xa [0117.050] CoTaskMemFree (pv=0x550740) [0117.050] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0117.050] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff764dc0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sihost.exe" (normalized: "c:\\windows\\system32\\sihost.exe")) returned 0x1e [0117.051] CoTaskMemFree (pv=0x54f720) [0117.051] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x24242a0, cb=0x18 | out: lpmodinfo=0x24242a0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0117.051] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.051] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0117.053] CoTaskMemFree (pv=0x552780) [0117.053] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0117.053] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0117.053] CoTaskMemFree (pv=0x552f90) [0117.053] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f640000, lpmodinfo=0x2426448, cb=0x18 | out: lpmodinfo=0x2426448*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0117.054] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.054] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0117.054] CoTaskMemFree (pv=0x54def0) [0117.054] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.054] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f640000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0117.055] CoTaskMemFree (pv=0x551f70) [0117.055] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpmodinfo=0x2428600, cb=0x18 | out: lpmodinfo=0x2428600*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0117.056] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0117.056] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0117.056] CoTaskMemFree (pv=0x5537a0) [0117.056] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0117.056] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ce40000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0117.057] CoTaskMemFree (pv=0x5547c0) [0117.057] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpmodinfo=0x242a7b8, cb=0x18 | out: lpmodinfo=0x242a7b8*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0117.058] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.058] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0117.058] CoTaskMemFree (pv=0x551f70) [0117.058] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.058] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fde0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0117.059] CoTaskMemFree (pv=0x54e700) [0117.059] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpmodinfo=0x242c9b8, cb=0x18 | out: lpmodinfo=0x242c9b8*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0117.060] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.060] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0117.061] CoTaskMemFree (pv=0x552780) [0117.061] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.061] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f6f0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0117.061] CoTaskMemFree (pv=0x54def0) [0117.062] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpmodinfo=0x242eb60, cb=0x18 | out: lpmodinfo=0x242eb60*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0117.062] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0117.062] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0117.063] CoTaskMemFree (pv=0x5547c0) [0117.063] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.063] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fe80000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0117.064] CoTaskMemFree (pv=0x54e700) [0117.064] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d030000, lpmodinfo=0x2430d08, cb=0x18 | out: lpmodinfo=0x2430d08*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0117.065] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.065] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0117.066] CoTaskMemFree (pv=0x54ff30) [0117.066] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.066] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d030000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0117.067] CoTaskMemFree (pv=0x54d6e0) [0117.067] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f970000, lpmodinfo=0x2432ee0, cb=0x18 | out: lpmodinfo=0x2432ee0*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0117.068] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.068] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0117.069] CoTaskMemFree (pv=0x552780) [0117.069] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.069] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f970000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0117.070] CoTaskMemFree (pv=0x54ef10) [0117.070] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpmodinfo=0x2435120, cb=0x18 | out: lpmodinfo=0x2435120*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0117.071] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.071] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0117.072] CoTaskMemFree (pv=0x550740) [0117.072] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.072] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fd30000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0117.073] CoTaskMemFree (pv=0x54e700) [0117.073] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpmodinfo=0x24372d8, cb=0x18 | out: lpmodinfo=0x24372d8*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0117.074] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.074] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0117.076] CoTaskMemFree (pv=0x54e700) [0117.076] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.076] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bab0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0117.077] CoTaskMemFree (pv=0x551f70) [0117.077] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpmodinfo=0x2439480, cb=0x18 | out: lpmodinfo=0x2439480*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0117.078] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.078] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="CoreMessaging.dll") returned 0x11 [0117.079] CoTaskMemFree (pv=0x551f70) [0117.079] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.079] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a5e0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0117.081] CoTaskMemFree (pv=0x54def0) [0117.081] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874220000, lpmodinfo=0x243b648, cb=0x18 | out: lpmodinfo=0x243b648*(lpBaseOfDll=0x7ff874220000, SizeOfImage=0x288000, EntryPoint=0x7ff87427f670)) returned 1 [0117.082] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0117.082] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874220000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="CoreUIComponents.dll") returned 0x14 [0117.083] CoTaskMemFree (pv=0x5547c0) [0117.083] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0117.083] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874220000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll")) returned 0x28 [0117.085] CoTaskMemFree (pv=0x550f50) [0117.085] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c640000, lpmodinfo=0x243d820, cb=0x18 | out: lpmodinfo=0x243d820*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0117.086] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.086] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0117.088] CoTaskMemFree (pv=0x551760) [0117.088] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.088] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c640000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0117.089] CoTaskMemFree (pv=0x551f70) [0117.089] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpmodinfo=0x243f9e8, cb=0x18 | out: lpmodinfo=0x243f9e8*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0117.091] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.091] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0117.092] CoTaskMemFree (pv=0x550740) [0117.092] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.092] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ed60000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0117.094] CoTaskMemFree (pv=0x551760) [0117.094] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpmodinfo=0x2441b90, cb=0x18 | out: lpmodinfo=0x2441b90*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0117.095] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.095] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0117.097] CoTaskMemFree (pv=0x54d6e0) [0117.097] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.097] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f3e0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0117.099] CoTaskMemFree (pv=0x54d6e0) [0117.099] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c650000, lpmodinfo=0x2443d38, cb=0x18 | out: lpmodinfo=0x2443d38*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0117.100] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.100] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0117.102] CoTaskMemFree (pv=0x54def0) [0117.102] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0117.102] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c650000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0117.104] CoTaskMemFree (pv=0x5537a0) [0117.104] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff876870000, lpmodinfo=0x2445ff8, cb=0x18 | out: lpmodinfo=0x2445ff8*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0117.105] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.105] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff876870000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0117.107] CoTaskMemFree (pv=0x54ff30) [0117.107] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.107] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff876870000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0117.112] CoTaskMemFree (pv=0x54def0) [0117.112] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpmodinfo=0x24481b0, cb=0x18 | out: lpmodinfo=0x24481b0*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0117.114] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.114] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0117.116] CoTaskMemFree (pv=0x54e700) [0117.116] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.116] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d4f0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0117.118] CoTaskMemFree (pv=0x54e700) [0117.118] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpmodinfo=0x244a358, cb=0x18 | out: lpmodinfo=0x244a358*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0117.119] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.119] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0117.121] CoTaskMemFree (pv=0x550740) [0117.121] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.122] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87f9d0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0117.123] CoTaskMemFree (pv=0x54ff30) [0117.123] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874200000, lpmodinfo=0x244c500, cb=0x18 | out: lpmodinfo=0x244c500*(lpBaseOfDll=0x7ff874200000, SizeOfImage=0x1e000, EntryPoint=0x7ff874205340)) returned 1 [0117.196] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0117.196] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874200000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="desktopshellext.dll") returned 0x13 [0117.198] CoTaskMemFree (pv=0x553fb0) [0117.198] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0117.198] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874200000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\desktopshellext.dll" (normalized: "c:\\windows\\system32\\desktopshellext.dll")) returned 0x27 [0117.200] CoTaskMemFree (pv=0x552f90) [0117.200] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8741e0000, lpmodinfo=0x244e6c8, cb=0x18 | out: lpmodinfo=0x244e6c8*(lpBaseOfDll=0x7ff8741e0000, SizeOfImage=0x12000, EntryPoint=0x7ff8741e5110)) returned 1 [0117.202] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0117.202] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8741e0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="Windows.Shell.ServiceHostBuilder.dll") returned 0x24 [0117.204] CoTaskMemFree (pv=0x550f50) [0117.204] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.204] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8741e0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Shell.ServiceHostBuilder.dll" (normalized: "c:\\windows\\system32\\windows.shell.servicehostbuilder.dll")) returned 0x38 [0117.206] CoTaskMemFree (pv=0x54e700) [0117.206] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff879c90000, lpmodinfo=0x24508e0, cb=0x18 | out: lpmodinfo=0x24508e0*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0117.208] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.208] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0117.258] CoTaskMemFree (pv=0x551760) [0117.259] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.259] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff879c90000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0117.261] CoTaskMemFree (pv=0x551f70) [0117.261] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874100000, lpmodinfo=0x2452a98, cb=0x18 | out: lpmodinfo=0x2452a98*(lpBaseOfDll=0x7ff874100000, SizeOfImage=0xda000, EntryPoint=0x7ff8741503b0)) returned 1 [0117.263] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0117.263] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874100000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="modernexecserver.dll") returned 0x14 [0117.265] CoTaskMemFree (pv=0x552f90) [0117.265] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.266] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874100000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\modernexecserver.dll" (normalized: "c:\\windows\\system32\\modernexecserver.dll")) returned 0x28 [0117.268] CoTaskMemFree (pv=0x54d6e0) [0117.268] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpmodinfo=0x2454c70, cb=0x18 | out: lpmodinfo=0x2454c70*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0117.270] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.270] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0117.272] CoTaskMemFree (pv=0x552780) [0117.285] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0117.285] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fa80000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0117.288] CoTaskMemFree (pv=0x552f90) [0117.288] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpmodinfo=0x2456e28, cb=0x18 | out: lpmodinfo=0x2456e28*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0117.295] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.295] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0117.297] CoTaskMemFree (pv=0x54ef10) [0117.297] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0117.297] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5f0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0117.299] CoTaskMemFree (pv=0x550f50) [0117.299] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b380000, lpmodinfo=0x2458fe0, cb=0x18 | out: lpmodinfo=0x2458fe0*(lpBaseOfDll=0x7ff87b380000, SizeOfImage=0x2a000, EntryPoint=0x7ff87b388b90)) returned 1 [0117.302] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.302] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b380000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="RMCLIENT.dll") returned 0xc [0117.305] CoTaskMemFree (pv=0x54ff30) [0117.305] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0117.305] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b380000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RMCLIENT.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")) returned 0x20 [0117.307] CoTaskMemFree (pv=0x54f720) [0117.307] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8740b0000, lpmodinfo=0x245b198, cb=0x18 | out: lpmodinfo=0x245b198*(lpBaseOfDll=0x7ff8740b0000, SizeOfImage=0x4b000, EntryPoint=0x7ff8740c7b70)) returned 1 [0117.310] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.310] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8740b0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="VEEventDispatcher.dll") returned 0x15 [0117.313] CoTaskMemFree (pv=0x54e700) [0117.313] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.313] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8740b0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll")) returned 0x29 [0117.316] CoTaskMemFree (pv=0x551f70) [0117.316] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpmodinfo=0x245d370, cb=0x18 | out: lpmodinfo=0x245d370*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0117.318] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0117.318] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0117.321] CoTaskMemFree (pv=0x5537a0) [0117.321] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.321] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87b0e0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0117.324] CoTaskMemFree (pv=0x551760) [0117.324] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff878e80000, lpmodinfo=0x245f538, cb=0x18 | out: lpmodinfo=0x245f538*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0117.327] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.327] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff878e80000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0117.335] CoTaskMemFree (pv=0x54e700) [0117.335] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.335] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff878e80000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0117.338] CoTaskMemFree (pv=0x551f70) [0117.338] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c450000, lpmodinfo=0x2272508, cb=0x18 | out: lpmodinfo=0x2272508*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0117.340] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.340] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0117.343] CoTaskMemFree (pv=0x551f70) [0117.343] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.343] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c450000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0117.346] CoTaskMemFree (pv=0x551760) [0117.346] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87af40000, lpmodinfo=0x22746b0, cb=0x18 | out: lpmodinfo=0x22746b0*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0117.349] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.349] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0117.351] CoTaskMemFree (pv=0x54ff30) [0117.352] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.352] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87af40000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0117.355] CoTaskMemFree (pv=0x551760) [0117.355] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874070000, lpmodinfo=0x2276858, cb=0x18 | out: lpmodinfo=0x2276858*(lpBaseOfDll=0x7ff874070000, SizeOfImage=0x31000, EntryPoint=0x7ff874073400)) returned 1 [0117.358] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0117.358] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874070000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="ClipboardServer.dll") returned 0x13 [0117.364] CoTaskMemFree (pv=0x5547c0) [0117.364] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0117.364] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874070000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ClipboardServer.dll" (normalized: "c:\\windows\\system32\\clipboardserver.dll")) returned 0x27 [0117.367] CoTaskMemFree (pv=0x553fb0) [0117.367] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff874010000, lpmodinfo=0x2278c38, cb=0x18 | out: lpmodinfo=0x2278c38*(lpBaseOfDll=0x7ff874010000, SizeOfImage=0x5d000, EntryPoint=0x7ff874020080)) returned 1 [0117.370] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0117.370] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff874010000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="activationmanager.dll") returned 0x15 [0117.386] CoTaskMemFree (pv=0x553fb0) [0117.387] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.387] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff874010000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\activationmanager.dll" (normalized: "c:\\windows\\system32\\activationmanager.dll")) returned 0x29 [0117.390] CoTaskMemFree (pv=0x550740) [0117.390] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873fe0000, lpmodinfo=0x227ae10, cb=0x18 | out: lpmodinfo=0x227ae10*(lpBaseOfDll=0x7ff873fe0000, SizeOfImage=0x23000, EntryPoint=0x7ff873fe3020)) returned 1 [0117.393] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0117.393] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873fe0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="AppointmentActivation.dll") returned 0x19 [0117.396] CoTaskMemFree (pv=0x54f720) [0117.396] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0117.396] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873fe0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\AppointmentActivation.dll" (normalized: "c:\\windows\\system32\\appointmentactivation.dll")) returned 0x2d [0117.399] CoTaskMemFree (pv=0x5537a0) [0117.399] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpmodinfo=0x227cff8, cb=0x18 | out: lpmodinfo=0x227cff8*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0117.402] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.402] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0117.406] CoTaskMemFree (pv=0x54d6e0) [0117.406] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.406] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87d3a0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0117.409] CoTaskMemFree (pv=0x54d6e0) [0117.409] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875080000, lpmodinfo=0x227f1a0, cb=0x18 | out: lpmodinfo=0x227f1a0*(lpBaseOfDll=0x7ff875080000, SizeOfImage=0x41000, EntryPoint=0x7ff875084840)) returned 1 [0117.412] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.412] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875080000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="usermgrproxy.dll") returned 0x10 [0117.416] CoTaskMemFree (pv=0x54ef10) [0117.416] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.417] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875080000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\usermgrproxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")) returned 0x24 [0117.420] CoTaskMemFree (pv=0x54ef10) [0117.420] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff875b40000, lpmodinfo=0x2281368, cb=0x18 | out: lpmodinfo=0x2281368*(lpBaseOfDll=0x7ff875b40000, SizeOfImage=0x10000, EntryPoint=0x7ff875b42c60)) returned 1 [0117.423] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.423] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff875b40000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="usermgrcli.dll") returned 0xe [0117.427] CoTaskMemFree (pv=0x552780) [0117.427] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0117.429] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff875b40000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")) returned 0x22 [0117.433] CoTaskMemFree (pv=0x54f720) [0117.433] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873f90000, lpmodinfo=0x2283520, cb=0x18 | out: lpmodinfo=0x2283520*(lpBaseOfDll=0x7ff873f90000, SizeOfImage=0x44000, EntryPoint=0x7ff873f9c010)) returned 1 [0117.436] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.436] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873f90000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="ExecModelClient.dll") returned 0x13 [0117.440] CoTaskMemFree (pv=0x54d6e0) [0117.440] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.440] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873f90000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")) returned 0x27 [0117.443] CoTaskMemFree (pv=0x551760) [0117.443] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873f80000, lpmodinfo=0x22856e8, cb=0x18 | out: lpmodinfo=0x22856e8*(lpBaseOfDll=0x7ff873f80000, SizeOfImage=0xe000, EntryPoint=0x7ff873f82690)) returned 1 [0117.446] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0117.446] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873f80000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="NotificationPlatformComponent.dll") returned 0x21 [0117.450] CoTaskMemFree (pv=0x5537a0) [0117.450] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.450] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873f80000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NotificationPlatformComponent.dll" (normalized: "c:\\windows\\system32\\notificationplatformcomponent.dll")) returned 0x35 [0117.454] CoTaskMemFree (pv=0x551760) [0117.454] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873ee0000, lpmodinfo=0x22878f0, cb=0x18 | out: lpmodinfo=0x22878f0*(lpBaseOfDll=0x7ff873ee0000, SizeOfImage=0x97000, EntryPoint=0x7ff873ef4fd0)) returned 1 [0117.458] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.458] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873ee0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="AppContracts.dll") returned 0x10 [0117.462] CoTaskMemFree (pv=0x551760) [0117.462] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0117.462] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873ee0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\AppContracts.dll" (normalized: "c:\\windows\\system32\\appcontracts.dll")) returned 0x24 [0117.465] CoTaskMemFree (pv=0x5547c0) [0117.465] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873e30000, lpmodinfo=0x2289ab8, cb=0x18 | out: lpmodinfo=0x2289ab8*(lpBaseOfDll=0x7ff873e30000, SizeOfImage=0xa2000, EntryPoint=0x7ff873e32b20)) returned 1 [0117.469] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.469] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873e30000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="ShareHost.dll") returned 0xd [0117.473] CoTaskMemFree (pv=0x551760) [0117.473] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0117.473] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873e30000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ShareHost.dll" (normalized: "c:\\windows\\system32\\sharehost.dll")) returned 0x21 [0117.477] CoTaskMemFree (pv=0x552f90) [0117.477] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpmodinfo=0x228bc70, cb=0x18 | out: lpmodinfo=0x228bc70*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0117.480] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.480] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0117.484] CoTaskMemFree (pv=0x54d6e0) [0117.484] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.484] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87fb50000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0117.488] CoTaskMemFree (pv=0x552780) [0117.488] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c760000, lpmodinfo=0x228de18, cb=0x18 | out: lpmodinfo=0x228de18*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0117.492] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.492] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="Windows.Storage.dll") returned 0x13 [0117.496] CoTaskMemFree (pv=0x54ef10) [0117.496] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.496] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c760000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Windows.Storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0117.500] CoTaskMemFree (pv=0x54def0) [0117.500] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c710000, lpmodinfo=0x228ffe0, cb=0x18 | out: lpmodinfo=0x228ffe0*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0117.503] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.503] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0117.507] CoTaskMemFree (pv=0x552780) [0117.507] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.507] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c710000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0117.511] CoTaskMemFree (pv=0x54def0) [0117.511] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpmodinfo=0x2292198, cb=0x18 | out: lpmodinfo=0x2292198*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0117.515] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0117.515] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0117.519] CoTaskMemFree (pv=0x553fb0) [0117.519] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.519] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c5d0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0117.524] CoTaskMemFree (pv=0x550740) [0117.524] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873e20000, lpmodinfo=0x2294340, cb=0x18 | out: lpmodinfo=0x2294340*(lpBaseOfDll=0x7ff873e20000, SizeOfImage=0x9000, EntryPoint=0x7ff873e21480)) returned 1 [0117.529] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0117.529] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873e20000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="WpPortingLibrary.dll") returned 0x14 [0117.533] CoTaskMemFree (pv=0x553fb0) [0117.533] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.533] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873e20000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll")) returned 0x28 [0117.543] CoTaskMemFree (pv=0x54def0) [0117.543] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873bc0000, lpmodinfo=0x2296518, cb=0x18 | out: lpmodinfo=0x2296518*(lpBaseOfDll=0x7ff873bc0000, SizeOfImage=0x25d000, EntryPoint=0x7ff873c48610)) returned 1 [0117.548] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.548] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873bc0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="twinui.appcore.dll") returned 0x12 [0117.552] CoTaskMemFree (pv=0x54ef10) [0117.552] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.552] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873bc0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll")) returned 0x26 [0117.556] CoTaskMemFree (pv=0x54d6e0) [0117.556] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873b20000, lpmodinfo=0x22986e0, cb=0x18 | out: lpmodinfo=0x22986e0*(lpBaseOfDll=0x7ff873b20000, SizeOfImage=0x15000, EntryPoint=0x7ff873b21ab0)) returned 1 [0117.561] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.561] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873b20000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="execmodelproxy.dll") returned 0x12 [0117.565] CoTaskMemFree (pv=0x54d6e0) [0117.565] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0117.565] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873b20000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll")) returned 0x26 [0117.569] CoTaskMemFree (pv=0x553fb0) [0117.569] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpmodinfo=0x229a8a8, cb=0x18 | out: lpmodinfo=0x229a8a8*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0117.578] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0117.578] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0117.583] CoTaskMemFree (pv=0x5537a0) [0117.583] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0117.583] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bf40000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0117.587] CoTaskMemFree (pv=0x5537a0) [0117.587] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpmodinfo=0x229ca50, cb=0x18 | out: lpmodinfo=0x229ca50*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0117.591] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.591] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0117.596] CoTaskMemFree (pv=0x54ef10) [0117.596] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.596] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87bbd0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0117.600] CoTaskMemFree (pv=0x54ff30) [0117.600] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87c060000, lpmodinfo=0x229ebf8, cb=0x18 | out: lpmodinfo=0x229ebf8*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0117.605] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.605] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0117.611] CoTaskMemFree (pv=0x54d6e0) [0117.611] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0117.611] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87c060000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0117.615] CoTaskMemFree (pv=0x553fb0) [0117.615] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873b00000, lpmodinfo=0x22a0db0, cb=0x18 | out: lpmodinfo=0x22a0db0*(lpBaseOfDll=0x7ff873b00000, SizeOfImage=0x11000, EntryPoint=0x7ff873b05e90)) returned 1 [0117.620] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.620] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873b00000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="licensemanagerapi.dll") returned 0x15 [0117.624] CoTaskMemFree (pv=0x54def0) [0117.624] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.624] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873b00000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\licensemanagerapi.dll" (normalized: "c:\\windows\\system32\\licensemanagerapi.dll")) returned 0x29 [0117.630] CoTaskMemFree (pv=0x54ff30) [0117.630] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff8736c0000, lpmodinfo=0x22a2f88, cb=0x18 | out: lpmodinfo=0x22a2f88*(lpBaseOfDll=0x7ff8736c0000, SizeOfImage=0x2a3000, EntryPoint=0x7ff8736e6190)) returned 1 [0117.634] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0117.634] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff8736c0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="Windows.StateRepository.dll") returned 0x1b [0117.639] CoTaskMemFree (pv=0x5537a0) [0117.639] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0117.639] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff8736c0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")) returned 0x2f [0117.644] CoTaskMemFree (pv=0x5537a0) [0117.644] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff873620000, lpmodinfo=0x22a5170, cb=0x18 | out: lpmodinfo=0x22a5170*(lpBaseOfDll=0x7ff873620000, SizeOfImage=0x94000, EntryPoint=0x7ff873659210)) returned 1 [0117.648] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0117.648] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff873620000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="StateRepository.Core.dll") returned 0x18 [0117.653] CoTaskMemFree (pv=0x5547c0) [0117.653] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0117.653] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff873620000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")) returned 0x2c [0117.657] CoTaskMemFree (pv=0x553fb0) [0117.657] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87a590000, lpmodinfo=0x22a7358, cb=0x18 | out: lpmodinfo=0x22a7358*(lpBaseOfDll=0x7ff87a590000, SizeOfImage=0x22000, EntryPoint=0x7ff87a591a40)) returned 1 [0117.662] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.662] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87a590000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0117.667] CoTaskMemFree (pv=0x552780) [0117.667] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.667] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87a590000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0117.672] CoTaskMemFree (pv=0x550740) [0117.672] CloseHandle (hObject=0x25c) returned 1 [0117.673] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0117.673] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x105c) returned 0x25c [0117.673] EnumProcessModules (in: hProcess=0x25c, lphModule=0x22aac50, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22aac50, lpcbNeeded=0x14ef68) returned 1 [0117.674] GetModuleInformation (in: hProcess=0x25c, hModule=0x9f0000, lpmodinfo=0x22aaec0, cb=0x18 | out: lpmodinfo=0x22aaec0*(lpBaseOfDll=0x9f0000, SizeOfImage=0x17000, EntryPoint=0x9f14a1)) returned 1 [0117.674] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.674] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x9f0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="ncftp.exe") returned 0x9 [0117.674] CoTaskMemFree (pv=0x54ef10) [0117.674] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.674] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x9f0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Sidebar\\ncftp.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\ncftp.exe")) returned 0x30 [0117.675] CoTaskMemFree (pv=0x54ff30) [0117.675] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x22ad0c8, cb=0x18 | out: lpmodinfo=0x22ad0c8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0117.675] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.675] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0117.676] CoTaskMemFree (pv=0x551760) [0117.676] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.676] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0117.676] CoTaskMemFree (pv=0x551f70) [0117.676] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x22af270, cb=0x18 | out: lpmodinfo=0x22af270*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0117.678] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.678] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0117.678] CoTaskMemFree (pv=0x54def0) [0117.678] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.678] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0117.679] CoTaskMemFree (pv=0x54def0) [0117.679] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x22b1418, cb=0x18 | out: lpmodinfo=0x22b1418*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0117.680] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0117.680] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0117.680] CoTaskMemFree (pv=0x552f90) [0117.681] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.681] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0117.681] CoTaskMemFree (pv=0x54ef10) [0117.681] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x22b35d0, cb=0x18 | out: lpmodinfo=0x22b35d0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0117.682] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.682] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0117.683] CoTaskMemFree (pv=0x54def0) [0117.683] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.683] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0117.683] CoTaskMemFree (pv=0x552780) [0117.683] CloseHandle (hObject=0x25c) returned 1 [0117.684] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0117.684] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1bc) returned 0x0 [0117.684] EnumProcesses (in: lpidProcess=0x22b5da8, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x22b5da8, lpcbNeeded=0x14ee58) returned 1 [0117.685] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x14eab0, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0117.688] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x111c) returned 0x25c [0117.688] EnumProcessModules (in: hProcess=0x25c, lphModule=0x22b6ab8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22b6ab8, lpcbNeeded=0x14ef68) returned 1 [0117.688] GetModuleInformation (in: hProcess=0x25c, hModule=0x120000, lpmodinfo=0x22b6d28, cb=0x18 | out: lpmodinfo=0x22b6d28*(lpBaseOfDll=0x120000, SizeOfImage=0x17000, EntryPoint=0x1214a1)) returned 1 [0117.689] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.689] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x120000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="aldelo.exe") returned 0xa [0117.689] CoTaskMemFree (pv=0x552780) [0117.689] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.689] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x120000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Defender\\aldelo.exe" (normalized: "c:\\program files (x86)\\windows defender\\aldelo.exe")) returned 0x32 [0117.690] CoTaskMemFree (pv=0x551f70) [0117.690] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x22b8f30, cb=0x18 | out: lpmodinfo=0x22b8f30*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0117.690] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.690] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0117.691] CoTaskMemFree (pv=0x54ef10) [0117.691] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0117.691] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0117.691] CoTaskMemFree (pv=0x54f720) [0117.691] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x22bb0d8, cb=0x18 | out: lpmodinfo=0x22bb0d8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0117.692] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.692] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0117.692] CoTaskMemFree (pv=0x550740) [0117.692] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.692] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0117.693] CoTaskMemFree (pv=0x54e700) [0117.693] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x22bd280, cb=0x18 | out: lpmodinfo=0x22bd280*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0117.694] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.694] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0117.694] CoTaskMemFree (pv=0x54ef10) [0117.694] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0117.694] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0117.695] CoTaskMemFree (pv=0x54f720) [0117.695] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x22bf438, cb=0x18 | out: lpmodinfo=0x22bf438*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0117.695] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.695] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0117.696] CoTaskMemFree (pv=0x54ff30) [0117.696] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.696] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0117.697] CoTaskMemFree (pv=0x552780) [0117.697] CloseHandle (hObject=0x25c) returned 1 [0117.697] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0117.697] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x654) returned 0x25c [0117.698] EnumProcessModules (in: hProcess=0x25c, lphModule=0x22c1c10, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22c1c10, lpcbNeeded=0x14ef68) returned 1 [0117.698] GetModuleInformation (in: hProcess=0x25c, hModule=0xde0000, lpmodinfo=0x22c1e80, cb=0x18 | out: lpmodinfo=0x22c1e80*(lpBaseOfDll=0xde0000, SizeOfImage=0x17000, EntryPoint=0xde14a1)) returned 1 [0117.699] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0117.699] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0xde0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="support.exe") returned 0xb [0117.699] CoTaskMemFree (pv=0x54f720) [0117.699] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0117.699] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0xde0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows NT\\support.exe" (normalized: "c:\\program files (x86)\\windows nt\\support.exe")) returned 0x2d [0117.700] CoTaskMemFree (pv=0x552f90) [0117.700] GetModuleInformation (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpmodinfo=0x22c4080, cb=0x18 | out: lpmodinfo=0x22c4080*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0117.700] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.700] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0117.701] CoTaskMemFree (pv=0x54d6e0) [0117.701] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.701] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x7ff87ffa0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0117.701] CoTaskMemFree (pv=0x54def0) [0117.701] GetModuleInformation (in: hProcess=0x25c, hModule=0x66350000, lpmodinfo=0x22c6228, cb=0x18 | out: lpmodinfo=0x22c6228*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0117.702] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.702] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x66350000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0117.702] CoTaskMemFree (pv=0x551f70) [0117.702] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0117.702] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x66350000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0117.703] CoTaskMemFree (pv=0x550f50) [0117.703] GetModuleInformation (in: hProcess=0x25c, hModule=0x662d0000, lpmodinfo=0x22c83d0, cb=0x18 | out: lpmodinfo=0x22c83d0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0117.703] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.704] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x662d0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0117.704] CoTaskMemFree (pv=0x551f70) [0117.704] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.705] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x662d0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0117.705] CoTaskMemFree (pv=0x550740) [0117.705] GetModuleInformation (in: hProcess=0x25c, hModule=0x663a0000, lpmodinfo=0x22ca588, cb=0x18 | out: lpmodinfo=0x22ca588*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0117.706] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.706] GetModuleBaseNameW (in: hProcess=0x25c, hModule=0x663a0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0117.707] CoTaskMemFree (pv=0x551f70) [0117.707] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.707] GetModuleFileNameExW (in: hProcess=0x25c, hModule=0x663a0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0117.707] CoTaskMemFree (pv=0x54ff30) [0117.707] CloseHandle (hObject=0x25c) returned 1 [0117.708] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0117.708] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x7e8) returned 0x0 [0117.708] EnumProcesses (in: lpidProcess=0x22ccd60, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x22ccd60, lpcbNeeded=0x14ee58) returned 1 [0117.735] EtwEventRegister () returned 0x0 [0117.737] EtwEventSetInformation () returned 0x0 [0117.766] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11dc) returned 0x268 [0117.766] EnumProcessModules (in: hProcess=0x268, lphModule=0x22d0a10, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22d0a10, lpcbNeeded=0x14ef68) returned 1 [0117.767] GetModuleInformation (in: hProcess=0x268, hModule=0xf80000, lpmodinfo=0x22d0c80, cb=0x18 | out: lpmodinfo=0x22d0c80*(lpBaseOfDll=0xf80000, SizeOfImage=0x17000, EntryPoint=0xf814a1)) returned 1 [0117.767] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0117.767] GetModuleBaseNameW (in: hProcess=0x268, hModule=0xf80000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="action.exe") returned 0xa [0117.768] CoTaskMemFree (pv=0x550f50) [0117.768] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0117.768] GetModuleFileNameExW (in: hProcess=0x268, hModule=0xf80000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Mail\\action.exe" (normalized: "c:\\program files (x86)\\windows mail\\action.exe")) returned 0x2e [0117.768] CoTaskMemFree (pv=0x550f50) [0117.768] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x22d2e80, cb=0x18 | out: lpmodinfo=0x22d2e80*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0117.768] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.769] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0117.769] CoTaskMemFree (pv=0x552780) [0117.769] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0117.769] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0117.770] CoTaskMemFree (pv=0x5537a0) [0117.770] GetModuleInformation (in: hProcess=0x268, hModule=0x66350000, lpmodinfo=0x22d5028, cb=0x18 | out: lpmodinfo=0x22d5028*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0117.770] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0117.770] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x66350000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0117.771] CoTaskMemFree (pv=0x550f50) [0117.771] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.771] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x66350000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0117.771] CoTaskMemFree (pv=0x54ef10) [0117.771] GetModuleInformation (in: hProcess=0x268, hModule=0x662d0000, lpmodinfo=0x22d71d0, cb=0x18 | out: lpmodinfo=0x22d71d0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0117.772] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0117.772] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x662d0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0117.773] CoTaskMemFree (pv=0x54f720) [0117.773] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0117.773] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x662d0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0117.773] CoTaskMemFree (pv=0x552f90) [0117.773] GetModuleInformation (in: hProcess=0x268, hModule=0x663a0000, lpmodinfo=0x22d9388, cb=0x18 | out: lpmodinfo=0x22d9388*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0117.774] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0117.774] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x663a0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0117.775] CoTaskMemFree (pv=0x5547c0) [0117.775] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.775] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x663a0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0117.776] CoTaskMemFree (pv=0x551760) [0117.776] CloseHandle (hObject=0x268) returned 1 [0117.776] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0117.776] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc78) returned 0x268 [0117.776] EnumProcessModules (in: hProcess=0x268, lphModule=0x22dbb60, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22dbb60, lpcbNeeded=0x14ef68) returned 1 [0117.777] GetModuleInformation (in: hProcess=0x268, hModule=0xd70000, lpmodinfo=0x22dbdd0, cb=0x18 | out: lpmodinfo=0x22dbdd0*(lpBaseOfDll=0xd70000, SizeOfImage=0x17000, EntryPoint=0xd714a1)) returned 1 [0117.777] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.777] GetModuleBaseNameW (in: hProcess=0x268, hModule=0xd70000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="millionperform.exe") returned 0x12 [0117.777] CoTaskMemFree (pv=0x54def0) [0117.778] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0117.778] GetModuleFileNameExW (in: hProcess=0x268, hModule=0xd70000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft.NET\\millionperform.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\millionperform.exe")) returned 0x37 [0117.778] CoTaskMemFree (pv=0x54f720) [0117.778] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x22ddff0, cb=0x18 | out: lpmodinfo=0x22ddff0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0117.778] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.778] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0117.779] CoTaskMemFree (pv=0x551f70) [0117.779] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0117.779] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0117.779] CoTaskMemFree (pv=0x5537a0) [0117.779] GetModuleInformation (in: hProcess=0x268, hModule=0x66350000, lpmodinfo=0x22e0198, cb=0x18 | out: lpmodinfo=0x22e0198*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0117.780] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.780] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x66350000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0117.780] CoTaskMemFree (pv=0x54ff30) [0117.780] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.780] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x66350000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0117.781] CoTaskMemFree (pv=0x551760) [0117.781] GetModuleInformation (in: hProcess=0x268, hModule=0x662d0000, lpmodinfo=0x22e2340, cb=0x18 | out: lpmodinfo=0x22e2340*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0117.781] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.782] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x662d0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0117.782] CoTaskMemFree (pv=0x54ff30) [0117.782] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.782] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x662d0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0117.783] CoTaskMemFree (pv=0x54d6e0) [0117.783] GetModuleInformation (in: hProcess=0x268, hModule=0x663a0000, lpmodinfo=0x22e44f8, cb=0x18 | out: lpmodinfo=0x22e44f8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0117.783] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.783] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x663a0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0117.784] CoTaskMemFree (pv=0x551760) [0117.784] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0117.784] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x663a0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0117.785] CoTaskMemFree (pv=0x54f720) [0117.785] CloseHandle (hObject=0x268) returned 1 [0117.785] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0117.785] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd3c) returned 0x268 [0117.785] EnumProcessModules (in: hProcess=0x268, lphModule=0x22e6cd0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22e6cd0, lpcbNeeded=0x14ef68) returned 1 [0117.786] GetModuleInformation (in: hProcess=0x268, hModule=0xc90000, lpmodinfo=0x22e6f40, cb=0x18 | out: lpmodinfo=0x22e6f40*(lpBaseOfDll=0xc90000, SizeOfImage=0x17000, EntryPoint=0xc914a1)) returned 1 [0117.787] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0117.787] GetModuleBaseNameW (in: hProcess=0x268, hModule=0xc90000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="becauseotherpower.exe") returned 0x15 [0117.787] CoTaskMemFree (pv=0x550f50) [0117.787] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.787] GetModuleFileNameExW (in: hProcess=0x268, hModule=0xc90000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\becauseotherpower.exe" (normalized: "c:\\program files\\common files\\becauseotherpower.exe")) returned 0x33 [0117.788] CoTaskMemFree (pv=0x54def0) [0117.788] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x22e9160, cb=0x18 | out: lpmodinfo=0x22e9160*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0117.788] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.788] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0117.789] CoTaskMemFree (pv=0x54e700) [0117.789] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0117.789] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0117.789] CoTaskMemFree (pv=0x5547c0) [0117.789] GetModuleInformation (in: hProcess=0x268, hModule=0x66350000, lpmodinfo=0x22eb308, cb=0x18 | out: lpmodinfo=0x22eb308*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0117.790] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.790] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x66350000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0117.790] CoTaskMemFree (pv=0x54ff30) [0117.790] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.790] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x66350000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0117.791] CoTaskMemFree (pv=0x54ef10) [0117.791] GetModuleInformation (in: hProcess=0x268, hModule=0x662d0000, lpmodinfo=0x22ed4b0, cb=0x18 | out: lpmodinfo=0x22ed4b0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0117.791] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.791] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x662d0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0117.792] CoTaskMemFree (pv=0x550740) [0117.792] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0117.792] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x662d0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0117.793] CoTaskMemFree (pv=0x5537a0) [0117.793] GetModuleInformation (in: hProcess=0x268, hModule=0x663a0000, lpmodinfo=0x22ef668, cb=0x18 | out: lpmodinfo=0x22ef668*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0117.794] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0117.794] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x663a0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0117.794] CoTaskMemFree (pv=0x552f90) [0117.794] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.795] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x663a0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0117.795] CoTaskMemFree (pv=0x551f70) [0117.795] CloseHandle (hObject=0x268) returned 1 [0117.796] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0117.796] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1114) returned 0x268 [0117.796] EnumProcessModules (in: hProcess=0x268, lphModule=0x22f1e40, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22f1e40, lpcbNeeded=0x14ef68) returned 1 [0117.796] GetModuleInformation (in: hProcess=0x268, hModule=0x950000, lpmodinfo=0x22f20b0, cb=0x18 | out: lpmodinfo=0x22f20b0*(lpBaseOfDll=0x950000, SizeOfImage=0x17000, EntryPoint=0x9514a1)) returned 1 [0117.797] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.797] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x950000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="afr38.exe") returned 0x9 [0117.798] CoTaskMemFree (pv=0x54ff30) [0117.798] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.798] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x950000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\afr38.exe" (normalized: "c:\\program files\\common files\\afr38.exe")) returned 0x27 [0117.798] CoTaskMemFree (pv=0x54def0) [0117.798] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x22f42a0, cb=0x18 | out: lpmodinfo=0x22f42a0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0117.798] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0117.798] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0117.799] CoTaskMemFree (pv=0x552f90) [0117.799] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0117.799] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0117.799] CoTaskMemFree (pv=0x54f720) [0117.799] GetModuleInformation (in: hProcess=0x268, hModule=0x66350000, lpmodinfo=0x22f6448, cb=0x18 | out: lpmodinfo=0x22f6448*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0117.800] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.800] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x66350000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0117.800] CoTaskMemFree (pv=0x54ff30) [0117.800] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0117.801] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x66350000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0117.801] CoTaskMemFree (pv=0x553fb0) [0117.801] GetModuleInformation (in: hProcess=0x268, hModule=0x662d0000, lpmodinfo=0x22f85f0, cb=0x18 | out: lpmodinfo=0x22f85f0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0117.802] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0117.802] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x662d0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0117.802] CoTaskMemFree (pv=0x553fb0) [0117.802] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.802] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x662d0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0117.803] CoTaskMemFree (pv=0x551f70) [0117.803] GetModuleInformation (in: hProcess=0x268, hModule=0x663a0000, lpmodinfo=0x22fa7a8, cb=0x18 | out: lpmodinfo=0x22fa7a8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0117.804] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.804] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x663a0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0117.804] CoTaskMemFree (pv=0x552780) [0117.804] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.804] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x663a0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0117.805] CoTaskMemFree (pv=0x551f70) [0117.805] CloseHandle (hObject=0x268) returned 1 [0117.806] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0117.806] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x274) returned 0x268 [0117.806] EnumProcessModules (in: hProcess=0x268, lphModule=0x22fcf80, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x22fcf80, lpcbNeeded=0x14ef68) returned 1 [0117.812] EnumProcessModules (in: hProcess=0x268, lphModule=0x22fd198, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x22fd198, lpcbNeeded=0x14ef68) returned 1 [0117.818] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff6a3140000, lpmodinfo=0x22fd608, cb=0x18 | out: lpmodinfo=0x22fd608*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0117.818] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0117.818] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff6a3140000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0117.818] CoTaskMemFree (pv=0x550f50) [0117.818] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.818] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff6a3140000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0117.819] CoTaskMemFree (pv=0x552780) [0117.819] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x22ff7e8, cb=0x18 | out: lpmodinfo=0x22ff7e8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0117.819] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0117.819] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0117.820] CoTaskMemFree (pv=0x550f50) [0117.820] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0117.820] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0117.820] CoTaskMemFree (pv=0x552f90) [0117.820] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f640000, lpmodinfo=0x2301990, cb=0x18 | out: lpmodinfo=0x2301990*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0117.821] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.821] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f640000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0117.821] CoTaskMemFree (pv=0x54e700) [0117.821] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.821] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f640000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0117.822] CoTaskMemFree (pv=0x54d6e0) [0117.822] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ce40000, lpmodinfo=0x2303b48, cb=0x18 | out: lpmodinfo=0x2303b48*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0117.823] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.823] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ce40000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0117.823] CoTaskMemFree (pv=0x54ef10) [0117.823] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0117.823] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ce40000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0117.824] CoTaskMemFree (pv=0x552f90) [0117.824] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f970000, lpmodinfo=0x2305d00, cb=0x18 | out: lpmodinfo=0x2305d00*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0117.824] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0117.824] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f970000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0117.825] CoTaskMemFree (pv=0x553fb0) [0117.825] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.825] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f970000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0117.826] CoTaskMemFree (pv=0x550740) [0117.826] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fe80000, lpmodinfo=0x2307f00, cb=0x18 | out: lpmodinfo=0x2307f00*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0117.827] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0117.827] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fe80000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0117.827] CoTaskMemFree (pv=0x550f50) [0117.827] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.827] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fe80000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0117.831] CoTaskMemFree (pv=0x551760) [0117.831] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b760000, lpmodinfo=0x230a0a8, cb=0x18 | out: lpmodinfo=0x230a0a8*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0117.831] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0117.831] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b760000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0117.832] CoTaskMemFree (pv=0x550f50) [0117.832] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.832] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b760000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0117.833] CoTaskMemFree (pv=0x54ff30) [0117.833] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b740000, lpmodinfo=0x230c260, cb=0x18 | out: lpmodinfo=0x230c260*(lpBaseOfDll=0x7ff87b740000, SizeOfImage=0x20000, EntryPoint=0x7ff87b741920)) returned 1 [0117.834] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.834] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b740000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="umpnpmgr.dll") returned 0xc [0117.835] CoTaskMemFree (pv=0x550740) [0117.835] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.835] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b740000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\umpnpmgr.dll" (normalized: "c:\\windows\\system32\\umpnpmgr.dll")) returned 0x20 [0117.836] CoTaskMemFree (pv=0x54ff30) [0117.836] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fde0000, lpmodinfo=0x230e418, cb=0x18 | out: lpmodinfo=0x230e418*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0117.837] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.837] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fde0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0117.838] CoTaskMemFree (pv=0x54ef10) [0117.838] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.839] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fde0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0117.840] CoTaskMemFree (pv=0x551760) [0117.840] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b710000, lpmodinfo=0x2310658, cb=0x18 | out: lpmodinfo=0x2310658*(lpBaseOfDll=0x7ff87b710000, SizeOfImage=0x22000, EntryPoint=0x7ff87b7175f0)) returned 1 [0117.841] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.841] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b710000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="umpo.dll") returned 0x8 [0117.842] CoTaskMemFree (pv=0x54d6e0) [0117.842] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0117.842] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b710000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")) returned 0x1c [0117.843] CoTaskMemFree (pv=0x5537a0) [0117.843] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b6f0000, lpmodinfo=0x2312800, cb=0x18 | out: lpmodinfo=0x2312800*(lpBaseOfDll=0x7ff87b6f0000, SizeOfImage=0x16000, EntryPoint=0x7ff87b6f3630)) returned 1 [0117.844] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.844] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b6f0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="umpoext.dll") returned 0xb [0117.845] CoTaskMemFree (pv=0x551760) [0117.845] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0117.845] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b6f0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll")) returned 0x1f [0117.847] CoTaskMemFree (pv=0x54f720) [0117.847] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c710000, lpmodinfo=0x23149a8, cb=0x18 | out: lpmodinfo=0x23149a8*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0117.848] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.848] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c710000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0117.849] CoTaskMemFree (pv=0x550740) [0117.849] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0117.849] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c710000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0117.851] CoTaskMemFree (pv=0x54f720) [0117.851] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c5f0000, lpmodinfo=0x2316b60, cb=0x18 | out: lpmodinfo=0x2316b60*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0117.852] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.852] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c5f0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0117.853] CoTaskMemFree (pv=0x552780) [0117.853] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0117.853] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c5f0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0117.855] CoTaskMemFree (pv=0x552f90) [0117.855] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f6f0000, lpmodinfo=0x2318d18, cb=0x18 | out: lpmodinfo=0x2318d18*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0117.856] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.856] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f6f0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0117.858] CoTaskMemFree (pv=0x54def0) [0117.858] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.858] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f6f0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0117.859] CoTaskMemFree (pv=0x551f70) [0117.859] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d030000, lpmodinfo=0x231aec0, cb=0x18 | out: lpmodinfo=0x231aec0*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0117.861] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0117.861] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d030000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0117.862] CoTaskMemFree (pv=0x5537a0) [0117.862] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0117.862] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d030000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0117.864] CoTaskMemFree (pv=0x5547c0) [0117.864] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b5f0000, lpmodinfo=0x231d098, cb=0x18 | out: lpmodinfo=0x231d098*(lpBaseOfDll=0x7ff87b5f0000, SizeOfImage=0xf8000, EntryPoint=0x7ff87b5fd580)) returned 1 [0117.866] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.866] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b5f0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="tdh.dll") returned 0x7 [0117.867] CoTaskMemFree (pv=0x551f70) [0117.867] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.867] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b5f0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\tdh.dll" (normalized: "c:\\windows\\system32\\tdh.dll")) returned 0x1b [0117.869] CoTaskMemFree (pv=0x54e700) [0117.869] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b5c0000, lpmodinfo=0x231f230, cb=0x18 | out: lpmodinfo=0x231f230*(lpBaseOfDll=0x7ff87b5c0000, SizeOfImage=0x24000, EntryPoint=0x7ff87b5c3260)) returned 1 [0117.870] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.870] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b5c0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="gpapi.dll") returned 0x9 [0117.872] CoTaskMemFree (pv=0x552780) [0117.872] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.872] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b5c0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0117.874] CoTaskMemFree (pv=0x54def0) [0117.874] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b5b0000, lpmodinfo=0x23214f0, cb=0x18 | out: lpmodinfo=0x23214f0*(lpBaseOfDll=0x7ff87b5b0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b5b2790)) returned 1 [0117.876] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0117.876] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b5b0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="HID.DLL") returned 0x7 [0117.878] CoTaskMemFree (pv=0x5547c0) [0117.878] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.878] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b5b0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\HID.DLL" (normalized: "c:\\windows\\system32\\hid.dll")) returned 0x1b [0117.879] CoTaskMemFree (pv=0x54e700) [0117.879] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b4c0000, lpmodinfo=0x2323688, cb=0x18 | out: lpmodinfo=0x2323688*(lpBaseOfDll=0x7ff87b4c0000, SizeOfImage=0xe3000, EntryPoint=0x7ff87b51e0b0)) returned 1 [0117.881] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.881] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b4c0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="rpcss.dll") returned 0x9 [0117.883] CoTaskMemFree (pv=0x54ff30) [0117.883] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.883] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b4c0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")) returned 0x1d [0117.885] CoTaskMemFree (pv=0x54d6e0) [0117.885] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c240000, lpmodinfo=0x2325830, cb=0x18 | out: lpmodinfo=0x2325830*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0117.887] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0117.887] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c240000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0117.889] CoTaskMemFree (pv=0x552780) [0117.889] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0117.889] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c240000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0117.891] CoTaskMemFree (pv=0x54ef10) [0117.891] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b3e0000, lpmodinfo=0x23279d8, cb=0x18 | out: lpmodinfo=0x23279d8*(lpBaseOfDll=0x7ff87b3e0000, SizeOfImage=0x95000, EntryPoint=0x7ff87b4136c0)) returned 1 [0117.893] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.893] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b3e0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="bisrv.dll") returned 0x9 [0117.895] CoTaskMemFree (pv=0x550740) [0117.895] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.895] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b3e0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bisrv.dll" (normalized: "c:\\windows\\system32\\bisrv.dll")) returned 0x1d [0117.897] CoTaskMemFree (pv=0x54e700) [0117.897] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fa80000, lpmodinfo=0x2329b80, cb=0x18 | out: lpmodinfo=0x2329b80*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0117.899] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.899] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fa80000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0117.902] CoTaskMemFree (pv=0x54e700) [0117.902] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.902] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fa80000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0117.904] CoTaskMemFree (pv=0x551f70) [0117.904] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bab0000, lpmodinfo=0x232bd38, cb=0x18 | out: lpmodinfo=0x232bd38*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0117.906] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.906] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bab0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0117.909] CoTaskMemFree (pv=0x551f70) [0117.909] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.909] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bab0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0117.911] CoTaskMemFree (pv=0x54def0) [0117.911] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b3b0000, lpmodinfo=0x232dee0, cb=0x18 | out: lpmodinfo=0x232dee0*(lpBaseOfDll=0x7ff87b3b0000, SizeOfImage=0x30000, EntryPoint=0x7ff87b3bf7c0)) returned 1 [0117.913] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0117.913] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b3b0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="psmsrv.dll") returned 0xa [0117.915] CoTaskMemFree (pv=0x5547c0) [0117.915] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0117.915] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b3b0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\psmsrv.dll" (normalized: "c:\\windows\\system32\\psmsrv.dll")) returned 0x1e [0117.917] CoTaskMemFree (pv=0x550f50) [0117.917] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c640000, lpmodinfo=0x2330088, cb=0x18 | out: lpmodinfo=0x2330088*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0117.919] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.919] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c640000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0117.921] CoTaskMemFree (pv=0x551760) [0117.922] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0117.922] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c640000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0117.924] CoTaskMemFree (pv=0x551f70) [0117.924] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c430000, lpmodinfo=0x2332250, cb=0x18 | out: lpmodinfo=0x2332250*(lpBaseOfDll=0x7ff87c430000, SizeOfImage=0x19000, EntryPoint=0x7ff87c435e10)) returned 1 [0117.926] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.926] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c430000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="EventAggregation.dll") returned 0x14 [0117.930] CoTaskMemFree (pv=0x550740) [0117.930] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.930] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c430000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll")) returned 0x28 [0117.932] CoTaskMemFree (pv=0x551760) [0117.932] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b380000, lpmodinfo=0x2334428, cb=0x18 | out: lpmodinfo=0x2334428*(lpBaseOfDll=0x7ff87b380000, SizeOfImage=0x2a000, EntryPoint=0x7ff87b388b90)) returned 1 [0117.935] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.935] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b380000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="RMCLIENT.dll") returned 0xc [0117.937] CoTaskMemFree (pv=0x54d6e0) [0117.937] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0117.937] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b380000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\RMCLIENT.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")) returned 0x20 [0117.940] CoTaskMemFree (pv=0x54d6e0) [0117.940] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fd30000, lpmodinfo=0x23365e0, cb=0x18 | out: lpmodinfo=0x23365e0*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0117.942] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.942] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fd30000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0117.945] CoTaskMemFree (pv=0x54def0) [0117.945] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0117.945] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fd30000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0117.947] CoTaskMemFree (pv=0x5537a0) [0117.947] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b280000, lpmodinfo=0x2338798, cb=0x18 | out: lpmodinfo=0x2338798*(lpBaseOfDll=0x7ff87b280000, SizeOfImage=0xbc000, EntryPoint=0x7ff87b2bc480)) returned 1 [0117.950] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.950] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b280000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="lsm.dll") returned 0x7 [0117.953] CoTaskMemFree (pv=0x54ff30) [0117.953] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0117.953] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b280000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\lsm.dll" (normalized: "c:\\windows\\system32\\lsm.dll")) returned 0x1b [0117.955] CoTaskMemFree (pv=0x54def0) [0117.955] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b270000, lpmodinfo=0x233a930, cb=0x18 | out: lpmodinfo=0x233a930*(lpBaseOfDll=0x7ff87b270000, SizeOfImage=0xc000, EntryPoint=0x7ff87b272480)) returned 1 [0117.958] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.958] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b270000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="SYSNTFY.dll") returned 0xb [0117.964] CoTaskMemFree (pv=0x54e700) [0117.964] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.964] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b270000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SYSNTFY.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")) returned 0x1f [0117.967] CoTaskMemFree (pv=0x54e700) [0117.967] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b1e0000, lpmodinfo=0x233cad8, cb=0x18 | out: lpmodinfo=0x233cad8*(lpBaseOfDll=0x7ff87b1e0000, SizeOfImage=0x8d000, EntryPoint=0x7ff87b20ac70)) returned 1 [0117.970] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0117.970] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b1e0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="psmserviceexthost.dll") returned 0x15 [0117.973] CoTaskMemFree (pv=0x550740) [0117.973] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0117.973] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b1e0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psmserviceexthost.dll" (normalized: "c:\\windows\\system32\\psmserviceexthost.dll")) returned 0x29 [0117.977] CoTaskMemFree (pv=0x54ff30) [0117.977] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b0e0000, lpmodinfo=0x233ecb0, cb=0x18 | out: lpmodinfo=0x233ecb0*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0117.979] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0117.979] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b0e0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0117.982] CoTaskMemFree (pv=0x553fb0) [0117.982] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0117.982] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b0e0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0117.985] CoTaskMemFree (pv=0x552f90) [0117.985] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c450000, lpmodinfo=0x2340e78, cb=0x18 | out: lpmodinfo=0x2340e78*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0117.988] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0117.988] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c450000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0117.991] CoTaskMemFree (pv=0x550f50) [0117.991] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0117.991] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c450000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0117.995] CoTaskMemFree (pv=0x54e700) [0117.995] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bd20000, lpmodinfo=0x2343238, cb=0x18 | out: lpmodinfo=0x2343238*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0117.998] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0117.998] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bd20000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="Userenv.dll") returned 0xb [0118.001] CoTaskMemFree (pv=0x551760) [0118.001] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.001] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bd20000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0118.004] CoTaskMemFree (pv=0x551f70) [0118.004] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c5d0000, lpmodinfo=0x23453e0, cb=0x18 | out: lpmodinfo=0x23453e0*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0118.007] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0118.007] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c5d0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0118.011] CoTaskMemFree (pv=0x552f90) [0118.011] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0118.011] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c5d0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0118.013] CoTaskMemFree (pv=0x54d6e0) [0118.013] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87afe0000, lpmodinfo=0x2347588, cb=0x18 | out: lpmodinfo=0x2347588*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0118.016] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0118.016] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87afe0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0118.020] CoTaskMemFree (pv=0x552780) [0118.020] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0118.020] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87afe0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0118.023] CoTaskMemFree (pv=0x552f90) [0118.023] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87aeb0000, lpmodinfo=0x2349730, cb=0x18 | out: lpmodinfo=0x2349730*(lpBaseOfDll=0x7ff87aeb0000, SizeOfImage=0x63000, EntryPoint=0x7ff87aecc010)) returned 1 [0118.026] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0118.026] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87aeb0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="systemeventsbrokerserver.dll") returned 0x1c [0118.030] CoTaskMemFree (pv=0x54ef10) [0118.030] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0118.030] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87aeb0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\systemeventsbrokerserver.dll" (normalized: "c:\\windows\\system32\\systemeventsbrokerserver.dll")) returned 0x30 [0118.033] CoTaskMemFree (pv=0x550f50) [0118.033] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ae70000, lpmodinfo=0x234b928, cb=0x18 | out: lpmodinfo=0x234b928*(lpBaseOfDll=0x7ff87ae70000, SizeOfImage=0x40000, EntryPoint=0x7ff87ae81960)) returned 1 [0118.037] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0118.037] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ae70000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="BrokerLib.dll") returned 0xd [0118.041] CoTaskMemFree (pv=0x54ff30) [0118.041] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0118.041] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ae70000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")) returned 0x21 [0118.045] CoTaskMemFree (pv=0x54f720) [0118.045] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87a200000, lpmodinfo=0x234dae0, cb=0x18 | out: lpmodinfo=0x234dae0*(lpBaseOfDll=0x7ff87a200000, SizeOfImage=0x21000, EntryPoint=0x7ff87a2092a0)) returned 1 [0118.048] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0118.048] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87a200000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="DAB.dll") returned 0x7 [0118.052] CoTaskMemFree (pv=0x54e700) [0118.052] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.052] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87a200000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DAB.dll" (normalized: "c:\\windows\\system32\\dab.dll")) returned 0x1b [0118.056] CoTaskMemFree (pv=0x551f70) [0118.056] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ad00000, lpmodinfo=0x234fc78, cb=0x18 | out: lpmodinfo=0x234fc78*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0118.059] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0118.059] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ad00000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0118.063] CoTaskMemFree (pv=0x5537a0) [0118.063] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0118.063] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ad00000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0118.066] CoTaskMemFree (pv=0x551760) [0118.066] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c3d0000, lpmodinfo=0x2351e30, cb=0x18 | out: lpmodinfo=0x2351e30*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0118.070] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0118.070] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c3d0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0118.074] CoTaskMemFree (pv=0x54e700) [0118.074] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.074] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c3d0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0118.077] CoTaskMemFree (pv=0x551f70) [0118.077] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f9d0000, lpmodinfo=0x2353fd8, cb=0x18 | out: lpmodinfo=0x2353fd8*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0118.081] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.081] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f9d0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0118.085] CoTaskMemFree (pv=0x551f70) [0118.085] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0118.085] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f9d0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0118.089] CoTaskMemFree (pv=0x551760) [0118.089] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878150000, lpmodinfo=0x2356180, cb=0x18 | out: lpmodinfo=0x2356180*(lpBaseOfDll=0x7ff878150000, SizeOfImage=0xc000, EntryPoint=0x7ff878152830)) returned 1 [0118.092] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0118.092] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878150000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="bi.dll") returned 0x6 [0118.096] CoTaskMemFree (pv=0x54ff30) [0118.096] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0118.096] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878150000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")) returned 0x1a [0118.100] CoTaskMemFree (pv=0x551760) [0118.100] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875b40000, lpmodinfo=0x2358318, cb=0x18 | out: lpmodinfo=0x2358318*(lpBaseOfDll=0x7ff875b40000, SizeOfImage=0x10000, EntryPoint=0x7ff875b42c60)) returned 1 [0118.104] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0118.104] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875b40000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="usermgrcli.dll") returned 0xe [0118.108] CoTaskMemFree (pv=0x5547c0) [0118.108] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0118.108] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875b40000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")) returned 0x22 [0118.112] CoTaskMemFree (pv=0x553fb0) [0118.112] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c060000, lpmodinfo=0x235a4d0, cb=0x18 | out: lpmodinfo=0x235a4d0*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0118.115] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0118.115] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c060000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="CRYPTBASE.DLL") returned 0xd [0118.120] CoTaskMemFree (pv=0x553fb0) [0118.120] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0118.120] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c060000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.DLL" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0118.124] CoTaskMemFree (pv=0x550740) [0118.124] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ed60000, lpmodinfo=0x235c688, cb=0x18 | out: lpmodinfo=0x235c688*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0118.128] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0118.128] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ed60000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0118.132] CoTaskMemFree (pv=0x54f720) [0118.132] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0118.132] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ed60000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0118.136] CoTaskMemFree (pv=0x5537a0) [0118.136] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f3e0000, lpmodinfo=0x235e830, cb=0x18 | out: lpmodinfo=0x235e830*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0118.141] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0118.141] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f3e0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0118.145] CoTaskMemFree (pv=0x54d6e0) [0118.145] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0118.145] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f3e0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0118.149] CoTaskMemFree (pv=0x54d6e0) [0118.149] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff879c90000, lpmodinfo=0x23609d8, cb=0x18 | out: lpmodinfo=0x23609d8*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0118.153] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0118.153] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff879c90000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0118.157] CoTaskMemFree (pv=0x54ef10) [0118.157] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0118.157] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff879c90000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0118.162] CoTaskMemFree (pv=0x54ef10) [0118.162] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873bb0000, lpmodinfo=0x2362b90, cb=0x18 | out: lpmodinfo=0x2362b90*(lpBaseOfDll=0x7ff873bb0000, SizeOfImage=0x10000, EntryPoint=0x7ff873bb23f0)) returned 1 [0118.166] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0118.166] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873bb0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="BackgroundMediaPolicy.dll") returned 0x19 [0118.170] CoTaskMemFree (pv=0x552780) [0118.170] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0118.170] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873bb0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\BackgroundMediaPolicy.dll" (normalized: "c:\\windows\\system32\\backgroundmediapolicy.dll")) returned 0x2d [0118.174] CoTaskMemFree (pv=0x54f720) [0118.174] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873b80000, lpmodinfo=0x2364d78, cb=0x18 | out: lpmodinfo=0x2364d78*(lpBaseOfDll=0x7ff873b80000, SizeOfImage=0x26000, EntryPoint=0x7ff873b87a80)) returned 1 [0118.179] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0118.179] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873b80000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="ACPBackgroundManagerPolicy.dll") returned 0x1e [0118.183] CoTaskMemFree (pv=0x54d6e0) [0118.183] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0118.183] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873b80000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ACPBackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\acpbackgroundmanagerpolicy.dll")) returned 0x32 [0118.188] CoTaskMemFree (pv=0x551760) [0118.188] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873b70000, lpmodinfo=0x2366f70, cb=0x18 | out: lpmodinfo=0x2366f70*(lpBaseOfDll=0x7ff873b70000, SizeOfImage=0xc000, EntryPoint=0x7ff873b74b50)) returned 1 [0118.193] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0118.193] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873b70000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="CbtBackgroundManagerPolicy.dll") returned 0x1e [0118.197] CoTaskMemFree (pv=0x5537a0) [0118.197] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0118.197] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873b70000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CbtBackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\cbtbackgroundmanagerpolicy.dll")) returned 0x32 [0118.202] CoTaskMemFree (pv=0x551760) [0118.202] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873b50000, lpmodinfo=0x2369168, cb=0x18 | out: lpmodinfo=0x2369168*(lpBaseOfDll=0x7ff873b50000, SizeOfImage=0x18000, EntryPoint=0x7ff873b53f00)) returned 1 [0118.206] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0118.206] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873b50000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll") returned 0x41 [0118.211] CoTaskMemFree (pv=0x551760) [0118.211] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0118.211] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873b50000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\windows.networking.backgroundtransfer.backgroundmanagerpolicy.dll")) returned 0x55 [0118.223] CoTaskMemFree (pv=0x5547c0) [0118.223] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873b40000, lpmodinfo=0x236b3f0, cb=0x18 | out: lpmodinfo=0x236b3f0*(lpBaseOfDll=0x7ff873b40000, SizeOfImage=0xe000, EntryPoint=0x7ff873b422f0)) returned 1 [0118.227] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0118.227] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873b40000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="SebBackgroundManagerPolicy.dll") returned 0x1e [0118.232] CoTaskMemFree (pv=0x551760) [0118.232] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0118.232] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873b40000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SebBackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\sebbackgroundmanagerpolicy.dll")) returned 0x32 [0118.237] CoTaskMemFree (pv=0x552f90) [0118.237] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d3a0000, lpmodinfo=0x236d5e8, cb=0x18 | out: lpmodinfo=0x236d5e8*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0118.242] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0118.242] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d3a0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0118.247] CoTaskMemFree (pv=0x54d6e0) [0118.247] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0118.247] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d3a0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0118.252] CoTaskMemFree (pv=0x552780) [0118.252] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f5d0000, lpmodinfo=0x236f790, cb=0x18 | out: lpmodinfo=0x236f790*(lpBaseOfDll=0x7ff87f5d0000, SizeOfImage=0x6f000, EntryPoint=0x7ff87f5f5f70)) returned 1 [0118.257] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0118.257] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f5d0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="coml2.dll") returned 0x9 [0118.261] CoTaskMemFree (pv=0x54ef10) [0118.261] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.261] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f5d0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll")) returned 0x1d [0118.267] CoTaskMemFree (pv=0x54def0) [0118.267] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873b20000, lpmodinfo=0x2371938, cb=0x18 | out: lpmodinfo=0x2371938*(lpBaseOfDll=0x7ff873b20000, SizeOfImage=0x15000, EntryPoint=0x7ff873b21ab0)) returned 1 [0118.272] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0118.272] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873b20000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="execmodelproxy.dll") returned 0x12 [0118.277] CoTaskMemFree (pv=0x552780) [0118.277] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.277] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873b20000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll")) returned 0x26 [0118.282] CoTaskMemFree (pv=0x54def0) [0118.282] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c760000, lpmodinfo=0x2373b00, cb=0x18 | out: lpmodinfo=0x2373b00*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0118.287] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0118.287] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c760000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0118.291] CoTaskMemFree (pv=0x553fb0) [0118.291] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0118.291] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c760000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0118.297] CoTaskMemFree (pv=0x550740) [0118.297] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fb50000, lpmodinfo=0x2375cc8, cb=0x18 | out: lpmodinfo=0x2375cc8*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0118.302] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0118.302] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fb50000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0118.307] CoTaskMemFree (pv=0x553fb0) [0118.307] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.307] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fb50000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0118.312] CoTaskMemFree (pv=0x54def0) [0118.312] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c650000, lpmodinfo=0x2377e70, cb=0x18 | out: lpmodinfo=0x2377e70*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0118.317] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0118.317] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c650000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0118.322] CoTaskMemFree (pv=0x54ef10) [0118.322] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0118.322] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c650000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0118.327] CoTaskMemFree (pv=0x54d6e0) [0118.327] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873f90000, lpmodinfo=0x237a018, cb=0x18 | out: lpmodinfo=0x237a018*(lpBaseOfDll=0x7ff873f90000, SizeOfImage=0x44000, EntryPoint=0x7ff873f9c010)) returned 1 [0118.331] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0118.331] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873f90000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="execmodelclient.dll") returned 0x13 [0118.337] CoTaskMemFree (pv=0x54d6e0) [0118.338] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0118.338] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873f90000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\execmodelclient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")) returned 0x27 [0118.344] CoTaskMemFree (pv=0x553fb0) [0118.344] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87a5e0000, lpmodinfo=0x237c1e0, cb=0x18 | out: lpmodinfo=0x237c1e0*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0118.349] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0118.349] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87a5e0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="CoreMessaging.dll") returned 0x11 [0118.354] CoTaskMemFree (pv=0x5537a0) [0118.354] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0118.354] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87a5e0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0118.360] CoTaskMemFree (pv=0x5537a0) [0118.360] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873b00000, lpmodinfo=0x237e3a8, cb=0x18 | out: lpmodinfo=0x237e3a8*(lpBaseOfDll=0x7ff873b00000, SizeOfImage=0x11000, EntryPoint=0x7ff873b05e90)) returned 1 [0118.365] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0118.365] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873b00000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="licensemanagerapi.dll") returned 0x15 [0118.370] CoTaskMemFree (pv=0x54ef10) [0118.370] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0118.370] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873b00000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\licensemanagerapi.dll" (normalized: "c:\\windows\\system32\\licensemanagerapi.dll")) returned 0x29 [0118.389] CoTaskMemFree (pv=0x54ff30) [0118.389] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878e80000, lpmodinfo=0x2380580, cb=0x18 | out: lpmodinfo=0x2380580*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0118.395] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0118.395] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878e80000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0118.400] CoTaskMemFree (pv=0x54d6e0) [0118.400] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0118.400] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878e80000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0118.439] CoTaskMemFree (pv=0x553fb0) [0118.439] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873ae0000, lpmodinfo=0x2382748, cb=0x18 | out: lpmodinfo=0x2382748*(lpBaseOfDll=0x7ff873ae0000, SizeOfImage=0x1b000, EntryPoint=0x7ff873aeaf40)) returned 1 [0118.445] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.445] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873ae0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="capauthz.dll") returned 0xc [0118.451] CoTaskMemFree (pv=0x54def0) [0118.451] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0118.451] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873ae0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll")) returned 0x20 [0118.457] CoTaskMemFree (pv=0x54ff30) [0118.457] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87aa90000, lpmodinfo=0x2384900, cb=0x18 | out: lpmodinfo=0x2384900*(lpBaseOfDll=0x7ff87aa90000, SizeOfImage=0x79000, EntryPoint=0x7ff87aaafb90)) returned 1 [0118.463] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0118.463] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87aa90000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0118.469] CoTaskMemFree (pv=0x5537a0) [0118.469] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0118.469] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87aa90000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0118.474] CoTaskMemFree (pv=0x5537a0) [0118.474] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8736c0000, lpmodinfo=0x2386ec0, cb=0x18 | out: lpmodinfo=0x2386ec0*(lpBaseOfDll=0x7ff8736c0000, SizeOfImage=0x2a3000, EntryPoint=0x7ff8736e6190)) returned 1 [0118.480] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0118.480] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8736c0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="Windows.StateRepository.dll") returned 0x1b [0118.485] CoTaskMemFree (pv=0x5547c0) [0118.485] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0118.485] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8736c0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")) returned 0x2f [0118.491] CoTaskMemFree (pv=0x553fb0) [0118.491] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873620000, lpmodinfo=0x23890a8, cb=0x18 | out: lpmodinfo=0x23890a8*(lpBaseOfDll=0x7ff873620000, SizeOfImage=0x94000, EntryPoint=0x7ff873659210)) returned 1 [0118.497] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0118.497] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873620000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="StateRepository.Core.dll") returned 0x18 [0118.502] CoTaskMemFree (pv=0x552780) [0118.502] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0118.502] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873620000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")) returned 0x2c [0118.507] CoTaskMemFree (pv=0x550740) [0118.508] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bf40000, lpmodinfo=0x238b290, cb=0x18 | out: lpmodinfo=0x238b290*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0118.513] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0118.513] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bf40000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0118.519] CoTaskMemFree (pv=0x54ef10) [0118.519] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0118.519] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bf40000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0118.525] CoTaskMemFree (pv=0x54ff30) [0118.526] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bbd0000, lpmodinfo=0x238d438, cb=0x18 | out: lpmodinfo=0x238d438*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0118.531] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0118.531] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bbd0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0118.537] CoTaskMemFree (pv=0x551760) [0118.537] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.537] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bbd0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0118.543] CoTaskMemFree (pv=0x551f70) [0118.543] CloseHandle (hObject=0x268) returned 1 [0118.543] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0118.543] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x338) returned 0x268 [0118.544] EnumProcessModules (in: hProcess=0x268, lphModule=0x23911a8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23911a8, lpcbNeeded=0x14ef68) returned 1 [0118.544] GetModuleInformation (in: hProcess=0x268, hModule=0x870000, lpmodinfo=0x2391418, cb=0x18 | out: lpmodinfo=0x2391418*(lpBaseOfDll=0x870000, SizeOfImage=0x17000, EntryPoint=0x8714a1)) returned 1 [0118.545] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.545] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x870000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="speakhe.exe") returned 0xb [0118.545] CoTaskMemFree (pv=0x54def0) [0118.545] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.545] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x870000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\speakhe.exe" (normalized: "c:\\program files (x86)\\windows media player\\speakhe.exe")) returned 0x37 [0118.545] CoTaskMemFree (pv=0x54def0) [0118.545] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x2393628, cb=0x18 | out: lpmodinfo=0x2393628*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0118.546] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0118.546] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0118.546] CoTaskMemFree (pv=0x552f90) [0118.546] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0118.546] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0118.547] CoTaskMemFree (pv=0x54ef10) [0118.547] GetModuleInformation (in: hProcess=0x268, hModule=0x66350000, lpmodinfo=0x23957d0, cb=0x18 | out: lpmodinfo=0x23957d0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0118.547] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.547] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x66350000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0118.548] CoTaskMemFree (pv=0x54def0) [0118.548] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0118.548] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x66350000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0118.548] CoTaskMemFree (pv=0x552780) [0118.548] GetModuleInformation (in: hProcess=0x268, hModule=0x662d0000, lpmodinfo=0x2397978, cb=0x18 | out: lpmodinfo=0x2397978*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0118.549] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0118.549] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x662d0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0118.550] CoTaskMemFree (pv=0x552780) [0118.550] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.550] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x662d0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0118.550] CoTaskMemFree (pv=0x551f70) [0118.550] GetModuleInformation (in: hProcess=0x268, hModule=0x663a0000, lpmodinfo=0x2399b30, cb=0x18 | out: lpmodinfo=0x2399b30*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0118.552] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0118.552] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x663a0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0118.553] CoTaskMemFree (pv=0x54ef10) [0118.553] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0118.553] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x663a0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0118.554] CoTaskMemFree (pv=0x54f720) [0118.554] CloseHandle (hObject=0x268) returned 1 [0118.554] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0118.554] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa24) returned 0x268 [0118.554] EnumProcessModules (in: hProcess=0x268, lphModule=0x239c308, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x239c308, lpcbNeeded=0x14ef68) returned 1 [0118.557] GetModuleInformation (in: hProcess=0x268, hModule=0xe40000, lpmodinfo=0x239c578, cb=0x18 | out: lpmodinfo=0x239c578*(lpBaseOfDll=0xe40000, SizeOfImage=0xe000, EntryPoint=0xe44887)) returned 1 [0118.558] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0118.558] GetModuleBaseNameW (in: hProcess=0x268, hModule=0xe40000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="SkypeHost.exe") returned 0xd [0118.560] CoTaskMemFree (pv=0x550740) [0118.560] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0118.560] GetModuleFileNameExW (in: hProcess=0x268, hModule=0xe40000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\\SkypeHost.exe" (normalized: "c:\\program files\\windowsapps\\microsoft.messaging_1.10.22012.0_x86__8wekyb3d8bbwe\\skypehost.exe")) returned 0x5e [0118.562] CoTaskMemFree (pv=0x54e700) [0118.562] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x239e7e0, cb=0x18 | out: lpmodinfo=0x239e7e0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0118.563] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0118.563] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0118.566] CoTaskMemFree (pv=0x54ef10) [0118.566] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0118.566] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0118.568] CoTaskMemFree (pv=0x54f720) [0118.568] GetModuleInformation (in: hProcess=0x268, hModule=0x66350000, lpmodinfo=0x23a0988, cb=0x18 | out: lpmodinfo=0x23a0988*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0118.570] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0118.570] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x66350000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0118.573] CoTaskMemFree (pv=0x54ff30) [0118.573] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0118.573] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x66350000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0118.576] CoTaskMemFree (pv=0x552780) [0118.576] GetModuleInformation (in: hProcess=0x268, hModule=0x662d0000, lpmodinfo=0x23a2b30, cb=0x18 | out: lpmodinfo=0x23a2b30*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0118.578] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0118.578] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x662d0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0118.581] CoTaskMemFree (pv=0x54f720) [0118.581] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0118.581] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x662d0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0118.584] CoTaskMemFree (pv=0x552f90) [0118.584] GetModuleInformation (in: hProcess=0x268, hModule=0x663a0000, lpmodinfo=0x23a4ce8, cb=0x18 | out: lpmodinfo=0x23a4ce8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0118.587] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0118.587] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x663a0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0118.590] CoTaskMemFree (pv=0x54d6e0) [0118.590] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.590] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x663a0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0118.594] CoTaskMemFree (pv=0x54def0) [0118.594] CloseHandle (hObject=0x268) returned 1 [0118.594] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0118.594] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1148) returned 0x268 [0118.594] EnumProcessModules (in: hProcess=0x268, lphModule=0x23a74c0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23a74c0, lpcbNeeded=0x14ef68) returned 1 [0118.595] GetModuleInformation (in: hProcess=0x268, hModule=0x1260000, lpmodinfo=0x23a7730, cb=0x18 | out: lpmodinfo=0x23a7730*(lpBaseOfDll=0x1260000, SizeOfImage=0x17000, EntryPoint=0x12614a1)) returned 1 [0118.595] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.595] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x1260000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="edcsvr.exe") returned 0xa [0118.595] CoTaskMemFree (pv=0x551f70) [0118.595] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0118.596] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x1260000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Portable Devices\\edcsvr.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\edcsvr.exe")) returned 0x3a [0118.596] CoTaskMemFree (pv=0x550f50) [0118.596] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x23a9948, cb=0x18 | out: lpmodinfo=0x23a9948*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0118.596] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.596] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0118.597] CoTaskMemFree (pv=0x551f70) [0118.597] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0118.597] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0118.597] CoTaskMemFree (pv=0x550740) [0118.597] GetModuleInformation (in: hProcess=0x268, hModule=0x66350000, lpmodinfo=0x23abaf0, cb=0x18 | out: lpmodinfo=0x23abaf0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0118.598] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.598] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x66350000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0118.598] CoTaskMemFree (pv=0x551f70) [0118.599] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0118.599] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x66350000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0118.599] CoTaskMemFree (pv=0x54ff30) [0118.599] GetModuleInformation (in: hProcess=0x268, hModule=0x662d0000, lpmodinfo=0x23adc98, cb=0x18 | out: lpmodinfo=0x23adc98*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0118.600] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0118.600] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x662d0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0118.600] CoTaskMemFree (pv=0x553fb0) [0118.600] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.600] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x662d0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0118.601] CoTaskMemFree (pv=0x551f70) [0118.601] GetModuleInformation (in: hProcess=0x268, hModule=0x663a0000, lpmodinfo=0x23afe50, cb=0x18 | out: lpmodinfo=0x23afe50*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0118.602] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0118.602] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x663a0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0118.603] CoTaskMemFree (pv=0x550f50) [0118.603] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0118.603] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x663a0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0118.603] CoTaskMemFree (pv=0x553fb0) [0118.603] CloseHandle (hObject=0x268) returned 1 [0118.604] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0118.604] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11d4) returned 0x268 [0118.604] EnumProcessModules (in: hProcess=0x268, lphModule=0x23b2628, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23b2628, lpcbNeeded=0x14ef68) returned 1 [0118.605] GetModuleInformation (in: hProcess=0x268, hModule=0xb50000, lpmodinfo=0x23b2898, cb=0x18 | out: lpmodinfo=0x23b2898*(lpBaseOfDll=0xb50000, SizeOfImage=0x17000, EntryPoint=0xb514a1)) returned 1 [0118.605] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.605] GetModuleBaseNameW (in: hProcess=0x268, hModule=0xb50000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="that_customer_tend.exe") returned 0x16 [0118.605] CoTaskMemFree (pv=0x551f70) [0118.605] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0118.605] GetModuleFileNameExW (in: hProcess=0x268, hModule=0xb50000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Defender\\that_customer_tend.exe" (normalized: "c:\\program files (x86)\\windows defender\\that_customer_tend.exe")) returned 0x3e [0118.606] CoTaskMemFree (pv=0x550740) [0118.606] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x23b4ad0, cb=0x18 | out: lpmodinfo=0x23b4ad0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0118.606] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0118.606] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0118.607] CoTaskMemFree (pv=0x552780) [0118.607] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0118.607] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0118.607] CoTaskMemFree (pv=0x54f720) [0118.607] GetModuleInformation (in: hProcess=0x268, hModule=0x66350000, lpmodinfo=0x23b6c78, cb=0x18 | out: lpmodinfo=0x23b6c78*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0118.608] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0118.608] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x66350000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0118.608] CoTaskMemFree (pv=0x553fb0) [0118.608] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.608] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x66350000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0118.609] CoTaskMemFree (pv=0x54def0) [0118.609] GetModuleInformation (in: hProcess=0x268, hModule=0x662d0000, lpmodinfo=0x23b8e20, cb=0x18 | out: lpmodinfo=0x23b8e20*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0118.610] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0118.610] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x662d0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0118.610] CoTaskMemFree (pv=0x551760) [0118.610] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0118.610] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x662d0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0118.611] CoTaskMemFree (pv=0x5537a0) [0118.611] GetModuleInformation (in: hProcess=0x268, hModule=0x663a0000, lpmodinfo=0x23bafd8, cb=0x18 | out: lpmodinfo=0x23bafd8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0118.612] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.612] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x663a0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0118.613] CoTaskMemFree (pv=0x551f70) [0118.613] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0118.613] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x663a0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0118.614] CoTaskMemFree (pv=0x551760) [0118.614] CloseHandle (hObject=0x268) returned 1 [0118.614] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0118.614] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x12d0) returned 0x268 [0118.614] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb9c) returned 0x26c [0118.627] IsWow64Process (in: hProcess=0x26c, Wow64Process=0x14ee78 | out: Wow64Process=0x14ee78*=0) returned 1 [0118.627] IsWow64Process (in: hProcess=0x268, Wow64Process=0x14ee78 | out: Wow64Process=0x14ee78*=0) returned 1 [0118.627] CloseHandle (hObject=0x26c) returned 1 [0118.627] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.630] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.632] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.633] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.635] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.636] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.638] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.639] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.641] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.642] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.644] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.645] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.647] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.648] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.650] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.653] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.654] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.656] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.657] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.659] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.660] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.662] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.663] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.665] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.666] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.668] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.669] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.671] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.672] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.674] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.675] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.681] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.682] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.684] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.685] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.687] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.694] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.697] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.699] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.701] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.702] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.704] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.705] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.708] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.710] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.711] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.713] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.714] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.716] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.717] EnumProcessModules (in: hProcess=0x268, lphModule=0x23bd7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23bd7b0, lpcbNeeded=0x14ef68) returned 0 [0118.719] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x12b, dwLanguageId=0x0, lpBuffer=0x14eb00, nSize=0x101, Arguments=0x0 | out: lpBuffer="Only part of a ReadProcessMemory or WriteProcessMemory request was completed.\r\n") returned 0x4f [0118.720] CloseHandle (hObject=0x268) returned 1 [0118.721] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1048) returned 0x268 [0118.721] EnumProcessModules (in: hProcess=0x268, lphModule=0x23be1a8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23be1a8, lpcbNeeded=0x14ef68) returned 1 [0118.722] GetModuleInformation (in: hProcess=0x268, hModule=0x850000, lpmodinfo=0x23be418, cb=0x18 | out: lpmodinfo=0x23be418*(lpBaseOfDll=0x850000, SizeOfImage=0x17000, EntryPoint=0x8514a1)) returned 1 [0118.722] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.722] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x850000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="leechftp.exe") returned 0xc [0118.722] CoTaskMemFree (pv=0x54def0) [0118.722] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0118.722] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x850000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\leechftp.exe" (normalized: "c:\\program files\\internet explorer\\leechftp.exe")) returned 0x2f [0118.723] CoTaskMemFree (pv=0x54f720) [0118.723] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x23c0620, cb=0x18 | out: lpmodinfo=0x23c0620*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0118.723] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0118.723] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0118.724] CoTaskMemFree (pv=0x54d6e0) [0118.724] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0118.724] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0118.724] CoTaskMemFree (pv=0x54ff30) [0118.725] GetModuleInformation (in: hProcess=0x268, hModule=0x66350000, lpmodinfo=0x23c27c8, cb=0x18 | out: lpmodinfo=0x23c27c8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0118.725] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0118.725] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x66350000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0118.726] CoTaskMemFree (pv=0x551760) [0118.726] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.726] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x66350000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0118.726] CoTaskMemFree (pv=0x54def0) [0118.726] GetModuleInformation (in: hProcess=0x268, hModule=0x662d0000, lpmodinfo=0x23c4970, cb=0x18 | out: lpmodinfo=0x23c4970*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0118.727] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0118.727] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x662d0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0118.727] CoTaskMemFree (pv=0x54f720) [0118.727] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.727] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x662d0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0118.728] CoTaskMemFree (pv=0x54def0) [0118.728] GetModuleInformation (in: hProcess=0x268, hModule=0x663a0000, lpmodinfo=0x23c6b28, cb=0x18 | out: lpmodinfo=0x23c6b28*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0118.729] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0118.729] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x663a0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0118.730] CoTaskMemFree (pv=0x54ef10) [0118.730] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0118.730] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x663a0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0118.730] CoTaskMemFree (pv=0x54d6e0) [0118.730] CloseHandle (hObject=0x268) returned 1 [0118.731] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0118.731] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x110c) returned 0x268 [0118.731] EnumProcessModules (in: hProcess=0x268, lphModule=0x23c9300, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23c9300, lpcbNeeded=0x14ef68) returned 1 [0118.731] GetModuleInformation (in: hProcess=0x268, hModule=0x1320000, lpmodinfo=0x23c9570, cb=0x18 | out: lpmodinfo=0x23c9570*(lpBaseOfDll=0x1320000, SizeOfImage=0x17000, EntryPoint=0x13214a1)) returned 1 [0118.732] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0118.732] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x1320000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="accupos.exe") returned 0xb [0118.732] CoTaskMemFree (pv=0x550740) [0118.732] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0118.732] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x1320000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Defender\\accupos.exe" (normalized: "c:\\program files (x86)\\windows defender\\accupos.exe")) returned 0x33 [0118.733] CoTaskMemFree (pv=0x54e700) [0118.733] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x23cb778, cb=0x18 | out: lpmodinfo=0x23cb778*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0118.733] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0118.733] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0118.734] CoTaskMemFree (pv=0x5547c0) [0118.734] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0118.734] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0118.734] CoTaskMemFree (pv=0x54f720) [0118.734] GetModuleInformation (in: hProcess=0x268, hModule=0x66350000, lpmodinfo=0x23cd920, cb=0x18 | out: lpmodinfo=0x23cd920*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0118.735] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.735] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x66350000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0118.735] CoTaskMemFree (pv=0x54def0) [0118.736] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0118.736] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x66350000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0118.736] CoTaskMemFree (pv=0x5537a0) [0118.736] GetModuleInformation (in: hProcess=0x268, hModule=0x662d0000, lpmodinfo=0x23cfac8, cb=0x18 | out: lpmodinfo=0x23cfac8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0118.737] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.737] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x662d0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0118.737] CoTaskMemFree (pv=0x54def0) [0118.737] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0118.737] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x662d0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0118.738] CoTaskMemFree (pv=0x550740) [0118.738] GetModuleInformation (in: hProcess=0x268, hModule=0x663a0000, lpmodinfo=0x23d1c80, cb=0x18 | out: lpmodinfo=0x23d1c80*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0118.739] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0118.739] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x663a0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0118.739] CoTaskMemFree (pv=0x5537a0) [0118.739] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0118.739] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x663a0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0118.740] CoTaskMemFree (pv=0x552f90) [0118.740] CloseHandle (hObject=0x268) returned 1 [0118.740] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0118.740] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc7c) returned 0x0 [0118.740] EnumProcesses (in: lpidProcess=0x23d4458, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x23d4458, lpcbNeeded=0x14ee58) returned 1 [0118.749] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1040) returned 0x268 [0118.749] EnumProcessModules (in: hProcess=0x268, lphModule=0x23d4da8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23d4da8, lpcbNeeded=0x14ef68) returned 1 [0118.750] GetModuleInformation (in: hProcess=0x268, hModule=0x1280000, lpmodinfo=0x23d5018, cb=0x18 | out: lpmodinfo=0x23d5018*(lpBaseOfDll=0x1280000, SizeOfImage=0x17000, EntryPoint=0x12814a1)) returned 1 [0118.750] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0118.750] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x1280000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="icq.exe") returned 0x7 [0118.751] CoTaskMemFree (pv=0x54d6e0) [0118.751] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0118.751] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x1280000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows NT\\icq.exe" (normalized: "c:\\program files\\windows nt\\icq.exe")) returned 0x23 [0118.752] CoTaskMemFree (pv=0x54f720) [0118.752] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x23d71f8, cb=0x18 | out: lpmodinfo=0x23d71f8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0118.752] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0118.752] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0118.753] CoTaskMemFree (pv=0x54f720) [0118.753] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0118.753] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0118.753] CoTaskMemFree (pv=0x5547c0) [0118.753] GetModuleInformation (in: hProcess=0x268, hModule=0x66350000, lpmodinfo=0x23d93a0, cb=0x18 | out: lpmodinfo=0x23d93a0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0118.755] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0118.755] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x66350000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0118.755] CoTaskMemFree (pv=0x5547c0) [0118.755] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0118.755] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x66350000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0118.756] CoTaskMemFree (pv=0x54ef10) [0118.756] GetModuleInformation (in: hProcess=0x268, hModule=0x662d0000, lpmodinfo=0x23db548, cb=0x18 | out: lpmodinfo=0x23db548*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0118.757] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0118.757] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x662d0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0118.757] CoTaskMemFree (pv=0x54d6e0) [0118.758] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0118.758] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x662d0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0118.758] CoTaskMemFree (pv=0x550f50) [0118.758] GetModuleInformation (in: hProcess=0x268, hModule=0x663a0000, lpmodinfo=0x23dd700, cb=0x18 | out: lpmodinfo=0x23dd700*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0118.759] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0118.759] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x663a0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0118.760] CoTaskMemFree (pv=0x54e700) [0118.760] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0118.760] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x663a0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0118.760] CoTaskMemFree (pv=0x5537a0) [0118.760] CloseHandle (hObject=0x268) returned 1 [0118.761] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0118.761] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1104) returned 0x268 [0118.761] EnumProcessModules (in: hProcess=0x268, lphModule=0x23dfed8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23dfed8, lpcbNeeded=0x14ef68) returned 1 [0118.762] GetModuleInformation (in: hProcess=0x268, hModule=0x130000, lpmodinfo=0x23e0148, cb=0x18 | out: lpmodinfo=0x23e0148*(lpBaseOfDll=0x130000, SizeOfImage=0x17000, EntryPoint=0x1314a1)) returned 1 [0118.762] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.762] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x130000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="active-charge.exe") returned 0x11 [0118.762] CoTaskMemFree (pv=0x54def0) [0118.762] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.762] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x130000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsPowerShell\\active-charge.exe" (normalized: "c:\\program files\\windowspowershell\\active-charge.exe")) returned 0x34 [0118.763] CoTaskMemFree (pv=0x551f70) [0118.763] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x23e2368, cb=0x18 | out: lpmodinfo=0x23e2368*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0118.763] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0118.763] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0118.764] CoTaskMemFree (pv=0x550740) [0118.764] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0118.764] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0118.764] CoTaskMemFree (pv=0x5547c0) [0118.764] GetModuleInformation (in: hProcess=0x268, hModule=0x66350000, lpmodinfo=0x23e4510, cb=0x18 | out: lpmodinfo=0x23e4510*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0118.765] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0118.765] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x66350000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0118.765] CoTaskMemFree (pv=0x552f90) [0118.765] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0118.765] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x66350000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0118.766] CoTaskMemFree (pv=0x550f50) [0118.766] GetModuleInformation (in: hProcess=0x268, hModule=0x662d0000, lpmodinfo=0x23e66b8, cb=0x18 | out: lpmodinfo=0x23e66b8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0118.767] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0118.767] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x662d0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0118.767] CoTaskMemFree (pv=0x550f50) [0118.767] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0118.767] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x662d0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0118.768] CoTaskMemFree (pv=0x552780) [0118.768] GetModuleInformation (in: hProcess=0x268, hModule=0x663a0000, lpmodinfo=0x23e8870, cb=0x18 | out: lpmodinfo=0x23e8870*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0118.769] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0118.769] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x663a0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0118.769] CoTaskMemFree (pv=0x5537a0) [0118.769] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0118.770] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x663a0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0118.770] CoTaskMemFree (pv=0x550f50) [0118.770] CloseHandle (hObject=0x268) returned 1 [0118.771] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0118.771] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11c8) returned 0x268 [0118.771] EnumProcessModules (in: hProcess=0x268, lphModule=0x23eb048, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23eb048, lpcbNeeded=0x14ef68) returned 1 [0118.771] GetModuleInformation (in: hProcess=0x268, hModule=0x11f0000, lpmodinfo=0x23eb2b8, cb=0x18 | out: lpmodinfo=0x23eb2b8*(lpBaseOfDll=0x11f0000, SizeOfImage=0x17000, EntryPoint=0x11f14a1)) returned 1 [0118.772] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0118.772] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x11f0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="if sometimes.exe") returned 0x10 [0118.772] CoTaskMemFree (pv=0x54ef10) [0118.772] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0118.772] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x11f0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsPowerShell\\if sometimes.exe" (normalized: "c:\\program files\\windowspowershell\\if sometimes.exe")) returned 0x33 [0118.773] CoTaskMemFree (pv=0x54f720) [0118.773] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x23ed4d0, cb=0x18 | out: lpmodinfo=0x23ed4d0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0118.773] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0118.773] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0118.774] CoTaskMemFree (pv=0x552f90) [0118.774] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0118.774] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0118.774] CoTaskMemFree (pv=0x5547c0) [0118.774] GetModuleInformation (in: hProcess=0x268, hModule=0x66350000, lpmodinfo=0x23ef678, cb=0x18 | out: lpmodinfo=0x23ef678*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0118.775] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0118.775] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x66350000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0118.775] CoTaskMemFree (pv=0x551760) [0118.775] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.775] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x66350000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0118.776] CoTaskMemFree (pv=0x54def0) [0118.776] GetModuleInformation (in: hProcess=0x268, hModule=0x662d0000, lpmodinfo=0x23f1820, cb=0x18 | out: lpmodinfo=0x23f1820*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0118.777] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0118.777] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x662d0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0118.777] CoTaskMemFree (pv=0x54f720) [0118.777] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.777] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x662d0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0118.778] CoTaskMemFree (pv=0x551f70) [0118.778] GetModuleInformation (in: hProcess=0x268, hModule=0x663a0000, lpmodinfo=0x23f39d8, cb=0x18 | out: lpmodinfo=0x23f39d8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0118.779] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0118.779] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x663a0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0118.779] CoTaskMemFree (pv=0x5537a0) [0118.779] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0118.779] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x663a0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0118.780] CoTaskMemFree (pv=0x54ff30) [0118.780] CloseHandle (hObject=0x268) returned 1 [0118.780] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0118.780] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xf28) returned 0x0 [0118.780] EnumProcesses (in: lpidProcess=0x23f61b0, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x23f61b0, lpcbNeeded=0x14ee58) returned 1 [0118.789] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3e8) returned 0x268 [0118.789] EnumProcessModules (in: hProcess=0x268, lphModule=0x23f6b00, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23f6b00, lpcbNeeded=0x14ef68) returned 1 [0118.806] EnumProcessModules (in: hProcess=0x268, lphModule=0x23f6d18, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x23f6d18, lpcbNeeded=0x14ef68) returned 1 [0118.825] EnumProcessModules (in: hProcess=0x268, lphModule=0x23f7130, cb=0x800, lpcbNeeded=0x14ef68 | out: lphModule=0x23f7130, lpcbNeeded=0x14ef68) returned 1 [0118.843] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff6a3140000, lpmodinfo=0x23f79a0, cb=0x18 | out: lpmodinfo=0x23f79a0*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0118.843] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0118.843] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff6a3140000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0118.844] CoTaskMemFree (pv=0x551760) [0118.844] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0118.844] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff6a3140000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0118.844] CoTaskMemFree (pv=0x54ff30) [0118.844] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x23f9b80, cb=0x18 | out: lpmodinfo=0x23f9b80*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0118.844] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0118.845] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0118.845] CoTaskMemFree (pv=0x54d6e0) [0118.845] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0118.845] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0118.846] CoTaskMemFree (pv=0x551760) [0118.846] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f640000, lpmodinfo=0x23fbd28, cb=0x18 | out: lpmodinfo=0x23fbd28*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0118.846] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0118.846] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f640000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0118.847] CoTaskMemFree (pv=0x54f720) [0118.847] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0118.847] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f640000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0118.847] CoTaskMemFree (pv=0x550f50) [0118.847] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ce40000, lpmodinfo=0x23fdee0, cb=0x18 | out: lpmodinfo=0x23fdee0*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0118.848] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.848] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ce40000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0118.849] CoTaskMemFree (pv=0x54def0) [0118.849] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0118.849] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ce40000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0118.849] CoTaskMemFree (pv=0x54e700) [0118.849] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f970000, lpmodinfo=0x2400098, cb=0x18 | out: lpmodinfo=0x2400098*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0118.850] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0118.850] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f970000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0118.851] CoTaskMemFree (pv=0x5547c0) [0118.851] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0118.851] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f970000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0118.852] CoTaskMemFree (pv=0x54ff30) [0118.852] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fe80000, lpmodinfo=0x2402298, cb=0x18 | out: lpmodinfo=0x2402298*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0118.853] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0118.853] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fe80000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0118.854] CoTaskMemFree (pv=0x54ef10) [0118.854] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0118.854] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fe80000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0118.855] CoTaskMemFree (pv=0x550740) [0118.855] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b760000, lpmodinfo=0x2404440, cb=0x18 | out: lpmodinfo=0x2404440*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0118.856] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0118.856] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b760000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0118.857] CoTaskMemFree (pv=0x5537a0) [0118.857] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0118.857] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b760000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0118.859] CoTaskMemFree (pv=0x552f90) [0118.859] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f6f0000, lpmodinfo=0x24065f8, cb=0x18 | out: lpmodinfo=0x24065f8*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0118.860] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.860] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f6f0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0118.861] CoTaskMemFree (pv=0x551f70) [0118.862] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0118.862] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f6f0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0118.863] CoTaskMemFree (pv=0x54ff30) [0118.863] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fde0000, lpmodinfo=0x24087a0, cb=0x18 | out: lpmodinfo=0x24087a0*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0118.863] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.864] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fde0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0118.865] CoTaskMemFree (pv=0x54def0) [0118.865] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0118.865] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fde0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0118.866] CoTaskMemFree (pv=0x552f90) [0118.866] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d030000, lpmodinfo=0x240a9e0, cb=0x18 | out: lpmodinfo=0x240a9e0*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0118.867] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0118.867] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d030000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0118.868] CoTaskMemFree (pv=0x54f720) [0118.868] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0118.868] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d030000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0118.869] CoTaskMemFree (pv=0x54ff30) [0118.869] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c640000, lpmodinfo=0x240cbb8, cb=0x18 | out: lpmodinfo=0x240cbb8*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0118.870] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0118.870] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c640000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0118.871] CoTaskMemFree (pv=0x553fb0) [0118.871] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0118.871] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c640000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0118.872] CoTaskMemFree (pv=0x553fb0) [0118.872] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ed60000, lpmodinfo=0x240ed80, cb=0x18 | out: lpmodinfo=0x240ed80*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0118.873] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.873] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ed60000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0118.874] CoTaskMemFree (pv=0x551f70) [0118.874] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0118.874] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ed60000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0118.876] CoTaskMemFree (pv=0x552780) [0118.876] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f3e0000, lpmodinfo=0x2410f28, cb=0x18 | out: lpmodinfo=0x2410f28*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0118.877] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.877] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f3e0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0118.878] CoTaskMemFree (pv=0x551f70) [0118.878] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0118.878] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f3e0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0118.880] CoTaskMemFree (pv=0x550f50) [0118.880] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878de0000, lpmodinfo=0x24130d0, cb=0x18 | out: lpmodinfo=0x24130d0*(lpBaseOfDll=0x7ff878de0000, SizeOfImage=0xb000, EntryPoint=0x7ff878de1770)) returned 1 [0118.881] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0118.881] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878de0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="lfsvc.dll") returned 0x9 [0118.883] CoTaskMemFree (pv=0x552780) [0118.883] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0118.883] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878de0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll")) returned 0x1d [0118.884] CoTaskMemFree (pv=0x550f50) [0118.884] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878e80000, lpmodinfo=0x2415278, cb=0x18 | out: lpmodinfo=0x2415278*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0118.886] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0118.886] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878e80000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0118.887] CoTaskMemFree (pv=0x552f90) [0118.887] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0118.887] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878e80000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0118.889] CoTaskMemFree (pv=0x54e700) [0118.889] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878c60000, lpmodinfo=0x2417440, cb=0x18 | out: lpmodinfo=0x2417440*(lpBaseOfDll=0x7ff878c60000, SizeOfImage=0x17c000, EntryPoint=0x7ff878cb1650)) returned 1 [0118.890] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0118.890] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878c60000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="LocationFramework.dll") returned 0x15 [0118.892] CoTaskMemFree (pv=0x54d6e0) [0118.892] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0118.892] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878c60000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll")) returned 0x29 [0118.896] CoTaskMemFree (pv=0x54ef10) [0118.896] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fa80000, lpmodinfo=0x2419618, cb=0x18 | out: lpmodinfo=0x2419618*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0118.897] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0118.897] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fa80000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0118.899] CoTaskMemFree (pv=0x552f90) [0118.899] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0118.899] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fa80000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0118.901] CoTaskMemFree (pv=0x553fb0) [0118.901] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c5f0000, lpmodinfo=0x241b8e8, cb=0x18 | out: lpmodinfo=0x241b8e8*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0118.902] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0118.902] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c5f0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0118.904] CoTaskMemFree (pv=0x550740) [0118.904] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0118.904] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c5f0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0118.906] CoTaskMemFree (pv=0x550f50) [0118.906] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fd30000, lpmodinfo=0x241daa0, cb=0x18 | out: lpmodinfo=0x241daa0*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0118.908] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0118.908] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fd30000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0118.910] CoTaskMemFree (pv=0x551760) [0118.910] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0118.910] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fd30000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0118.911] CoTaskMemFree (pv=0x550f50) [0118.912] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d170000, lpmodinfo=0x241fc58, cb=0x18 | out: lpmodinfo=0x241fc58*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0118.913] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0118.913] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d170000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0118.915] CoTaskMemFree (pv=0x54ff30) [0118.915] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0118.916] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d170000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0118.917] CoTaskMemFree (pv=0x550740) [0118.917] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c5c0000, lpmodinfo=0x2421e00, cb=0x18 | out: lpmodinfo=0x2421e00*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0118.919] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0118.919] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c5c0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0118.921] CoTaskMemFree (pv=0x54ff30) [0118.921] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0118.921] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c5c0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0118.923] CoTaskMemFree (pv=0x54ef10) [0118.923] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87eed0000, lpmodinfo=0x2423fa8, cb=0x18 | out: lpmodinfo=0x2423fa8*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0118.925] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0118.925] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87eed0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0118.927] CoTaskMemFree (pv=0x551760) [0118.927] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0118.927] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87eed0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0118.929] CoTaskMemFree (pv=0x54d6e0) [0118.929] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ae70000, lpmodinfo=0x2426150, cb=0x18 | out: lpmodinfo=0x2426150*(lpBaseOfDll=0x7ff87ae70000, SizeOfImage=0x40000, EntryPoint=0x7ff87ae81960)) returned 1 [0118.931] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0118.931] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ae70000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="BrokerLib.dll") returned 0xd [0118.933] CoTaskMemFree (pv=0x5537a0) [0118.933] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0118.933] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ae70000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")) returned 0x21 [0118.935] CoTaskMemFree (pv=0x551760) [0118.935] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878bf0000, lpmodinfo=0x2428308, cb=0x18 | out: lpmodinfo=0x2428308*(lpBaseOfDll=0x7ff878bf0000, SizeOfImage=0x61000, EntryPoint=0x7ff878bf4b50)) returned 1 [0118.937] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0118.937] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878bf0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="wlanapi.dll") returned 0xb [0118.939] CoTaskMemFree (pv=0x54f720) [0118.940] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0118.940] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878bf0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")) returned 0x1f [0118.942] CoTaskMemFree (pv=0x550740) [0118.942] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878b20000, lpmodinfo=0x242a4b0, cb=0x18 | out: lpmodinfo=0x242a4b0*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0118.944] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0118.944] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878b20000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="WINHTTP.dll") returned 0xb [0118.946] CoTaskMemFree (pv=0x54f720) [0118.946] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0118.946] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878b20000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINHTTP.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0118.949] CoTaskMemFree (pv=0x552780) [0118.949] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878ff0000, lpmodinfo=0x242c658, cb=0x18 | out: lpmodinfo=0x242c658*(lpBaseOfDll=0x7ff878ff0000, SizeOfImage=0x36000, EntryPoint=0x7ff879000070)) returned 1 [0118.951] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0118.951] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878ff0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0118.953] CoTaskMemFree (pv=0x552f90) [0118.953] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.953] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878ff0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0118.956] CoTaskMemFree (pv=0x54def0) [0118.956] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f9d0000, lpmodinfo=0x242e800, cb=0x18 | out: lpmodinfo=0x242e800*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0118.959] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.959] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f9d0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0118.961] CoTaskMemFree (pv=0x551f70) [0118.961] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0118.961] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f9d0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0118.965] CoTaskMemFree (pv=0x5537a0) [0118.965] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8788d0000, lpmodinfo=0x24309a8, cb=0x18 | out: lpmodinfo=0x24309a8*(lpBaseOfDll=0x7ff8788d0000, SizeOfImage=0x20000, EntryPoint=0x7ff8788d39a0)) returned 1 [0118.967] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0118.967] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8788d0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="LocationWinPalMisc.dll") returned 0x16 [0118.970] CoTaskMemFree (pv=0x5547c0) [0118.970] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0118.970] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8788d0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll")) returned 0x2a [0118.973] CoTaskMemFree (pv=0x551f70) [0118.973] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d650000, lpmodinfo=0x2432b80, cb=0x18 | out: lpmodinfo=0x2432b80*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0118.975] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0118.975] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d650000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0118.978] CoTaskMemFree (pv=0x54e700) [0118.978] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0118.978] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d650000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0118.981] CoTaskMemFree (pv=0x552780) [0118.981] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c710000, lpmodinfo=0x2434d28, cb=0x18 | out: lpmodinfo=0x2434d28*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0118.984] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0118.984] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c710000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0118.986] CoTaskMemFree (pv=0x54def0) [0118.986] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0118.986] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c710000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0118.989] CoTaskMemFree (pv=0x5547c0) [0118.989] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c760000, lpmodinfo=0x2436ee0, cb=0x18 | out: lpmodinfo=0x2436ee0*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0118.992] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0118.992] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c760000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0118.995] CoTaskMemFree (pv=0x54e700) [0118.995] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0118.995] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c760000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0119.003] CoTaskMemFree (pv=0x54ff30) [0119.003] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fb50000, lpmodinfo=0x24390a8, cb=0x18 | out: lpmodinfo=0x24390a8*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0119.006] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0119.006] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fb50000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0119.009] CoTaskMemFree (pv=0x54d6e0) [0119.009] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0119.009] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fb50000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0119.014] CoTaskMemFree (pv=0x552780) [0119.014] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c650000, lpmodinfo=0x243b250, cb=0x18 | out: lpmodinfo=0x243b250*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0119.017] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0119.017] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c650000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0119.020] CoTaskMemFree (pv=0x54ef10) [0119.020] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0119.020] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c650000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0119.022] CoTaskMemFree (pv=0x550740) [0119.022] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c5d0000, lpmodinfo=0x243d610, cb=0x18 | out: lpmodinfo=0x243d610*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0119.026] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0119.026] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c5d0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0119.029] CoTaskMemFree (pv=0x54e700) [0119.029] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0119.029] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c5d0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0119.032] CoTaskMemFree (pv=0x54e700) [0119.032] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bd20000, lpmodinfo=0x243f7b8, cb=0x18 | out: lpmodinfo=0x243f7b8*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0119.035] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0119.035] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bd20000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0119.038] CoTaskMemFree (pv=0x551f70) [0119.038] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0119.038] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bd20000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0119.042] CoTaskMemFree (pv=0x551f70) [0119.042] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87afe0000, lpmodinfo=0x2441960, cb=0x18 | out: lpmodinfo=0x2441960*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0119.045] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0119.045] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87afe0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0119.048] CoTaskMemFree (pv=0x54def0) [0119.048] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0119.048] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87afe0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0119.051] CoTaskMemFree (pv=0x5547c0) [0119.051] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878890000, lpmodinfo=0x2443b08, cb=0x18 | out: lpmodinfo=0x2443b08*(lpBaseOfDll=0x7ff878890000, SizeOfImage=0x37000, EntryPoint=0x7ff878896020)) returned 1 [0119.055] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0119.055] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878890000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="GnssAdapter.dll") returned 0xf [0119.058] CoTaskMemFree (pv=0x550f50) [0119.058] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0119.058] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878890000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll")) returned 0x23 [0119.061] CoTaskMemFree (pv=0x551760) [0119.061] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878830000, lpmodinfo=0x2445cc0, cb=0x18 | out: lpmodinfo=0x2445cc0*(lpBaseOfDll=0x7ff878830000, SizeOfImage=0x55000, EntryPoint=0x7ff878833fb0)) returned 1 [0119.064] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0119.064] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878830000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="policymanager.dll") returned 0x11 [0119.067] CoTaskMemFree (pv=0x551f70) [0119.067] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0119.067] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878830000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")) returned 0x25 [0119.071] CoTaskMemFree (pv=0x550740) [0119.071] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878820000, lpmodinfo=0x2447e88, cb=0x18 | out: lpmodinfo=0x2447e88*(lpBaseOfDll=0x7ff878820000, SizeOfImage=0xc000, EntryPoint=0x7ff8788214d0)) returned 1 [0119.075] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0119.075] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878820000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="LocationFrameworkPS.dll") returned 0x17 [0119.079] CoTaskMemFree (pv=0x551760) [0119.079] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0119.079] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878820000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")) returned 0x2b [0119.082] CoTaskMemFree (pv=0x54d6e0) [0119.082] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8786d0000, lpmodinfo=0x244a060, cb=0x18 | out: lpmodinfo=0x244a060*(lpBaseOfDll=0x7ff8786d0000, SizeOfImage=0x14d000, EntryPoint=0x7ff878713da0)) returned 1 [0119.085] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0119.086] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8786d0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="gpsvc.dll") returned 0x9 [0119.089] CoTaskMemFree (pv=0x54d6e0) [0119.089] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0119.089] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8786d0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")) returned 0x1d [0119.093] CoTaskMemFree (pv=0x54def0) [0119.093] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b270000, lpmodinfo=0x244c208, cb=0x18 | out: lpmodinfo=0x244c208*(lpBaseOfDll=0x7ff87b270000, SizeOfImage=0xc000, EntryPoint=0x7ff87b272480)) returned 1 [0119.096] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0119.096] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b270000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="SYSNTFY.dll") returned 0xb [0119.100] CoTaskMemFree (pv=0x5537a0) [0119.100] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0119.100] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b270000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SYSNTFY.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")) returned 0x1f [0119.104] CoTaskMemFree (pv=0x54ff30) [0119.104] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8786b0000, lpmodinfo=0x244e3b0, cb=0x18 | out: lpmodinfo=0x244e3b0*(lpBaseOfDll=0x7ff8786b0000, SizeOfImage=0x18000, EntryPoint=0x7ff8786b5910)) returned 1 [0119.107] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0119.107] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8786b0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="nlaapi.dll") returned 0xa [0119.112] CoTaskMemFree (pv=0x54def0) [0119.112] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0119.112] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8786b0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0119.115] CoTaskMemFree (pv=0x54e700) [0119.116] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8786a0000, lpmodinfo=0x2450558, cb=0x18 | out: lpmodinfo=0x2450558*(lpBaseOfDll=0x7ff8786a0000, SizeOfImage=0xa000, EntryPoint=0x7ff8786a1660)) returned 1 [0119.119] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0119.119] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8786a0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="DSROLE.dll") returned 0xa [0119.123] CoTaskMemFree (pv=0x54e700) [0119.123] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0119.123] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8786a0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DSROLE.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")) returned 0x1e [0119.127] CoTaskMemFree (pv=0x550740) [0119.127] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878640000, lpmodinfo=0x2452700, cb=0x18 | out: lpmodinfo=0x2452700*(lpBaseOfDll=0x7ff878640000, SizeOfImage=0x55000, EntryPoint=0x7ff87864fc00)) returned 1 [0119.130] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0119.130] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878640000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="profsvc.dll") returned 0xb [0119.134] CoTaskMemFree (pv=0x54ff30) [0119.134] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0119.134] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878640000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")) returned 0x1f [0119.138] CoTaskMemFree (pv=0x553fb0) [0119.138] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878620000, lpmodinfo=0x24548a8, cb=0x18 | out: lpmodinfo=0x24548a8*(lpBaseOfDll=0x7ff878620000, SizeOfImage=0x1a000, EntryPoint=0x7ff878622cf0)) returned 1 [0119.142] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0119.142] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878620000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="LocationPeLegacyWinLocation.dll") returned 0x1f [0119.146] CoTaskMemFree (pv=0x552f90) [0119.146] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0119.146] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878620000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll")) returned 0x33 [0119.150] CoTaskMemFree (pv=0x550f50) [0119.150] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d3a0000, lpmodinfo=0x2456aa0, cb=0x18 | out: lpmodinfo=0x2456aa0*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0119.154] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0119.154] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d3a0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0119.158] CoTaskMemFree (pv=0x54e700) [0119.158] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0119.158] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d3a0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0119.162] CoTaskMemFree (pv=0x551760) [0119.162] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878600000, lpmodinfo=0x2458c48, cb=0x18 | out: lpmodinfo=0x2458c48*(lpBaseOfDll=0x7ff878600000, SizeOfImage=0x13000, EntryPoint=0x7ff8786057f0)) returned 1 [0119.166] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0119.166] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878600000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="themeservice.dll") returned 0x10 [0119.170] CoTaskMemFree (pv=0x551f70) [0119.170] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0119.170] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878600000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")) returned 0x24 [0119.175] CoTaskMemFree (pv=0x552f90) [0119.175] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c3d0000, lpmodinfo=0x245ae10, cb=0x18 | out: lpmodinfo=0x245ae10*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0119.180] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0119.180] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c3d0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="winsta.dll") returned 0xa [0119.185] CoTaskMemFree (pv=0x54d6e0) [0119.185] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0119.185] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c3d0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0119.189] CoTaskMemFree (pv=0x552780) [0119.189] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878550000, lpmodinfo=0x245cfb8, cb=0x18 | out: lpmodinfo=0x245cfb8*(lpBaseOfDll=0x7ff878550000, SizeOfImage=0x27000, EntryPoint=0x7ff878553bf0)) returned 1 [0119.193] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0119.193] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878550000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="profsvcext.dll") returned 0xe [0119.197] CoTaskMemFree (pv=0x552f90) [0119.197] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0119.197] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878550000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll")) returned 0x22 [0119.201] CoTaskMemFree (pv=0x54ef10) [0119.202] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f570000, lpmodinfo=0x245f170, cb=0x18 | out: lpmodinfo=0x245f170*(lpBaseOfDll=0x7ff87f570000, SizeOfImage=0x5c000, EntryPoint=0x7ff87f58b720)) returned 1 [0119.206] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0119.206] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f570000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0119.210] CoTaskMemFree (pv=0x550f50) [0119.210] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0119.210] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f570000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0119.221] CoTaskMemFree (pv=0x54ff30) [0119.221] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b9d0000, lpmodinfo=0x2461318, cb=0x18 | out: lpmodinfo=0x2461318*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0119.226] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0119.226] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b9d0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0119.231] CoTaskMemFree (pv=0x54f720) [0119.231] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0119.231] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b9d0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0119.235] CoTaskMemFree (pv=0x54e700) [0119.235] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878510000, lpmodinfo=0x24634d0, cb=0x18 | out: lpmodinfo=0x24634d0*(lpBaseOfDll=0x7ff878510000, SizeOfImage=0x3e000, EntryPoint=0x7ff87851a050)) returned 1 [0119.240] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0119.240] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878510000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="logoncli.dll") returned 0xc [0119.245] CoTaskMemFree (pv=0x551f70) [0119.245] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0119.245] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878510000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")) returned 0x20 [0119.249] CoTaskMemFree (pv=0x5537a0) [0119.249] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8784f0000, lpmodinfo=0x2465688, cb=0x18 | out: lpmodinfo=0x2465688*(lpBaseOfDll=0x7ff8784f0000, SizeOfImage=0x11000, EntryPoint=0x7ff8784f7ea0)) returned 1 [0119.254] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0119.254] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8784f0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="dcpapi.dll") returned 0xa [0119.258] CoTaskMemFree (pv=0x551760) [0119.258] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0119.258] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8784f0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll")) returned 0x1e [0119.262] CoTaskMemFree (pv=0x54e700) [0119.262] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8784c0000, lpmodinfo=0x2467830, cb=0x18 | out: lpmodinfo=0x2467830*(lpBaseOfDll=0x7ff8784c0000, SizeOfImage=0x25000, EntryPoint=0x7ff8784d2f20)) returned 1 [0119.268] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0119.268] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8784c0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="wificonnapi.dll") returned 0xf [0119.273] CoTaskMemFree (pv=0x551f70) [0119.273] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0119.273] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8784c0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll")) returned 0x23 [0119.278] CoTaskMemFree (pv=0x551f70) [0119.278] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878400000, lpmodinfo=0x24699e8, cb=0x18 | out: lpmodinfo=0x24699e8*(lpBaseOfDll=0x7ff878400000, SizeOfImage=0xb1000, EntryPoint=0x7ff8784788b0)) returned 1 [0119.283] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0119.283] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878400000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="CellularAPI.dll") returned 0xf [0119.288] CoTaskMemFree (pv=0x551760) [0119.288] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0119.288] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878400000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll")) returned 0x23 [0119.293] CoTaskMemFree (pv=0x54ff30) [0119.293] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c450000, lpmodinfo=0x246bba0, cb=0x18 | out: lpmodinfo=0x246bba0*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0119.298] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0119.298] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c450000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0119.303] CoTaskMemFree (pv=0x551760) [0119.303] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0119.303] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c450000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0119.308] CoTaskMemFree (pv=0x5547c0) [0119.308] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8783e0000, lpmodinfo=0x246dd48, cb=0x18 | out: lpmodinfo=0x246dd48*(lpBaseOfDll=0x7ff8783e0000, SizeOfImage=0x12000, EntryPoint=0x7ff8783e9260)) returned 1 [0119.313] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0119.313] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8783e0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="rilProxy.dll") returned 0xc [0119.318] CoTaskMemFree (pv=0x553fb0) [0119.318] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0119.318] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8783e0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rilProxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll")) returned 0x20 [0119.322] CoTaskMemFree (pv=0x553fb0) [0119.322] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b5c0000, lpmodinfo=0x246ff00, cb=0x18 | out: lpmodinfo=0x246ff00*(lpBaseOfDll=0x7ff87b5c0000, SizeOfImage=0x24000, EntryPoint=0x7ff87b5c3260)) returned 1 [0119.327] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0119.327] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b5c0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="gpapi.dll") returned 0x9 [0119.332] CoTaskMemFree (pv=0x550740) [0119.332] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0119.332] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b5c0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0119.341] CoTaskMemFree (pv=0x54f720) [0119.341] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878310000, lpmodinfo=0x2283840, cb=0x18 | out: lpmodinfo=0x2283840*(lpBaseOfDll=0x7ff878310000, SizeOfImage=0x17000, EntryPoint=0x7ff878315630)) returned 1 [0119.346] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0119.346] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878310000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="sens.dll") returned 0x8 [0119.351] CoTaskMemFree (pv=0x5537a0) [0119.351] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0119.351] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878310000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")) returned 0x1c [0119.356] CoTaskMemFree (pv=0x54d6e0) [0119.356] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878150000, lpmodinfo=0x22859e8, cb=0x18 | out: lpmodinfo=0x22859e8*(lpBaseOfDll=0x7ff878150000, SizeOfImage=0xc000, EntryPoint=0x7ff878152830)) returned 1 [0119.361] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0119.361] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878150000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="bi.dll") returned 0x6 [0119.366] CoTaskMemFree (pv=0x54d6e0) [0119.366] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0119.366] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878150000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")) returned 0x1a [0119.397] CoTaskMemFree (pv=0x54ef10) [0119.397] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875d90000, lpmodinfo=0x2287b80, cb=0x18 | out: lpmodinfo=0x2287b80*(lpBaseOfDll=0x7ff875d90000, SizeOfImage=0xfc000, EntryPoint=0x7ff875dc6df0)) returned 1 [0119.402] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0119.402] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875d90000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="schedsvc.dll") returned 0xc [0119.409] CoTaskMemFree (pv=0x54ef10) [0119.409] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0119.409] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875d90000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")) returned 0x20 [0119.414] CoTaskMemFree (pv=0x552780) [0119.414] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875d40000, lpmodinfo=0x2289d38, cb=0x18 | out: lpmodinfo=0x2289d38*(lpBaseOfDll=0x7ff875d40000, SizeOfImage=0x41000, EntryPoint=0x7ff875d57eb0)) returned 1 [0119.419] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0119.419] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875d40000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="UBPM.dll") returned 0x8 [0119.425] CoTaskMemFree (pv=0x54f720) [0119.425] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0119.425] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875d40000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\UBPM.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")) returned 0x1c [0119.431] CoTaskMemFree (pv=0x54d6e0) [0119.431] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c430000, lpmodinfo=0x228bee0, cb=0x18 | out: lpmodinfo=0x228bee0*(lpBaseOfDll=0x7ff87c430000, SizeOfImage=0x19000, EntryPoint=0x7ff87c435e10)) returned 1 [0119.436] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0119.436] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c430000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="EventAggregation.dll") returned 0x14 [0119.442] CoTaskMemFree (pv=0x551760) [0119.442] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0119.442] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c430000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll")) returned 0x28 [0119.447] CoTaskMemFree (pv=0x5537a0) [0119.447] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b8b0000, lpmodinfo=0x228e0b8, cb=0x18 | out: lpmodinfo=0x228e0b8*(lpBaseOfDll=0x7ff87b8b0000, SizeOfImage=0x49000, EntryPoint=0x7ff87b8ba090)) returned 1 [0119.452] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0119.452] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b8b0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="AUTHZ.dll") returned 0x9 [0119.457] CoTaskMemFree (pv=0x551760) [0119.457] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0119.457] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b8b0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\AUTHZ.dll" (normalized: "c:\\windows\\system32\\authz.dll")) returned 0x1d [0119.463] CoTaskMemFree (pv=0x551760) [0119.463] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875d20000, lpmodinfo=0x2290260, cb=0x18 | out: lpmodinfo=0x2290260*(lpBaseOfDll=0x7ff875d20000, SizeOfImage=0x11000, EntryPoint=0x7ff875d23320)) returned 1 [0119.468] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0119.468] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875d20000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="WMICLNT.dll") returned 0xb [0119.474] CoTaskMemFree (pv=0x5547c0) [0119.474] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0119.474] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875d20000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WMICLNT.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")) returned 0x1f [0119.479] CoTaskMemFree (pv=0x551760) [0119.479] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c240000, lpmodinfo=0x2292820, cb=0x18 | out: lpmodinfo=0x2292820*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0119.485] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0119.485] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c240000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0119.490] CoTaskMemFree (pv=0x552f90) [0119.490] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0119.490] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c240000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0119.496] CoTaskMemFree (pv=0x54d6e0) [0119.496] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875c60000, lpmodinfo=0x22949c8, cb=0x18 | out: lpmodinfo=0x22949c8*(lpBaseOfDll=0x7ff875c60000, SizeOfImage=0x6e000, EntryPoint=0x7ff875c67f60)) returned 1 [0119.503] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0119.503] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875c60000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="taskcomp.dll") returned 0xc [0119.508] CoTaskMemFree (pv=0x552780) [0119.508] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0119.508] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875c60000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")) returned 0x20 [0119.514] CoTaskMemFree (pv=0x54ef10) [0119.514] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87aca0000, lpmodinfo=0x2296b80, cb=0x18 | out: lpmodinfo=0x2296b80*(lpBaseOfDll=0x7ff87aca0000, SizeOfImage=0x1c000, EntryPoint=0x7ff87aca37a0)) returned 1 [0119.519] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0119.519] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87aca0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="SAMLIB.dll") returned 0xa [0119.524] CoTaskMemFree (pv=0x54def0) [0119.525] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0119.525] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87aca0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SAMLIB.dll" (normalized: "c:\\windows\\system32\\samlib.dll")) returned 0x1e [0119.530] CoTaskMemFree (pv=0x552780) [0119.530] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bab0000, lpmodinfo=0x2298d28, cb=0x18 | out: lpmodinfo=0x2298d28*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0119.536] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0119.536] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bab0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0119.541] CoTaskMemFree (pv=0x54def0) [0119.541] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0119.541] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bab0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0119.547] CoTaskMemFree (pv=0x553fb0) [0119.547] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875320000, lpmodinfo=0x229aed0, cb=0x18 | out: lpmodinfo=0x229aed0*(lpBaseOfDll=0x7ff875320000, SizeOfImage=0xe6000, EntryPoint=0x7ff87533cf10)) returned 1 [0119.553] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0119.553] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875320000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="usermgr.dll") returned 0xb [0119.558] CoTaskMemFree (pv=0x550740) [0119.558] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0119.558] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875320000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll")) returned 0x1f [0119.564] CoTaskMemFree (pv=0x553fb0) [0119.564] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff876870000, lpmodinfo=0x229d078, cb=0x18 | out: lpmodinfo=0x229d078*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0119.571] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0119.571] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff876870000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0119.577] CoTaskMemFree (pv=0x54def0) [0119.577] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0119.577] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff876870000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0119.583] CoTaskMemFree (pv=0x54ef10) [0119.583] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8752a0000, lpmodinfo=0x229f230, cb=0x18 | out: lpmodinfo=0x229f230*(lpBaseOfDll=0x7ff8752a0000, SizeOfImage=0x2f000, EntryPoint=0x7ff8752a8910)) returned 1 [0119.588] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0119.588] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8752a0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="WPTaskScheduler.dll") returned 0x13 [0119.665] CoTaskMemFree (pv=0x54d6e0) [0119.665] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0119.665] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8752a0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll")) returned 0x27 [0119.671] CoTaskMemFree (pv=0x54d6e0) [0119.671] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875290000, lpmodinfo=0x22a13f8, cb=0x18 | out: lpmodinfo=0x22a13f8*(lpBaseOfDll=0x7ff875290000, SizeOfImage=0xd000, EntryPoint=0x7ff875292ca0)) returned 1 [0119.679] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0119.679] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875290000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="CSystemEventsBrokerClient.dll") returned 0x1d [0119.684] CoTaskMemFree (pv=0x553fb0) [0119.684] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0119.684] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875290000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll")) returned 0x31 [0119.691] CoTaskMemFree (pv=0x5537a0) [0119.691] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875230000, lpmodinfo=0x22a35f0, cb=0x18 | out: lpmodinfo=0x22a35f0*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff875231b60)) returned 1 [0119.697] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0119.697] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875230000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0119.703] CoTaskMemFree (pv=0x5537a0) [0119.703] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0119.703] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875230000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0119.710] CoTaskMemFree (pv=0x54ef10) [0119.710] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875200000, lpmodinfo=0x22a5798, cb=0x18 | out: lpmodinfo=0x22a5798*(lpBaseOfDll=0x7ff875200000, SizeOfImage=0x2e000, EntryPoint=0x7ff875207550)) returned 1 [0119.716] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0119.716] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875200000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="netjoin.dll") returned 0xb [0119.722] CoTaskMemFree (pv=0x54ff30) [0119.722] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0119.722] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875200000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")) returned 0x1f [0119.728] CoTaskMemFree (pv=0x54d6e0) [0119.728] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c0a0000, lpmodinfo=0x22a7940, cb=0x18 | out: lpmodinfo=0x22a7940*(lpBaseOfDll=0x7ff87c0a0000, SizeOfImage=0x21000, EntryPoint=0x7ff87c0b0250)) returned 1 [0119.734] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0119.734] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c0a0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="JoinUtil.dll") returned 0xc [0119.741] CoTaskMemFree (pv=0x553fb0) [0119.741] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0119.741] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c0a0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\JoinUtil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll")) returned 0x20 [0119.748] CoTaskMemFree (pv=0x54def0) [0119.748] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87be90000, lpmodinfo=0x22a9af8, cb=0x18 | out: lpmodinfo=0x22a9af8*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0119.754] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0119.754] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87be90000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0119.761] CoTaskMemFree (pv=0x54ff30) [0119.761] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0119.761] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87be90000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0119.767] CoTaskMemFree (pv=0x5537a0) [0119.767] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875080000, lpmodinfo=0x22abca0, cb=0x18 | out: lpmodinfo=0x22abca0*(lpBaseOfDll=0x7ff875080000, SizeOfImage=0x41000, EntryPoint=0x7ff875084840)) returned 1 [0119.774] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0119.774] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875080000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="usermgrproxy.dll") returned 0x10 [0119.780] CoTaskMemFree (pv=0x5537a0) [0119.780] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0119.780] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875080000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\usermgrproxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")) returned 0x24 [0119.786] CoTaskMemFree (pv=0x5547c0) [0119.786] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ad00000, lpmodinfo=0x22ade68, cb=0x18 | out: lpmodinfo=0x22ade68*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0119.793] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0119.793] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ad00000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0119.800] CoTaskMemFree (pv=0x553fb0) [0119.800] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0119.800] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ad00000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0119.806] CoTaskMemFree (pv=0x552780) [0119.806] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874f10000, lpmodinfo=0x22b0020, cb=0x18 | out: lpmodinfo=0x22b0020*(lpBaseOfDll=0x7ff874f10000, SizeOfImage=0x9a000, EntryPoint=0x7ff874f2ada0)) returned 1 [0119.814] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0119.814] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874f10000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="shsvcs.dll") returned 0xa [0119.822] CoTaskMemFree (pv=0x550740) [0119.822] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0119.822] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874f10000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")) returned 0x1e [0119.828] CoTaskMemFree (pv=0x54ef10) [0119.829] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87a1f0000, lpmodinfo=0x22b21c8, cb=0x18 | out: lpmodinfo=0x22b21c8*(lpBaseOfDll=0x7ff87a1f0000, SizeOfImage=0x8000, EntryPoint=0x7ff87a1f13e0)) returned 1 [0119.835] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0119.835] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87a1f0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="DABAPI.dll") returned 0xa [0119.842] CoTaskMemFree (pv=0x54ff30) [0119.842] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0119.842] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87a1f0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DABAPI.dll" (normalized: "c:\\windows\\system32\\dabapi.dll")) returned 0x1e [0119.848] CoTaskMemFree (pv=0x551760) [0119.848] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8788f0000, lpmodinfo=0x22b4370, cb=0x18 | out: lpmodinfo=0x22b4370*(lpBaseOfDll=0x7ff8788f0000, SizeOfImage=0x64000, EntryPoint=0x7ff878905ae0)) returned 1 [0119.855] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0119.855] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8788f0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0119.862] CoTaskMemFree (pv=0x551f70) [0119.862] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0119.862] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8788f0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0119.869] CoTaskMemFree (pv=0x54def0) [0119.869] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874e50000, lpmodinfo=0x22b6518, cb=0x18 | out: lpmodinfo=0x22b6518*(lpBaseOfDll=0x7ff874e50000, SizeOfImage=0xc0000, EntryPoint=0x7ff874e7fd20)) returned 1 [0119.876] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0119.876] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874e50000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="FVEAPI.dll") returned 0xa [0119.883] CoTaskMemFree (pv=0x54def0) [0119.883] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0119.883] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874e50000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\FVEAPI.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")) returned 0x1e [0119.889] CoTaskMemFree (pv=0x552f90) [0119.889] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874b10000, lpmodinfo=0x22b86c0, cb=0x18 | out: lpmodinfo=0x22b86c0*(lpBaseOfDll=0x7ff874b10000, SizeOfImage=0x52000, EntryPoint=0x7ff874b138e0)) returned 1 [0119.898] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0119.898] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874b10000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="ProximityService.dll") returned 0x14 [0119.905] CoTaskMemFree (pv=0x54ef10) [0119.905] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0119.905] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874b10000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll")) returned 0x28 [0119.911] CoTaskMemFree (pv=0x54def0) [0119.912] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874ae0000, lpmodinfo=0x22ba898, cb=0x18 | out: lpmodinfo=0x22ba898*(lpBaseOfDll=0x7ff874ae0000, SizeOfImage=0x2d000, EntryPoint=0x7ff874ae2290)) returned 1 [0119.919] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0119.919] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874ae0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="ProximityCommon.dll") returned 0x13 [0119.926] CoTaskMemFree (pv=0x552780) [0119.926] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0119.926] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874ae0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll")) returned 0x27 [0119.933] CoTaskMemFree (pv=0x552780) [0119.933] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874ad0000, lpmodinfo=0x22bca60, cb=0x18 | out: lpmodinfo=0x22bca60*(lpBaseOfDll=0x7ff874ad0000, SizeOfImage=0x9000, EntryPoint=0x7ff874ad1ed0)) returned 1 [0119.940] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0119.940] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874ad0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="ProximityCommonPal.dll") returned 0x16 [0119.947] CoTaskMemFree (pv=0x551f70) [0119.947] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0119.947] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874ad0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll")) returned 0x2a [0119.954] CoTaskMemFree (pv=0x54ef10) [0119.954] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875480000, lpmodinfo=0x22bec38, cb=0x18 | out: lpmodinfo=0x22bec38*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0119.962] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0119.962] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875480000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0119.970] CoTaskMemFree (pv=0x54f720) [0119.970] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0119.970] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875480000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0119.976] CoTaskMemFree (pv=0x550740) [0119.976] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874aa0000, lpmodinfo=0x22c0df0, cb=0x18 | out: lpmodinfo=0x22c0df0*(lpBaseOfDll=0x7ff874aa0000, SizeOfImage=0x10000, EntryPoint=0x7ff874aa1700)) returned 1 [0119.985] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0119.985] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874aa0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="ProximityServicePAL.dll") returned 0x17 [0119.993] CoTaskMemFree (pv=0x54e700) [0119.993] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0119.993] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874aa0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ProximityServicePAL.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll")) returned 0x2b [0120.000] CoTaskMemFree (pv=0x54ef10) [0120.000] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87cdb0000, lpmodinfo=0x22c2fc8, cb=0x18 | out: lpmodinfo=0x22c2fc8*(lpBaseOfDll=0x7ff87cdb0000, SizeOfImage=0x86000, EntryPoint=0x7ff87cdbd8f0)) returned 1 [0120.007] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0120.007] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87cdb0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="firewallapi.dll") returned 0xf [0120.014] CoTaskMemFree (pv=0x54f720) [0120.015] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0120.015] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87cdb0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\firewallapi.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0120.023] CoTaskMemFree (pv=0x54ff30) [0120.023] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b340000, lpmodinfo=0x22c5180, cb=0x18 | out: lpmodinfo=0x22c5180*(lpBaseOfDll=0x7ff87b340000, SizeOfImage=0x32000, EntryPoint=0x7ff87b352340)) returned 1 [0120.030] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0120.030] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b340000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="fwbase.dll") returned 0xa [0120.038] CoTaskMemFree (pv=0x552780) [0120.038] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0120.038] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b340000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")) returned 0x1e [0120.046] CoTaskMemFree (pv=0x54f720) [0120.046] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874a90000, lpmodinfo=0x22c7328, cb=0x18 | out: lpmodinfo=0x22c7328*(lpBaseOfDll=0x7ff874a90000, SizeOfImage=0xe000, EntryPoint=0x7ff874a91460)) returned 1 [0120.054] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0120.054] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874a90000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0120.061] CoTaskMemFree (pv=0x552f90) [0120.061] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0120.061] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874a90000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0120.069] CoTaskMemFree (pv=0x54d6e0) [0120.069] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ab10000, lpmodinfo=0x22c94e0, cb=0x18 | out: lpmodinfo=0x22c94e0*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0120.076] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0120.076] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ab10000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0120.084] CoTaskMemFree (pv=0x54def0) [0120.084] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0120.084] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ab10000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0120.091] CoTaskMemFree (pv=0x551f70) [0120.091] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b5b0000, lpmodinfo=0x22cb688, cb=0x18 | out: lpmodinfo=0x22cb688*(lpBaseOfDll=0x7ff87b5b0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b5b2790)) returned 1 [0120.098] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0120.098] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b5b0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="HID.DLL") returned 0x7 [0120.107] CoTaskMemFree (pv=0x550f50) [0120.108] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0120.108] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b5b0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\HID.DLL" (normalized: "c:\\windows\\system32\\hid.dll")) returned 0x1b [0120.114] CoTaskMemFree (pv=0x551f70) [0120.114] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875b40000, lpmodinfo=0x22cd820, cb=0x18 | out: lpmodinfo=0x22cd820*(lpBaseOfDll=0x7ff875b40000, SizeOfImage=0x10000, EntryPoint=0x7ff875b42c60)) returned 1 [0120.123] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0120.123] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875b40000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="usermgrcli.dll") returned 0xe [0120.130] CoTaskMemFree (pv=0x550740) [0120.131] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0120.131] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875b40000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")) returned 0x22 [0120.138] CoTaskMemFree (pv=0x551f70) [0120.138] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878580000, lpmodinfo=0x22cf9d8, cb=0x18 | out: lpmodinfo=0x22cf9d8*(lpBaseOfDll=0x7ff878580000, SizeOfImage=0x7a000, EntryPoint=0x7ff8785a7630)) returned 1 [0120.146] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0120.146] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878580000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="ES.DLL") returned 0x6 [0120.154] CoTaskMemFree (pv=0x54ff30) [0120.154] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0120.154] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878580000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ES.DLL" (normalized: "c:\\windows\\system32\\es.dll")) returned 0x1a [0120.162] CoTaskMemFree (pv=0x553fb0) [0120.162] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c480000, lpmodinfo=0x22d1b70, cb=0x18 | out: lpmodinfo=0x22d1b70*(lpBaseOfDll=0x7ff87c480000, SizeOfImage=0x99000, EntryPoint=0x7ff87c4af4e0)) returned 1 [0120.170] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0120.170] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c480000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="sxs.dll") returned 0x7 [0120.178] CoTaskMemFree (pv=0x551f70) [0120.178] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0120.178] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c480000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0120.185] CoTaskMemFree (pv=0x550f50) [0120.186] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873210000, lpmodinfo=0x22d3d08, cb=0x18 | out: lpmodinfo=0x22d3d08*(lpBaseOfDll=0x7ff873210000, SizeOfImage=0x236000, EntryPoint=0x7ff87329a450)) returned 1 [0120.193] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0120.193] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873210000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="wuaueng.dll") returned 0xb [0120.201] CoTaskMemFree (pv=0x553fb0) [0120.201] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0120.201] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873210000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wuaueng.dll" (normalized: "c:\\windows\\system32\\wuaueng.dll")) returned 0x1f [0120.209] CoTaskMemFree (pv=0x551f70) [0120.209] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d340000, lpmodinfo=0x22d5eb0, cb=0x18 | out: lpmodinfo=0x22d5eb0*(lpBaseOfDll=0x7ff87d340000, SizeOfImage=0x55000, EntryPoint=0x7ff87d357970)) returned 1 [0120.225] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0120.225] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d340000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0120.233] CoTaskMemFree (pv=0x550740) [0120.233] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0120.233] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d340000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0120.241] CoTaskMemFree (pv=0x552780) [0120.241] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff872f10000, lpmodinfo=0x22d8068, cb=0x18 | out: lpmodinfo=0x22d8068*(lpBaseOfDll=0x7ff872f10000, SizeOfImage=0x2f9000, EntryPoint=0x7ff872fd7280)) returned 1 [0120.249] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0120.249] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff872f10000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="ESENT.dll") returned 0x9 [0120.257] CoTaskMemFree (pv=0x54f720) [0120.257] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0120.258] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff872f10000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ESENT.dll" (normalized: "c:\\windows\\system32\\esent.dll")) returned 0x1d [0120.266] CoTaskMemFree (pv=0x553fb0) [0120.266] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873450000, lpmodinfo=0x22da210, cb=0x18 | out: lpmodinfo=0x22da210*(lpBaseOfDll=0x7ff873450000, SizeOfImage=0x22000, EntryPoint=0x7ff873462540)) returned 1 [0120.274] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0120.274] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873450000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="UpdatePolicy.dll") returned 0x10 [0120.282] CoTaskMemFree (pv=0x54def0) [0120.282] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0120.282] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873450000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\UpdatePolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll")) returned 0x24 [0120.290] CoTaskMemFree (pv=0x551760) [0120.290] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff872ea0000, lpmodinfo=0x22dc3d8, cb=0x18 | out: lpmodinfo=0x22dc3d8*(lpBaseOfDll=0x7ff872ea0000, SizeOfImage=0x65000, EntryPoint=0x7ff872eb3170)) returned 1 [0120.299] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0120.299] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff872ea0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="wuuhext.dll") returned 0xb [0120.307] CoTaskMemFree (pv=0x5537a0) [0120.307] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0120.307] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff872ea0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wuuhext.dll" (normalized: "c:\\windows\\system32\\wuuhext.dll")) returned 0x1f [0120.315] CoTaskMemFree (pv=0x551f70) [0120.315] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87efb0000, lpmodinfo=0x22de580, cb=0x18 | out: lpmodinfo=0x22de580*(lpBaseOfDll=0x7ff87efb0000, SizeOfImage=0x429000, EntryPoint=0x7ff87efd8740)) returned 1 [0120.325] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0120.325] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87efb0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0120.333] CoTaskMemFree (pv=0x551760) [0120.333] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0120.333] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87efb0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0120.341] CoTaskMemFree (pv=0x550f50) [0120.341] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bf40000, lpmodinfo=0x22e0738, cb=0x18 | out: lpmodinfo=0x22e0738*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0120.350] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0120.350] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bf40000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0120.358] CoTaskMemFree (pv=0x54def0) [0120.358] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0120.358] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bf40000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0120.366] CoTaskMemFree (pv=0x54f720) [0120.366] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff872e10000, lpmodinfo=0x22e28e0, cb=0x18 | out: lpmodinfo=0x22e28e0*(lpBaseOfDll=0x7ff872e10000, SizeOfImage=0x84000, EntryPoint=0x7ff872e22830)) returned 1 [0120.374] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0120.374] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff872e10000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="WINSPOOL.DRV") returned 0xc [0120.398] CoTaskMemFree (pv=0x54d6e0) [0120.399] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0120.399] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff872e10000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINSPOOL.DRV" (normalized: "c:\\windows\\system32\\winspool.drv")) returned 0x20 [0120.408] CoTaskMemFree (pv=0x54ff30) [0120.408] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff872ad0000, lpmodinfo=0x22e4a98, cb=0x18 | out: lpmodinfo=0x22e4a98*(lpBaseOfDll=0x7ff872ad0000, SizeOfImage=0x33a000, EntryPoint=0x7ff872ad8520)) returned 1 [0120.417] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0120.417] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff872ad0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="msi.dll") returned 0x7 [0120.426] CoTaskMemFree (pv=0x551760) [0120.426] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0120.426] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff872ad0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll")) returned 0x1b [0120.434] CoTaskMemFree (pv=0x54def0) [0120.434] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff872a40000, lpmodinfo=0x22e6c30, cb=0x18 | out: lpmodinfo=0x22e6c30*(lpBaseOfDll=0x7ff872a40000, SizeOfImage=0x82000, EntryPoint=0x7ff872a41790)) returned 1 [0120.442] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0120.442] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff872a40000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="newdev.dll") returned 0xa [0120.451] CoTaskMemFree (pv=0x54f720) [0120.451] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0120.451] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff872a40000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\newdev.dll" (normalized: "c:\\windows\\system32\\newdev.dll")) returned 0x1e [0120.460] CoTaskMemFree (pv=0x54def0) [0120.460] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878fc0000, lpmodinfo=0x22e8dd8, cb=0x18 | out: lpmodinfo=0x22e8dd8*(lpBaseOfDll=0x7ff878fc0000, SizeOfImage=0x29000, EntryPoint=0x7ff878fcca00)) returned 1 [0120.468] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0120.468] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878fc0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="Cabinet.dll") returned 0xb [0120.478] CoTaskMemFree (pv=0x54ef10) [0120.478] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0120.478] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878fc0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")) returned 0x1f [0120.487] CoTaskMemFree (pv=0x54d6e0) [0120.487] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87af40000, lpmodinfo=0x22eaf80, cb=0x18 | out: lpmodinfo=0x22eaf80*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0120.496] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0120.496] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87af40000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="UxTheme.dll") returned 0xb [0120.504] CoTaskMemFree (pv=0x550740) [0120.504] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0120.504] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87af40000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\UxTheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0120.513] CoTaskMemFree (pv=0x54e700) [0120.513] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff872a20000, lpmodinfo=0x22ed128, cb=0x18 | out: lpmodinfo=0x22ed128*(lpBaseOfDll=0x7ff872a20000, SizeOfImage=0x13000, EntryPoint=0x7ff872a21b10)) returned 1 [0120.522] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0120.522] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff872a20000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="devrtl.DLL") returned 0xa [0120.531] CoTaskMemFree (pv=0x5547c0) [0120.531] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0120.531] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff872a20000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\devrtl.DLL" (normalized: "c:\\windows\\system32\\devrtl.dll")) returned 0x1e [0120.540] CoTaskMemFree (pv=0x54f720) [0120.540] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff872a10000, lpmodinfo=0x22ef2d0, cb=0x18 | out: lpmodinfo=0x22ef2d0*(lpBaseOfDll=0x7ff872a10000, SizeOfImage=0x10000, EntryPoint=0x7ff872a11690)) returned 1 [0120.550] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0120.550] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff872a10000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="wups.dll") returned 0x8 [0120.559] CoTaskMemFree (pv=0x54def0) [0120.559] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0120.559] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff872a10000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll")) returned 0x1c [0120.567] CoTaskMemFree (pv=0x5537a0) [0120.567] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c060000, lpmodinfo=0x22f1478, cb=0x18 | out: lpmodinfo=0x22f1478*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0120.576] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0120.576] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c060000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="CRYPTBASE.DLL") returned 0xd [0120.585] CoTaskMemFree (pv=0x54def0) [0120.585] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0120.585] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c060000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.DLL" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0120.595] CoTaskMemFree (pv=0x550740) [0120.595] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8727c0000, lpmodinfo=0x22f3630, cb=0x18 | out: lpmodinfo=0x22f3630*(lpBaseOfDll=0x7ff8727c0000, SizeOfImage=0x40000, EntryPoint=0x7ff8727d6c60)) returned 1 [0120.604] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0120.604] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8727c0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0120.613] CoTaskMemFree (pv=0x5537a0) [0120.613] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0120.613] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8727c0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0120.623] CoTaskMemFree (pv=0x552f90) [0120.623] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff872540000, lpmodinfo=0x22f57e8, cb=0x18 | out: lpmodinfo=0x22f57e8*(lpBaseOfDll=0x7ff872540000, SizeOfImage=0x27a000, EntryPoint=0x7ff87255a7a0)) returned 1 [0120.633] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0120.633] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff872540000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="msxml6.dll") returned 0xa [0120.642] CoTaskMemFree (pv=0x54ff30) [0120.642] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0120.642] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff872540000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")) returned 0x1e [0120.651] CoTaskMemFree (pv=0x5547c0) [0120.651] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bbd0000, lpmodinfo=0x22f7990, cb=0x18 | out: lpmodinfo=0x22f7990*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0120.660] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0120.660] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bbd0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0120.670] CoTaskMemFree (pv=0x54d6e0) [0120.670] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0120.670] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bbd0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0120.680] CoTaskMemFree (pv=0x54f720) [0120.680] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff870cf0000, lpmodinfo=0x22f9b38, cb=0x18 | out: lpmodinfo=0x22f9b38*(lpBaseOfDll=0x7ff870cf0000, SizeOfImage=0x3c000, EntryPoint=0x7ff870cf6aa0)) returned 1 [0120.690] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0120.690] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff870cf0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="wmisvc.dll") returned 0xa [0120.699] CoTaskMemFree (pv=0x54f720) [0120.699] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0120.699] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff870cf0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wbem\\wmisvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")) returned 0x23 [0120.708] CoTaskMemFree (pv=0x5547c0) [0120.708] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff870c70000, lpmodinfo=0x22fbce8, cb=0x18 | out: lpmodinfo=0x22fbce8*(lpBaseOfDll=0x7ff870c70000, SizeOfImage=0x7f000, EntryPoint=0x7ff870c87110)) returned 1 [0120.717] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0120.717] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff870c70000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="wbemcomn.dll") returned 0xc [0120.727] CoTaskMemFree (pv=0x5547c0) [0120.727] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0120.727] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff870c70000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")) returned 0x20 [0120.737] CoTaskMemFree (pv=0x54ef10) [0120.737] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8704c0000, lpmodinfo=0x22fdea0, cb=0x18 | out: lpmodinfo=0x22fdea0*(lpBaseOfDll=0x7ff8704c0000, SizeOfImage=0x4c000, EntryPoint=0x7ff8704d5310)) returned 1 [0120.746] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0120.747] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8704c0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="srvsvc.dll") returned 0xa [0120.756] CoTaskMemFree (pv=0x54d6e0) [0120.756] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0120.756] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8704c0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")) returned 0x1e [0120.766] CoTaskMemFree (pv=0x550f50) [0120.766] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87efa0000, lpmodinfo=0x2300048, cb=0x18 | out: lpmodinfo=0x2300048*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0120.775] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0120.775] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87efa0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0120.798] CoTaskMemFree (pv=0x54e700) [0120.798] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0120.798] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87efa0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0120.808] CoTaskMemFree (pv=0x5537a0) [0120.808] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8750d0000, lpmodinfo=0x23021e0, cb=0x18 | out: lpmodinfo=0x23021e0*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0120.818] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0120.818] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8750d0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0120.827] CoTaskMemFree (pv=0x54def0) [0120.827] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0120.827] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8750d0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0120.837] CoTaskMemFree (pv=0x551f70) [0120.837] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8703c0000, lpmodinfo=0x2304388, cb=0x18 | out: lpmodinfo=0x2304388*(lpBaseOfDll=0x7ff8703c0000, SizeOfImage=0xf3000, EntryPoint=0x7ff8703e5d80)) returned 1 [0120.857] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0120.857] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8703c0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="iphlpsvc.dll") returned 0xc [0120.866] CoTaskMemFree (pv=0x550740) [0120.867] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0120.867] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8703c0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")) returned 0x20 [0120.877] CoTaskMemFree (pv=0x5547c0) [0120.877] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874fc0000, lpmodinfo=0x2306540, cb=0x18 | out: lpmodinfo=0x2306540*(lpBaseOfDll=0x7ff874fc0000, SizeOfImage=0x67000, EntryPoint=0x7ff874fc63e0)) returned 1 [0120.887] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0120.887] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874fc0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0120.896] CoTaskMemFree (pv=0x552f90) [0120.896] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0120.896] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874fc0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0120.907] CoTaskMemFree (pv=0x550f50) [0120.907] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875560000, lpmodinfo=0x23086f8, cb=0x18 | out: lpmodinfo=0x23086f8*(lpBaseOfDll=0x7ff875560000, SizeOfImage=0x14000, EntryPoint=0x7ff875562d50)) returned 1 [0120.916] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0120.916] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875560000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0120.927] CoTaskMemFree (pv=0x550f50) [0120.927] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0120.927] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875560000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")) returned 0x1f [0120.938] CoTaskMemFree (pv=0x552780) [0120.938] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff870370000, lpmodinfo=0x230a8a0, cb=0x18 | out: lpmodinfo=0x230a8a0*(lpBaseOfDll=0x7ff870370000, SizeOfImage=0x41000, EntryPoint=0x7ff870373750)) returned 1 [0120.948] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0120.948] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff870370000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="sqmapi.dll") returned 0xa [0120.964] CoTaskMemFree (pv=0x5537a0) [0120.964] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0120.964] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff870370000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")) returned 0x1e [0120.975] CoTaskMemFree (pv=0x550f50) [0120.975] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f6c0000, lpmodinfo=0x230ca48, cb=0x18 | out: lpmodinfo=0x230ca48*(lpBaseOfDll=0x7ff86f6c0000, SizeOfImage=0x25000, EntryPoint=0x7ff86f6c5ca0)) returned 1 [0120.985] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0120.985] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f6c0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="httpprxm.dll") returned 0xc [0120.996] CoTaskMemFree (pv=0x54ef10) [0120.996] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0120.996] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f6c0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll")) returned 0x20 [0121.006] CoTaskMemFree (pv=0x54f720) [0121.006] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f6a0000, lpmodinfo=0x230ec00, cb=0x18 | out: lpmodinfo=0x230ec00*(lpBaseOfDll=0x7ff86f6a0000, SizeOfImage=0x18000, EntryPoint=0x7ff86f6a4e10)) returned 1 [0121.016] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0121.016] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f6a0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="adhsvc.dll") returned 0xa [0121.034] CoTaskMemFree (pv=0x552f90) [0121.034] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0121.034] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f6a0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll")) returned 0x1e [0121.047] CoTaskMemFree (pv=0x5547c0) [0121.048] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff872410000, lpmodinfo=0x2310da8, cb=0x18 | out: lpmodinfo=0x2310da8*(lpBaseOfDll=0x7ff872410000, SizeOfImage=0x9000, EntryPoint=0x7ff8724121d0)) returned 1 [0121.058] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0121.058] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff872410000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="httpprxc.dll") returned 0xc [0121.068] CoTaskMemFree (pv=0x551760) [0121.068] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0121.068] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff872410000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll")) returned 0x20 [0121.080] CoTaskMemFree (pv=0x54def0) [0121.080] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875270000, lpmodinfo=0x2312f60, cb=0x18 | out: lpmodinfo=0x2312f60*(lpBaseOfDll=0x7ff875270000, SizeOfImage=0x16000, EntryPoint=0x7ff8752719f0)) returned 1 [0121.090] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0121.090] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875270000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0121.100] CoTaskMemFree (pv=0x54f720) [0121.100] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0121.100] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875270000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0121.111] CoTaskMemFree (pv=0x551f70) [0121.111] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875250000, lpmodinfo=0x2315118, cb=0x18 | out: lpmodinfo=0x2315118*(lpBaseOfDll=0x7ff875250000, SizeOfImage=0x1a000, EntryPoint=0x7ff875252430)) returned 1 [0121.121] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0121.121] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875250000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0121.132] CoTaskMemFree (pv=0x5537a0) [0121.132] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0121.132] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875250000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0121.145] CoTaskMemFree (pv=0x54ff30) [0121.145] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f670000, lpmodinfo=0x23172d0, cb=0x18 | out: lpmodinfo=0x23172d0*(lpBaseOfDll=0x7ff86f670000, SizeOfImage=0x11000, EntryPoint=0x7ff86f671d30)) returned 1 [0121.155] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0121.155] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f670000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="SSCORE.DLL") returned 0xa [0121.165] CoTaskMemFree (pv=0x551760) [0121.165] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0121.165] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f670000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSCORE.DLL" (normalized: "c:\\windows\\system32\\sscore.dll")) returned 0x1e [0121.175] CoTaskMemFree (pv=0x54ff30) [0121.175] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f660000, lpmodinfo=0x2319c90, cb=0x18 | out: lpmodinfo=0x2319c90*(lpBaseOfDll=0x7ff86f660000, SizeOfImage=0x9000, EntryPoint=0x7ff86f6618f0)) returned 1 [0121.186] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0121.186] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f660000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="sscoreext.dll") returned 0xd [0121.197] CoTaskMemFree (pv=0x54d6e0) [0121.197] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0121.197] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f660000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll")) returned 0x21 [0121.208] CoTaskMemFree (pv=0x551760) [0121.208] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f640000, lpmodinfo=0x231be48, cb=0x18 | out: lpmodinfo=0x231be48*(lpBaseOfDll=0x7ff86f640000, SizeOfImage=0x20000, EntryPoint=0x7ff86f641f50)) returned 1 [0121.232] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0121.232] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f640000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="mi.dll") returned 0x6 [0121.243] CoTaskMemFree (pv=0x54f720) [0121.243] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0121.243] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f640000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll")) returned 0x1a [0121.254] CoTaskMemFree (pv=0x550f50) [0121.255] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f5e0000, lpmodinfo=0x231dfe0, cb=0x18 | out: lpmodinfo=0x231dfe0*(lpBaseOfDll=0x7ff86f5e0000, SizeOfImage=0x5e000, EntryPoint=0x7ff86f5e5080)) returned 1 [0121.266] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0121.266] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f5e0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="miutils.dll") returned 0xb [0121.277] CoTaskMemFree (pv=0x54def0) [0121.277] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0121.277] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f5e0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll")) returned 0x1f [0121.287] CoTaskMemFree (pv=0x54e700) [0121.287] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f5b0000, lpmodinfo=0x2320188, cb=0x18 | out: lpmodinfo=0x2320188*(lpBaseOfDll=0x7ff86f5b0000, SizeOfImage=0x2e000, EntryPoint=0x7ff86f5b2300)) returned 1 [0121.299] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0121.299] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f5b0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="wmidcom.dll") returned 0xb [0121.310] CoTaskMemFree (pv=0x5547c0) [0121.310] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0121.310] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f5b0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll")) returned 0x1f [0121.322] CoTaskMemFree (pv=0x54ff30) [0121.322] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bc10000, lpmodinfo=0x2322330, cb=0x18 | out: lpmodinfo=0x2322330*(lpBaseOfDll=0x7ff87bc10000, SizeOfImage=0xa000, EntryPoint=0x7ff87bc11830)) returned 1 [0121.333] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0121.333] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bc10000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="DPAPI.DLL") returned 0x9 [0121.344] CoTaskMemFree (pv=0x54ef10) [0121.344] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0121.344] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bc10000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DPAPI.DLL" (normalized: "c:\\windows\\system32\\dpapi.dll")) returned 0x1d [0121.355] CoTaskMemFree (pv=0x550740) [0121.355] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f550000, lpmodinfo=0x23244d8, cb=0x18 | out: lpmodinfo=0x23244d8*(lpBaseOfDll=0x7ff86f550000, SizeOfImage=0x52000, EntryPoint=0x7ff86f555770)) returned 1 [0121.370] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0121.370] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f550000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="RESUTILS.DLL") returned 0xc [0121.390] CoTaskMemFree (pv=0x5537a0) [0121.390] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0121.390] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f550000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RESUTILS.DLL" (normalized: "c:\\windows\\system32\\resutils.dll")) returned 0x20 [0121.401] CoTaskMemFree (pv=0x552f90) [0121.401] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f4a0000, lpmodinfo=0x2326690, cb=0x18 | out: lpmodinfo=0x2326690*(lpBaseOfDll=0x7ff86f4a0000, SizeOfImage=0xa3000, EntryPoint=0x7ff86f4a2c10)) returned 1 [0121.413] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0121.413] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f4a0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="CLUSAPI.dll") returned 0xb [0121.423] CoTaskMemFree (pv=0x551f70) [0121.423] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0121.423] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f4a0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLUSAPI.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")) returned 0x1f [0121.434] CoTaskMemFree (pv=0x54ff30) [0121.434] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c130000, lpmodinfo=0x2328838, cb=0x18 | out: lpmodinfo=0x2328838*(lpBaseOfDll=0x7ff87c130000, SizeOfImage=0x27000, EntryPoint=0x7ff87c140aa0)) returned 1 [0121.446] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0121.446] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c130000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0121.459] CoTaskMemFree (pv=0x54def0) [0121.459] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0121.459] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c130000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0121.470] CoTaskMemFree (pv=0x552f90) [0121.470] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c0f0000, lpmodinfo=0x232a9e0, cb=0x18 | out: lpmodinfo=0x232a9e0*(lpBaseOfDll=0x7ff87c0f0000, SizeOfImage=0x3a000, EntryPoint=0x7ff87c0f8d20)) returned 1 [0121.481] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0121.481] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c0f0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0121.492] CoTaskMemFree (pv=0x54f720) [0121.492] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0121.492] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c0f0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0121.503] CoTaskMemFree (pv=0x54ff30) [0121.503] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f3b0000, lpmodinfo=0x232cb88, cb=0x18 | out: lpmodinfo=0x232cb88*(lpBaseOfDll=0x7ff86f3b0000, SizeOfImage=0x79000, EntryPoint=0x7ff86f3b76a0)) returned 1 [0121.515] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0121.515] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f3b0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="NetSetupShim.dll") returned 0x10 [0121.527] CoTaskMemFree (pv=0x553fb0) [0121.527] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0121.527] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f3b0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll")) returned 0x24 [0121.539] CoTaskMemFree (pv=0x553fb0) [0121.539] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f390000, lpmodinfo=0x232ed50, cb=0x18 | out: lpmodinfo=0x232ed50*(lpBaseOfDll=0x7ff86f390000, SizeOfImage=0x1f000, EntryPoint=0x7ff86f3937e0)) returned 1 [0121.549] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0121.549] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f390000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="NetSetupApi.dll") returned 0xf [0121.562] CoTaskMemFree (pv=0x551f70) [0121.562] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0121.562] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f390000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll")) returned 0x23 [0121.573] CoTaskMemFree (pv=0x552780) [0121.573] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f240000, lpmodinfo=0x2330f08, cb=0x18 | out: lpmodinfo=0x2330f08*(lpBaseOfDll=0x7ff86f240000, SizeOfImage=0x42000, EntryPoint=0x7ff86f243670)) returned 1 [0121.585] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0121.585] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f240000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="WDSCORE.dll") returned 0xb [0121.597] CoTaskMemFree (pv=0x551f70) [0121.597] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0121.597] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f240000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WDSCORE.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")) returned 0x1f [0121.609] CoTaskMemFree (pv=0x550f50) [0121.609] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f100000, lpmodinfo=0x23330b0, cb=0x18 | out: lpmodinfo=0x23330b0*(lpBaseOfDll=0x7ff86f100000, SizeOfImage=0x47000, EntryPoint=0x7ff86f101d10)) returned 1 [0121.627] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0121.627] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f100000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="ACTIVEDS.dll") returned 0xc [0121.640] CoTaskMemFree (pv=0x552780) [0121.640] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0121.640] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f100000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ACTIVEDS.dll" (normalized: "c:\\windows\\system32\\activeds.dll")) returned 0x20 [0121.652] CoTaskMemFree (pv=0x550f50) [0121.652] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f0c0000, lpmodinfo=0x2335268, cb=0x18 | out: lpmodinfo=0x2335268*(lpBaseOfDll=0x7ff86f0c0000, SizeOfImage=0x40000, EntryPoint=0x7ff86f0ccbe0)) returned 1 [0121.664] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0121.664] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f0c0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="adsldpc.dll") returned 0xb [0121.689] CoTaskMemFree (pv=0x552f90) [0121.689] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0121.689] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f0c0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll")) returned 0x1f [0121.702] CoTaskMemFree (pv=0x54e700) [0121.702] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d0a0000, lpmodinfo=0x2337410, cb=0x18 | out: lpmodinfo=0x2337410*(lpBaseOfDll=0x7ff87d0a0000, SizeOfImage=0x17000, EntryPoint=0x7ff87d0a1390)) returned 1 [0121.714] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0121.714] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d0a0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="NETAPI32.DLL") returned 0xc [0121.726] CoTaskMemFree (pv=0x54d6e0) [0121.726] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0121.726] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d0a0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NETAPI32.DLL" (normalized: "c:\\windows\\system32\\netapi32.dll")) returned 0x20 [0121.738] CoTaskMemFree (pv=0x54ef10) [0121.738] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff870dc0000, lpmodinfo=0x23395c8, cb=0x18 | out: lpmodinfo=0x23395c8*(lpBaseOfDll=0x7ff870dc0000, SizeOfImage=0xc000, EntryPoint=0x7ff870dc35c0)) returned 1 [0121.751] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0121.751] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff870dc0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="SECUR32.DLL") returned 0xb [0121.763] CoTaskMemFree (pv=0x552f90) [0121.763] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0121.763] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff870dc0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SECUR32.DLL" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0121.775] CoTaskMemFree (pv=0x553fb0) [0121.775] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8744b0000, lpmodinfo=0x233b770, cb=0x18 | out: lpmodinfo=0x233b770*(lpBaseOfDll=0x7ff8744b0000, SizeOfImage=0x12000, EntryPoint=0x7ff8744b3580)) returned 1 [0121.794] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0121.794] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8744b0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="cscapi.dll") returned 0xa [0121.810] CoTaskMemFree (pv=0x550740) [0121.810] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0121.810] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8744b0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")) returned 0x1e [0121.824] CoTaskMemFree (pv=0x550f50) [0121.824] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b030000, lpmodinfo=0x233d918, cb=0x18 | out: lpmodinfo=0x233d918*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0121.837] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0121.837] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b030000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0121.850] CoTaskMemFree (pv=0x551760) [0121.850] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0121.851] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b030000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0121.864] CoTaskMemFree (pv=0x550f50) [0121.864] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874830000, lpmodinfo=0x233fac0, cb=0x18 | out: lpmodinfo=0x233fac0*(lpBaseOfDll=0x7ff874830000, SizeOfImage=0xa000, EntryPoint=0x7ff8748314c0)) returned 1 [0121.904] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0121.904] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874830000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0121.916] CoTaskMemFree (pv=0x54ff30) [0121.916] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0121.916] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874830000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0121.928] CoTaskMemFree (pv=0x550740) [0121.928] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86efe0000, lpmodinfo=0x2341c78, cb=0x18 | out: lpmodinfo=0x2341c78*(lpBaseOfDll=0x7ff86efe0000, SizeOfImage=0x82000, EntryPoint=0x7ff86efe2a10)) returned 1 [0121.941] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0121.941] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86efe0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="hnetcfg.dll") returned 0xb [0121.955] CoTaskMemFree (pv=0x54ff30) [0121.955] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0121.955] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86efe0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")) returned 0x1f [0121.969] CoTaskMemFree (pv=0x54ef10) [0121.969] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86efc0000, lpmodinfo=0x2343e20, cb=0x18 | out: lpmodinfo=0x2343e20*(lpBaseOfDll=0x7ff86efc0000, SizeOfImage=0x1e000, EntryPoint=0x7ff86efc3a40)) returned 1 [0121.981] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0121.982] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86efc0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="ATL.DLL") returned 0x7 [0121.994] CoTaskMemFree (pv=0x551760) [0121.994] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0121.994] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86efc0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ATL.DLL" (normalized: "c:\\windows\\system32\\atl.dll")) returned 0x1b [0122.007] CoTaskMemFree (pv=0x54d6e0) [0122.007] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86efa0000, lpmodinfo=0x2345fb8, cb=0x18 | out: lpmodinfo=0x2345fb8*(lpBaseOfDll=0x7ff86efa0000, SizeOfImage=0x11000, EntryPoint=0x7ff86efa2fc0)) returned 1 [0122.019] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0122.019] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86efa0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0122.033] CoTaskMemFree (pv=0x5537a0) [0122.033] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0122.033] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86efa0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0122.047] CoTaskMemFree (pv=0x551760) [0122.047] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8706b0000, lpmodinfo=0x2348178, cb=0x18 | out: lpmodinfo=0x2348178*(lpBaseOfDll=0x7ff8706b0000, SizeOfImage=0x182000, EntryPoint=0x7ff8706c82a0)) returned 1 [0122.060] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0122.060] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8706b0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="VSSAPI.DLL") returned 0xa [0122.073] CoTaskMemFree (pv=0x54f720) [0122.073] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0122.073] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8706b0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VSSAPI.DLL" (normalized: "c:\\windows\\system32\\vssapi.dll")) returned 0x1e [0122.087] CoTaskMemFree (pv=0x550740) [0122.087] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff870690000, lpmodinfo=0x234a320, cb=0x18 | out: lpmodinfo=0x234a320*(lpBaseOfDll=0x7ff870690000, SizeOfImage=0x18000, EntryPoint=0x7ff870692000)) returned 1 [0122.099] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0122.099] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff870690000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="VssTrace.DLL") returned 0xc [0122.112] CoTaskMemFree (pv=0x54f720) [0122.112] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0122.112] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff870690000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VssTrace.DLL" (normalized: "c:\\windows\\system32\\vsstrace.dll")) returned 0x20 [0122.124] CoTaskMemFree (pv=0x552780) [0122.124] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875a10000, lpmodinfo=0x234c4d8, cb=0x18 | out: lpmodinfo=0x234c4d8*(lpBaseOfDll=0x7ff875a10000, SizeOfImage=0x19000, EntryPoint=0x7ff875a14520)) returned 1 [0122.137] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0122.137] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875a10000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="samcli.dll") returned 0xa [0122.150] CoTaskMemFree (pv=0x552f90) [0122.150] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0122.150] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875a10000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")) returned 0x1e [0122.163] CoTaskMemFree (pv=0x54def0) [0122.163] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86ef10000, lpmodinfo=0x234e680, cb=0x18 | out: lpmodinfo=0x234e680*(lpBaseOfDll=0x7ff86ef10000, SizeOfImage=0xf000, EntryPoint=0x7ff86ef14960)) returned 1 [0122.175] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0122.175] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86ef10000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="NCI.dll") returned 0x7 [0122.190] CoTaskMemFree (pv=0x551f70) [0122.190] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0122.190] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86ef10000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\NCI.dll" (normalized: "c:\\windows\\system32\\nci.dll")) returned 0x1b [0122.202] CoTaskMemFree (pv=0x5537a0) [0122.202] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86eb10000, lpmodinfo=0x2350818, cb=0x18 | out: lpmodinfo=0x2350818*(lpBaseOfDll=0x7ff86eb10000, SizeOfImage=0x137000, EntryPoint=0x7ff86eb50480)) returned 1 [0122.222] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0122.222] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86eb10000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="wbemcore.dll") returned 0xc [0122.235] CoTaskMemFree (pv=0x5547c0) [0122.235] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0122.235] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86eb10000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")) returned 0x25 [0122.247] CoTaskMemFree (pv=0x551f70) [0122.247] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86ea90000, lpmodinfo=0x23529d8, cb=0x18 | out: lpmodinfo=0x23529d8*(lpBaseOfDll=0x7ff86ea90000, SizeOfImage=0x74000, EntryPoint=0x7ff86eaa5eb0)) returned 1 [0122.260] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0122.260] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86ea90000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="esscli.dll") returned 0xa [0122.272] CoTaskMemFree (pv=0x54e700) [0122.272] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0122.272] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86ea90000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")) returned 0x23 [0122.286] CoTaskMemFree (pv=0x552780) [0122.286] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86e990000, lpmodinfo=0x2354b88, cb=0x18 | out: lpmodinfo=0x2354b88*(lpBaseOfDll=0x7ff86e990000, SizeOfImage=0xf6000, EntryPoint=0x7ff86e9c9590)) returned 1 [0122.299] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0122.299] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86e990000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="FastProx.dll") returned 0xc [0122.312] CoTaskMemFree (pv=0x54def0) [0122.312] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0122.312] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86e990000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\FastProx.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0122.324] CoTaskMemFree (pv=0x5547c0) [0122.324] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86e970000, lpmodinfo=0x2356d48, cb=0x18 | out: lpmodinfo=0x2356d48*(lpBaseOfDll=0x7ff86e970000, SizeOfImage=0x14000, EntryPoint=0x7ff86e971800)) returned 1 [0122.336] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0122.336] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86e970000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0122.348] CoTaskMemFree (pv=0x54e700) [0122.348] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0122.348] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86e970000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0122.360] CoTaskMemFree (pv=0x54ff30) [0122.360] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86e940000, lpmodinfo=0x2358f00, cb=0x18 | out: lpmodinfo=0x2358f00*(lpBaseOfDll=0x7ff86e940000, SizeOfImage=0x25000, EntryPoint=0x7ff86e949900)) returned 1 [0122.388] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0122.388] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86e940000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="wmiutils.dll") returned 0xc [0122.401] CoTaskMemFree (pv=0x54d6e0) [0122.401] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0122.401] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86e940000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")) returned 0x25 [0122.414] CoTaskMemFree (pv=0x552780) [0122.414] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86e8d0000, lpmodinfo=0x235b0c0, cb=0x18 | out: lpmodinfo=0x235b0c0*(lpBaseOfDll=0x7ff86e8d0000, SizeOfImage=0x64000, EntryPoint=0x7ff86e8ebed0)) returned 1 [0122.426] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0122.426] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86e8d0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="repdrvfs.dll") returned 0xc [0122.439] CoTaskMemFree (pv=0x54ef10) [0122.439] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0122.439] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86e8d0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")) returned 0x25 [0122.452] CoTaskMemFree (pv=0x550740) [0122.452] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86e6d0000, lpmodinfo=0x235d280, cb=0x18 | out: lpmodinfo=0x235d280*(lpBaseOfDll=0x7ff86e6d0000, SizeOfImage=0xd000, EntryPoint=0x7ff86e6d1420)) returned 1 [0122.465] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0122.465] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86e6d0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="winrnr.dll") returned 0xa [0122.478] CoTaskMemFree (pv=0x54e700) [0122.478] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0122.478] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86e6d0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")) returned 0x1e [0122.492] CoTaskMemFree (pv=0x54e700) [0122.492] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86e6b0000, lpmodinfo=0x235f428, cb=0x18 | out: lpmodinfo=0x235f428*(lpBaseOfDll=0x7ff86e6b0000, SizeOfImage=0x1a000, EntryPoint=0x7ff86e6b2330)) returned 1 [0122.505] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0122.506] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86e6b0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="pnrpnsp.dll") returned 0xb [0122.518] CoTaskMemFree (pv=0x551f70) [0122.518] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0122.518] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86e6b0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")) returned 0x1f [0122.533] CoTaskMemFree (pv=0x551f70) [0122.533] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86e690000, lpmodinfo=0x23615d0, cb=0x18 | out: lpmodinfo=0x23615d0*(lpBaseOfDll=0x7ff86e690000, SizeOfImage=0x16000, EntryPoint=0x7ff86e691af0)) returned 1 [0122.547] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0122.547] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86e690000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="napinsp.dll") returned 0xb [0122.561] CoTaskMemFree (pv=0x54def0) [0122.561] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0122.561] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86e690000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\napinsp.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")) returned 0x1f [0122.575] CoTaskMemFree (pv=0x5547c0) [0122.575] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86e5b0000, lpmodinfo=0x2363778, cb=0x18 | out: lpmodinfo=0x2363778*(lpBaseOfDll=0x7ff86e5b0000, SizeOfImage=0xd6000, EntryPoint=0x7ff86e5da800)) returned 1 [0122.589] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0122.589] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86e5b0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="wmiprvsd.dll") returned 0xc [0122.603] CoTaskMemFree (pv=0x550f50) [0122.603] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0122.603] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86e5b0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiprvsd.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")) returned 0x25 [0122.617] CoTaskMemFree (pv=0x551760) [0122.617] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86e590000, lpmodinfo=0x2365938, cb=0x18 | out: lpmodinfo=0x2365938*(lpBaseOfDll=0x7ff86e590000, SizeOfImage=0x16000, EntryPoint=0x7ff86e5955e0)) returned 1 [0122.630] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0122.630] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86e590000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="NCObjAPI.DLL") returned 0xc [0122.643] CoTaskMemFree (pv=0x551f70) [0122.643] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0122.643] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86e590000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NCObjAPI.DLL" (normalized: "c:\\windows\\system32\\ncobjapi.dll")) returned 0x20 [0122.657] CoTaskMemFree (pv=0x550740) [0122.657] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86e400000, lpmodinfo=0x2367af0, cb=0x18 | out: lpmodinfo=0x2367af0*(lpBaseOfDll=0x7ff86e400000, SizeOfImage=0x84000, EntryPoint=0x7ff86e418d50)) returned 1 [0122.673] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0122.673] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86e400000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="wbemess.dll") returned 0xb [0122.688] CoTaskMemFree (pv=0x551760) [0122.688] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0122.688] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86e400000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")) returned 0x24 [0122.701] CoTaskMemFree (pv=0x54d6e0) [0122.701] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86e3e0000, lpmodinfo=0x2369ca8, cb=0x18 | out: lpmodinfo=0x2369ca8*(lpBaseOfDll=0x7ff86e3e0000, SizeOfImage=0x11000, EntryPoint=0x7ff86e3e7480)) returned 1 [0122.714] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0122.714] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86e3e0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="TetheringClient.dll") returned 0x13 [0122.728] CoTaskMemFree (pv=0x54d6e0) [0122.728] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0122.728] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86e3e0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\TetheringClient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll")) returned 0x27 [0122.742] CoTaskMemFree (pv=0x54def0) [0122.742] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff872420000, lpmodinfo=0x236be70, cb=0x18 | out: lpmodinfo=0x236be70*(lpBaseOfDll=0x7ff872420000, SizeOfImage=0x35000, EntryPoint=0x7ff87242a270)) returned 1 [0122.756] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0122.756] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff872420000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="FWPolicyIOMgr.dll") returned 0x11 [0122.769] CoTaskMemFree (pv=0x5537a0) [0122.769] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0122.770] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff872420000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FWPolicyIOMgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll")) returned 0x25 [0122.784] CoTaskMemFree (pv=0x54ff30) [0122.785] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86d180000, lpmodinfo=0x236e038, cb=0x18 | out: lpmodinfo=0x236e038*(lpBaseOfDll=0x7ff86d180000, SizeOfImage=0x80000, EntryPoint=0x7ff86d1ad280)) returned 1 [0122.798] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0122.798] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86d180000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0122.813] CoTaskMemFree (pv=0x54def0) [0122.813] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0122.813] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86d180000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")) returned 0x1d [0122.826] CoTaskMemFree (pv=0x54e700) [0122.827] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bb10000, lpmodinfo=0x23701e0, cb=0x18 | out: lpmodinfo=0x23701e0*(lpBaseOfDll=0x7ff87bb10000, SizeOfImage=0x7a000, EntryPoint=0x7ff87bb31a50)) returned 1 [0122.840] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0122.840] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bb10000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0122.854] CoTaskMemFree (pv=0x54e700) [0122.854] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0122.854] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bb10000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0122.868] CoTaskMemFree (pv=0x550740) [0122.868] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c8b0000, lpmodinfo=0x2372398, cb=0x18 | out: lpmodinfo=0x2372398*(lpBaseOfDll=0x7ff86c8b0000, SizeOfImage=0x14000, EntryPoint=0x7ff86c8b3710)) returned 1 [0122.884] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0122.884] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c8b0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0122.898] CoTaskMemFree (pv=0x54ff30) [0122.898] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0122.898] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c8b0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0122.911] CoTaskMemFree (pv=0x553fb0) [0122.911] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c960000, lpmodinfo=0x2374560, cb=0x18 | out: lpmodinfo=0x2374560*(lpBaseOfDll=0x7ff86c960000, SizeOfImage=0x1e000, EntryPoint=0x7ff86c96ef80)) returned 1 [0122.926] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0122.926] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c960000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0122.939] CoTaskMemFree (pv=0x552f90) [0122.940] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0122.940] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c960000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0122.958] CoTaskMemFree (pv=0x550f50) [0122.958] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8736c0000, lpmodinfo=0x2376718, cb=0x18 | out: lpmodinfo=0x2376718*(lpBaseOfDll=0x7ff8736c0000, SizeOfImage=0x2a3000, EntryPoint=0x7ff8736e6190)) returned 1 [0122.972] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0122.972] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8736c0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="Windows.StateRepository.dll") returned 0x1b [0122.990] CoTaskMemFree (pv=0x54e700) [0122.990] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0122.990] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8736c0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")) returned 0x2f [0123.005] CoTaskMemFree (pv=0x551760) [0123.005] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873620000, lpmodinfo=0x2378900, cb=0x18 | out: lpmodinfo=0x2378900*(lpBaseOfDll=0x7ff873620000, SizeOfImage=0x94000, EntryPoint=0x7ff873659210)) returned 1 [0123.019] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0123.019] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873620000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="StateRepository.Core.dll") returned 0x18 [0123.035] CoTaskMemFree (pv=0x551f70) [0123.035] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0123.035] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873620000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")) returned 0x2c [0123.049] CoTaskMemFree (pv=0x552f90) [0123.049] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86d220000, lpmodinfo=0x237aae8, cb=0x18 | out: lpmodinfo=0x237aae8*(lpBaseOfDll=0x7ff86d220000, SizeOfImage=0x14000, EntryPoint=0x7ff86d225080)) returned 1 [0123.063] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0123.063] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86d220000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="Windows.StateRepositoryBroker.dll") returned 0x21 [0123.077] CoTaskMemFree (pv=0x54d6e0) [0123.077] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0123.077] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86d220000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.StateRepositoryBroker.dll" (normalized: "c:\\windows\\system32\\windows.staterepositorybroker.dll")) returned 0x35 [0123.092] CoTaskMemFree (pv=0x552780) [0123.092] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff877aa0000, lpmodinfo=0x237ccf0, cb=0x18 | out: lpmodinfo=0x237ccf0*(lpBaseOfDll=0x7ff877aa0000, SizeOfImage=0x10e000, EntryPoint=0x7ff877aeeaa0)) returned 1 [0123.108] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0123.108] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff877aa0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="mrmcorer.dll") returned 0xc [0123.122] CoTaskMemFree (pv=0x552f90) [0123.122] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0123.122] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff877aa0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mrmcorer.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")) returned 0x20 [0123.137] CoTaskMemFree (pv=0x54ef10) [0123.137] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8764e0000, lpmodinfo=0x237eea8, cb=0x18 | out: lpmodinfo=0x237eea8*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0123.151] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0123.151] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8764e0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0123.167] CoTaskMemFree (pv=0x550f50) [0123.167] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0123.167] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8764e0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0123.181] CoTaskMemFree (pv=0x54ff30) [0123.181] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8779f0000, lpmodinfo=0x2381060, cb=0x18 | out: lpmodinfo=0x2381060*(lpBaseOfDll=0x7ff8779f0000, SizeOfImage=0xa9000, EntryPoint=0x7ff877a19010)) returned 1 [0123.196] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0123.196] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8779f0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="Windows.UI.dll") returned 0xe [0123.211] CoTaskMemFree (pv=0x54f720) [0123.211] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0123.211] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8779f0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll")) returned 0x22 [0123.232] CoTaskMemFree (pv=0x54e700) [0123.232] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87a130000, lpmodinfo=0x2383218, cb=0x18 | out: lpmodinfo=0x2383218*(lpBaseOfDll=0x7ff87a130000, SizeOfImage=0x67000, EntryPoint=0x7ff87a14e710)) returned 1 [0123.248] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0123.248] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87a130000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="Bcp47Langs.dll") returned 0xe [0123.263] CoTaskMemFree (pv=0x551f70) [0123.263] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0123.263] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87a130000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Bcp47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")) returned 0x22 [0123.277] CoTaskMemFree (pv=0x5537a0) [0123.277] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c730000, lpmodinfo=0x23853d0, cb=0x18 | out: lpmodinfo=0x23853d0*(lpBaseOfDll=0x7ff86c730000, SizeOfImage=0x2f000, EntryPoint=0x7ff86c73ec60)) returned 1 [0123.293] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0123.293] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c730000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="cryptnet.dll") returned 0xc [0123.307] CoTaskMemFree (pv=0x551760) [0123.307] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0123.307] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c730000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cryptnet.dll" (normalized: "c:\\windows\\system32\\cryptnet.dll")) returned 0x20 [0123.323] CoTaskMemFree (pv=0x54e700) [0123.323] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c8d0000, lpmodinfo=0x2387588, cb=0x18 | out: lpmodinfo=0x2387588*(lpBaseOfDll=0x7ff86c8d0000, SizeOfImage=0x28000, EntryPoint=0x7ff86c8defc0)) returned 1 [0123.338] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0123.338] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c8d0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="dssenh.dll") returned 0xa [0123.354] CoTaskMemFree (pv=0x551f70) [0123.354] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0123.354] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c8d0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll")) returned 0x1e [0123.369] CoTaskMemFree (pv=0x551f70) [0123.369] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8782f0000, lpmodinfo=0x2389730, cb=0x18 | out: lpmodinfo=0x2389730*(lpBaseOfDll=0x7ff8782f0000, SizeOfImage=0x1f000, EntryPoint=0x7ff8782f4960)) returned 1 [0123.394] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0123.394] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8782f0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="ncprov.dll") returned 0xa [0123.410] CoTaskMemFree (pv=0x551760) [0123.410] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0123.410] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8782f0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\ncprov.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll")) returned 0x23 [0123.425] CoTaskMemFree (pv=0x54ff30) [0123.425] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878330000, lpmodinfo=0x238b8e0, cb=0x18 | out: lpmodinfo=0x238b8e0*(lpBaseOfDll=0x7ff878330000, SizeOfImage=0xae000, EntryPoint=0x7ff8783480c0)) returned 1 [0123.439] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0123.440] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878330000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="Windows.Networking.Connectivity.dll") returned 0x23 [0123.454] CoTaskMemFree (pv=0x551760) [0123.454] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0123.454] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878330000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")) returned 0x37 [0123.470] CoTaskMemFree (pv=0x5547c0) [0123.470] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874ab0000, lpmodinfo=0x238dae8, cb=0x18 | out: lpmodinfo=0x238dae8*(lpBaseOfDll=0x7ff874ab0000, SizeOfImage=0x15000, EntryPoint=0x7ff874ab2dc0)) returned 1 [0123.485] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0123.485] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874ab0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0123.500] CoTaskMemFree (pv=0x553fb0) [0123.500] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0123.500] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874ab0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0123.515] CoTaskMemFree (pv=0x553fb0) [0123.515] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86d310000, lpmodinfo=0x238fcd0, cb=0x18 | out: lpmodinfo=0x238fcd0*(lpBaseOfDll=0x7ff86d310000, SizeOfImage=0x16000, EntryPoint=0x7ff86d311d50)) returned 1 [0123.530] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0123.530] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86d310000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="wwapi.dll") returned 0x9 [0123.546] CoTaskMemFree (pv=0x550740) [0123.546] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0123.546] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86d310000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll")) returned 0x1d [0123.561] CoTaskMemFree (pv=0x54f720) [0123.562] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff865ab0000, lpmodinfo=0x2391e78, cb=0x18 | out: lpmodinfo=0x2391e78*(lpBaseOfDll=0x7ff865ab0000, SizeOfImage=0x11d000, EntryPoint=0x7ff865adfe60)) returned 1 [0123.576] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0123.577] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff865ab0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="qmgr.dll") returned 0x8 [0123.593] CoTaskMemFree (pv=0x5537a0) [0123.593] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0123.593] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff865ab0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll")) returned 0x1c [0123.610] CoTaskMemFree (pv=0x54d6e0) [0123.610] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875a30000, lpmodinfo=0x2394020, cb=0x18 | out: lpmodinfo=0x2394020*(lpBaseOfDll=0x7ff875a30000, SizeOfImage=0xb000, EntryPoint=0x7ff875a31de0)) returned 1 [0123.625] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0123.625] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875a30000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="bitsperf.dll") returned 0xc [0123.640] CoTaskMemFree (pv=0x54d6e0) [0123.640] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0123.640] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875a30000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll")) returned 0x20 [0123.655] CoTaskMemFree (pv=0x54ef10) [0123.655] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff865a90000, lpmodinfo=0x23961d8, cb=0x18 | out: lpmodinfo=0x23961d8*(lpBaseOfDll=0x7ff865a90000, SizeOfImage=0x14000, EntryPoint=0x7ff865a92a00)) returned 1 [0123.671] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0123.671] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff865a90000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="bitsigd.dll") returned 0xb [0123.688] CoTaskMemFree (pv=0x54ef10) [0123.688] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0123.688] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff865a90000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll")) returned 0x1f [0123.704] CoTaskMemFree (pv=0x552780) [0123.704] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff865a20000, lpmodinfo=0x2398380, cb=0x18 | out: lpmodinfo=0x2398380*(lpBaseOfDll=0x7ff865a20000, SizeOfImage=0x67000, EntryPoint=0x7ff865a2b160)) returned 1 [0123.719] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0123.719] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff865a20000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="upnp.dll") returned 0x8 [0123.734] CoTaskMemFree (pv=0x54f720) [0123.734] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0123.734] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff865a20000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll")) returned 0x1c [0123.749] CoTaskMemFree (pv=0x54d6e0) [0123.749] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874d60000, lpmodinfo=0x239a528, cb=0x18 | out: lpmodinfo=0x239a528*(lpBaseOfDll=0x7ff874d60000, SizeOfImage=0x15000, EntryPoint=0x7ff874d63460)) returned 1 [0123.765] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0123.765] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874d60000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="SSDPAPI.dll") returned 0xb [0123.781] CoTaskMemFree (pv=0x551760) [0123.781] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0123.781] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874d60000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSDPAPI.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")) returned 0x1f [0123.797] CoTaskMemFree (pv=0x5537a0) [0123.797] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86d2d0000, lpmodinfo=0x239c6d0, cb=0x18 | out: lpmodinfo=0x239c6d0*(lpBaseOfDll=0x7ff86d2d0000, SizeOfImage=0x36000, EntryPoint=0x7ff86d2d27f0)) returned 1 [0123.813] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0123.814] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86d2d0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="Windows.Networking.HostName.dll") returned 0x1f [0123.830] CoTaskMemFree (pv=0x551760) [0123.830] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0123.830] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86d2d0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll")) returned 0x33 [0123.846] CoTaskMemFree (pv=0x551760) [0123.846] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff865920000, lpmodinfo=0x239e8c8, cb=0x18 | out: lpmodinfo=0x239e8c8*(lpBaseOfDll=0x7ff865920000, SizeOfImage=0x46000, EntryPoint=0x7ff8659279a0)) returned 1 [0123.862] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0123.862] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff865920000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="adsldp.dll") returned 0xa [0123.878] CoTaskMemFree (pv=0x5547c0) [0123.878] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0123.878] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff865920000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll")) returned 0x1e [0123.895] CoTaskMemFree (pv=0x551760) [0123.895] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b0e0000, lpmodinfo=0x23a0a70, cb=0x18 | out: lpmodinfo=0x23a0a70*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0123.911] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0123.911] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b0e0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0123.927] CoTaskMemFree (pv=0x552f90) [0123.927] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0123.927] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b0e0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0123.942] CoTaskMemFree (pv=0x54d6e0) [0123.942] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff864130000, lpmodinfo=0x23a2c38, cb=0x18 | out: lpmodinfo=0x23a2c38*(lpBaseOfDll=0x7ff864130000, SizeOfImage=0x10f000, EntryPoint=0x7ff86416c010)) returned 1 [0123.958] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0123.958] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff864130000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="dosvc.dll") returned 0x9 [0123.975] CoTaskMemFree (pv=0x552780) [0123.975] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0123.975] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff864130000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll")) returned 0x1d [0123.991] CoTaskMemFree (pv=0x54ef10) [0123.991] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875860000, lpmodinfo=0x23a4de0, cb=0x18 | out: lpmodinfo=0x23a4de0*(lpBaseOfDll=0x7ff875860000, SizeOfImage=0x93000, EntryPoint=0x7ff875869680)) returned 1 [0124.007] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0124.007] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875860000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0124.023] CoTaskMemFree (pv=0x54def0) [0124.023] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0124.023] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875860000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0124.040] CoTaskMemFree (pv=0x552780) [0124.041] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff870d80000, lpmodinfo=0x23a6f98, cb=0x18 | out: lpmodinfo=0x23a6f98*(lpBaseOfDll=0x7ff870d80000, SizeOfImage=0xa000, EntryPoint=0x7ff870d81350)) returned 1 [0124.056] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0124.057] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff870d80000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0124.073] CoTaskMemFree (pv=0x54def0) [0124.073] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0124.073] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff870d80000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0124.089] CoTaskMemFree (pv=0x553fb0) [0124.089] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff863f10000, lpmodinfo=0x23a9140, cb=0x18 | out: lpmodinfo=0x23a9140*(lpBaseOfDll=0x7ff863f10000, SizeOfImage=0x12000, EntryPoint=0x7ff863f11a80)) returned 1 [0124.107] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0124.107] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff863f10000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="BitsProxy.dll") returned 0xd [0124.122] CoTaskMemFree (pv=0x550740) [0124.123] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0124.123] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff863f10000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll")) returned 0x21 [0124.139] CoTaskMemFree (pv=0x553fb0) [0124.139] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff863bc0000, lpmodinfo=0x23ab2f8, cb=0x18 | out: lpmodinfo=0x23ab2f8*(lpBaseOfDll=0x7ff863bc0000, SizeOfImage=0x2b0000, EntryPoint=0x7ff863bc1cf0)) returned 1 [0124.155] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0124.155] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff863bc0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="netshell.dll") returned 0xc [0124.172] CoTaskMemFree (pv=0x54def0) [0124.172] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0124.173] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff863bc0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll")) returned 0x20 [0124.188] CoTaskMemFree (pv=0x54ef10) [0124.188] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff862050000, lpmodinfo=0x23ad4b0, cb=0x18 | out: lpmodinfo=0x23ad4b0*(lpBaseOfDll=0x7ff862050000, SizeOfImage=0x200000, EntryPoint=0x7ff8620c5240)) returned 1 [0124.206] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0124.206] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff862050000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="wlidsvc.dll") returned 0xb [0124.228] CoTaskMemFree (pv=0x54d6e0) [0124.228] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0124.229] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff862050000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wlidsvc.dll" (normalized: "c:\\windows\\system32\\wlidsvc.dll")) returned 0x1f [0124.244] CoTaskMemFree (pv=0x54d6e0) [0124.245] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873970000, lpmodinfo=0x23af658, cb=0x18 | out: lpmodinfo=0x23af658*(lpBaseOfDll=0x7ff873970000, SizeOfImage=0x16000, EntryPoint=0x7ff87397b550)) returned 1 [0124.262] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0124.262] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873970000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="CLIPC.dll") returned 0x9 [0124.278] CoTaskMemFree (pv=0x553fb0) [0124.278] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0124.278] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873970000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\CLIPC.dll" (normalized: "c:\\windows\\system32\\clipc.dll")) returned 0x1d [0124.295] CoTaskMemFree (pv=0x5537a0) [0124.295] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f220000, lpmodinfo=0x23b1800, cb=0x18 | out: lpmodinfo=0x23b1800*(lpBaseOfDll=0x7ff86f220000, SizeOfImage=0x17000, EntryPoint=0x7ff86f226620)) returned 1 [0124.311] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0124.311] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f220000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="msauserext.dll") returned 0xe [0124.329] CoTaskMemFree (pv=0x5537a0) [0124.329] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0124.329] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f220000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msauserext.dll" (normalized: "c:\\windows\\system32\\msauserext.dll")) returned 0x22 [0124.479] CoTaskMemFree (pv=0x54ef10) [0124.479] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ba10000, lpmodinfo=0x23b39b8, cb=0x18 | out: lpmodinfo=0x23b39b8*(lpBaseOfDll=0x7ff87ba10000, SizeOfImage=0xd000, EntryPoint=0x7ff87ba11fe0)) returned 1 [0124.499] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0124.499] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ba10000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="tbs.dll") returned 0x7 [0124.516] CoTaskMemFree (pv=0x54ff30) [0124.516] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0124.516] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ba10000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll")) returned 0x1b [0124.533] CoTaskMemFree (pv=0x54d6e0) [0124.533] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8617d0000, lpmodinfo=0x23b5b50, cb=0x18 | out: lpmodinfo=0x23b5b50*(lpBaseOfDll=0x7ff8617d0000, SizeOfImage=0x52000, EntryPoint=0x7ff8617d3d30)) returned 1 [0124.626] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0124.626] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8617d0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="cryptngc.dll") returned 0xc [0124.645] CoTaskMemFree (pv=0x553fb0) [0124.645] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0124.645] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8617d0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\cryptngc.dll" (normalized: "c:\\windows\\system32\\cryptngc.dll")) returned 0x20 [0124.662] CoTaskMemFree (pv=0x54def0) [0124.662] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874540000, lpmodinfo=0x23b7d08, cb=0x18 | out: lpmodinfo=0x23b7d08*(lpBaseOfDll=0x7ff874540000, SizeOfImage=0x1b000, EntryPoint=0x7ff874541040)) returned 1 [0124.678] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0124.678] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874540000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="MPR.dll") returned 0x7 [0124.696] CoTaskMemFree (pv=0x54ff30) [0124.696] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0124.696] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874540000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\MPR.dll" (normalized: "c:\\windows\\system32\\mpr.dll")) returned 0x1b [0124.715] CoTaskMemFree (pv=0x5537a0) [0124.715] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff861480000, lpmodinfo=0x23b9ea0, cb=0x18 | out: lpmodinfo=0x23b9ea0*(lpBaseOfDll=0x7ff861480000, SizeOfImage=0x5d000, EntryPoint=0x7ff8614ae510)) returned 1 [0124.731] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0124.731] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff861480000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="usocore.dll") returned 0xb [0124.748] CoTaskMemFree (pv=0x5537a0) [0124.748] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0124.748] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff861480000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll")) returned 0x1f [0124.764] CoTaskMemFree (pv=0x5547c0) [0124.764] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff861460000, lpmodinfo=0x23bc048, cb=0x18 | out: lpmodinfo=0x23bc048*(lpBaseOfDll=0x7ff861460000, SizeOfImage=0x18000, EntryPoint=0x7ff86146b850)) returned 1 [0124.782] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0124.782] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff861460000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="DMCmnUtils.dll") returned 0xe [0124.798] CoTaskMemFree (pv=0x553fb0) [0124.798] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0124.798] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff861460000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DMCmnUtils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll")) returned 0x22 [0124.816] CoTaskMemFree (pv=0x552780) [0124.816] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff861410000, lpmodinfo=0x23be200, cb=0x18 | out: lpmodinfo=0x23be200*(lpBaseOfDll=0x7ff861410000, SizeOfImage=0x44000, EntryPoint=0x7ff8614383e0)) returned 1 [0124.833] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0124.833] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff861410000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="updatehandlers.dll") returned 0x12 [0124.850] CoTaskMemFree (pv=0x550740) [0124.850] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0124.850] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff861410000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll")) returned 0x26 [0124.867] CoTaskMemFree (pv=0x54ef10) [0124.867] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878230000, lpmodinfo=0x23c03c8, cb=0x18 | out: lpmodinfo=0x23c03c8*(lpBaseOfDll=0x7ff878230000, SizeOfImage=0xbf000, EntryPoint=0x7ff878251c50)) returned 1 [0124.884] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0124.884] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878230000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0124.902] CoTaskMemFree (pv=0x54ff30) [0124.902] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0124.902] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878230000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0124.919] CoTaskMemFree (pv=0x551760) [0124.919] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873480000, lpmodinfo=0x23c2580, cb=0x18 | out: lpmodinfo=0x23c2580*(lpBaseOfDll=0x7ff873480000, SizeOfImage=0xd5000, EntryPoint=0x7ff87349cf80)) returned 1 [0124.936] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0124.936] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873480000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="wuapi.dll") returned 0x9 [0124.954] CoTaskMemFree (pv=0x551f70) [0124.954] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0124.954] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873480000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")) returned 0x1d [0124.971] CoTaskMemFree (pv=0x54def0) [0124.971] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8612f0000, lpmodinfo=0x23c4728, cb=0x18 | out: lpmodinfo=0x23c4728*(lpBaseOfDll=0x7ff8612f0000, SizeOfImage=0x17000, EntryPoint=0x7ff8612f7520)) returned 1 [0124.988] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0124.988] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8612f0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="usoapi.dll") returned 0xa [0125.007] CoTaskMemFree (pv=0x54def0) [0125.007] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0125.007] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8612f0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll")) returned 0x1e [0125.024] CoTaskMemFree (pv=0x552f90) [0125.024] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff879c90000, lpmodinfo=0x23c68d0, cb=0x18 | out: lpmodinfo=0x23c68d0*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0125.049] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0125.049] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff879c90000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0125.067] CoTaskMemFree (pv=0x54ef10) [0125.067] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0125.067] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff879c90000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0125.085] CoTaskMemFree (pv=0x54def0) [0125.085] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8603b0000, lpmodinfo=0x23c8a88, cb=0x18 | out: lpmodinfo=0x23c8a88*(lpBaseOfDll=0x7ff8603b0000, SizeOfImage=0x8000, EntryPoint=0x7ff8603b13b0)) returned 1 [0125.103] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0125.103] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8603b0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="dmiso8601utils.dll") returned 0x12 [0125.121] CoTaskMemFree (pv=0x552780) [0125.121] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0125.122] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8603b0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll")) returned 0x26 [0125.138] CoTaskMemFree (pv=0x552780) [0125.138] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff867cd0000, lpmodinfo=0x23cac50, cb=0x18 | out: lpmodinfo=0x23cac50*(lpBaseOfDll=0x7ff867cd0000, SizeOfImage=0x1d000, EntryPoint=0x7ff867cd4f60)) returned 1 [0125.157] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.157] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff867cd0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="appinfo.dll") returned 0xb [0125.174] CoTaskMemFree (pv=0x551f70) [0125.174] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0125.174] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff867cd0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll")) returned 0x1f [0125.192] CoTaskMemFree (pv=0x54ef10) [0125.192] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87aa90000, lpmodinfo=0x23ccdf8, cb=0x18 | out: lpmodinfo=0x23ccdf8*(lpBaseOfDll=0x7ff87aa90000, SizeOfImage=0x79000, EntryPoint=0x7ff87aaafb90)) returned 1 [0125.208] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0125.208] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87aa90000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0125.234] CoTaskMemFree (pv=0x54f720) [0125.235] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0125.235] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87aa90000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0125.252] CoTaskMemFree (pv=0x550740) [0125.252] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff865790000, lpmodinfo=0x23cefa0, cb=0x18 | out: lpmodinfo=0x23cefa0*(lpBaseOfDll=0x7ff865790000, SizeOfImage=0x32000, EntryPoint=0x7ff86579b0c0)) returned 1 [0125.270] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0125.270] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff865790000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="shacct.dll") returned 0xa [0125.287] CoTaskMemFree (pv=0x54e700) [0125.287] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0125.287] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff865790000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll")) returned 0x1e [0125.306] CoTaskMemFree (pv=0x54ef10) [0125.306] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8655f0000, lpmodinfo=0x23d1148, cb=0x18 | out: lpmodinfo=0x23d1148*(lpBaseOfDll=0x7ff8655f0000, SizeOfImage=0x11000, EntryPoint=0x7ff8655f28d0)) returned 1 [0125.324] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0125.324] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8655f0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="CredentialMigrationHandler.dll") returned 0x1e [0125.342] CoTaskMemFree (pv=0x54f720) [0125.342] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0125.342] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8655f0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll")) returned 0x32 [0125.360] CoTaskMemFree (pv=0x54ff30) [0125.360] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8654a0000, lpmodinfo=0x23d3340, cb=0x18 | out: lpmodinfo=0x23d3340*(lpBaseOfDll=0x7ff8654a0000, SizeOfImage=0x18000, EntryPoint=0x7ff8654a1b10)) returned 1 [0125.394] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0125.394] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8654a0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="LocationFrameworkInternalPS.dll") returned 0x1f [0125.412] CoTaskMemFree (pv=0x552780) [0125.412] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0125.412] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8654a0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll")) returned 0x33 [0125.431] CoTaskMemFree (pv=0x54f720) [0125.431] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff867cb0000, lpmodinfo=0x23d5538, cb=0x18 | out: lpmodinfo=0x23d5538*(lpBaseOfDll=0x7ff867cb0000, SizeOfImage=0x18000, EntryPoint=0x7ff867cb4290)) returned 1 [0125.449] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0125.449] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff867cb0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="elscore.dll") returned 0xb [0125.466] CoTaskMemFree (pv=0x552f90) [0125.466] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0125.466] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff867cb0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\elscore.dll" (normalized: "c:\\windows\\system32\\elscore.dll")) returned 0x1f [0125.486] CoTaskMemFree (pv=0x54d6e0) [0125.486] CloseHandle (hObject=0x268) returned 1 [0125.488] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0125.488] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb9c) returned 0x268 [0125.488] EnumProcessModules (in: hProcess=0x268, lphModule=0x23dc638, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x23dc638, lpcbNeeded=0x14ef68) returned 1 [0125.490] GetModuleInformation (in: hProcess=0x268, hModule=0x400000, lpmodinfo=0x23dc8a8, cb=0x18 | out: lpmodinfo=0x23dc8a8*(lpBaseOfDll=0x400000, SizeOfImage=0xc000, EntryPoint=0x0)) returned 1 [0125.490] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0125.490] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x400000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe") returned 0x44 [0125.490] CoTaskMemFree (pv=0x54def0) [0125.491] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.491] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x400000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe")) returned 0x62 [0125.491] CoTaskMemFree (pv=0x551f70) [0125.491] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x23deb88, cb=0x18 | out: lpmodinfo=0x23deb88*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0125.491] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0125.491] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0125.491] CoTaskMemFree (pv=0x550f50) [0125.491] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.491] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0125.491] CoTaskMemFree (pv=0x551f70) [0125.491] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff865560000, lpmodinfo=0x23e0d30, cb=0x18 | out: lpmodinfo=0x23e0d30*(lpBaseOfDll=0x7ff865560000, SizeOfImage=0x68000, EntryPoint=0x7ff865564970)) returned 1 [0125.492] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0125.492] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff865560000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0125.492] CoTaskMemFree (pv=0x550740) [0125.492] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.492] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff865560000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0125.492] CoTaskMemFree (pv=0x551f70) [0125.492] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f640000, lpmodinfo=0x23e2ed8, cb=0x18 | out: lpmodinfo=0x23e2ed8*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0125.492] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0125.492] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f640000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0125.493] CoTaskMemFree (pv=0x54ff30) [0125.493] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0125.493] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f640000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0125.493] CoTaskMemFree (pv=0x553fb0) [0125.493] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ce40000, lpmodinfo=0x23e5090, cb=0x18 | out: lpmodinfo=0x23e5090*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0125.493] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.493] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ce40000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0125.493] CoTaskMemFree (pv=0x551f70) [0125.493] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0125.493] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ce40000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0125.494] CoTaskMemFree (pv=0x550f50) [0125.494] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87aa90000, lpmodinfo=0x23e72a0, cb=0x18 | out: lpmodinfo=0x23e72a0*(lpBaseOfDll=0x7ff87aa90000, SizeOfImage=0x79000, EntryPoint=0x7ff87aaafb90)) returned 1 [0125.494] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0125.494] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87aa90000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0125.494] CoTaskMemFree (pv=0x553fb0) [0125.494] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.494] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87aa90000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0125.495] CoTaskMemFree (pv=0x551f70) [0125.495] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fd30000, lpmodinfo=0x23e9448, cb=0x18 | out: lpmodinfo=0x23e9448*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0125.495] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0125.495] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fd30000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0125.495] CoTaskMemFree (pv=0x550740) [0125.495] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0125.495] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fd30000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0125.495] CoTaskMemFree (pv=0x552780) [0125.495] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fde0000, lpmodinfo=0x23eb600, cb=0x18 | out: lpmodinfo=0x23eb600*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0125.496] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0125.496] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fde0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0125.496] CoTaskMemFree (pv=0x54f720) [0125.496] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0125.496] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fde0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0125.496] CoTaskMemFree (pv=0x553fb0) [0125.496] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f970000, lpmodinfo=0x23ed7a8, cb=0x18 | out: lpmodinfo=0x23ed7a8*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0125.497] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0125.497] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f970000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0125.497] CoTaskMemFree (pv=0x54def0) [0125.497] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0125.497] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f970000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0125.497] CoTaskMemFree (pv=0x551760) [0125.497] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fe80000, lpmodinfo=0x23ef9e8, cb=0x18 | out: lpmodinfo=0x23ef9e8*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0125.498] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0125.498] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fe80000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0125.498] CoTaskMemFree (pv=0x5537a0) [0125.498] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.498] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fe80000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0125.498] CoTaskMemFree (pv=0x551f70) [0125.498] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8654c0000, lpmodinfo=0x23f1b90, cb=0x18 | out: lpmodinfo=0x23f1b90*(lpBaseOfDll=0x7ff8654c0000, SizeOfImage=0x98000, EntryPoint=0x7ff8654c1000)) returned 1 [0125.499] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0125.499] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8654c0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0125.499] CoTaskMemFree (pv=0x551760) [0125.499] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0125.499] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8654c0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")) returned 0x3c [0125.499] CoTaskMemFree (pv=0x550f50) [0125.499] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fb50000, lpmodinfo=0x23f3d80, cb=0x18 | out: lpmodinfo=0x23f3d80*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0125.500] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0125.500] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fb50000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0125.500] CoTaskMemFree (pv=0x54def0) [0125.500] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0125.500] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fb50000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0125.501] CoTaskMemFree (pv=0x54f720) [0125.501] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f6f0000, lpmodinfo=0x23f5f28, cb=0x18 | out: lpmodinfo=0x23f5f28*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0125.501] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0125.501] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f6f0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0125.502] CoTaskMemFree (pv=0x54d6e0) [0125.502] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0125.502] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f6f0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0125.502] CoTaskMemFree (pv=0x54ff30) [0125.502] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d030000, lpmodinfo=0x23f80d0, cb=0x18 | out: lpmodinfo=0x23f80d0*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0125.503] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0125.503] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d030000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0125.503] CoTaskMemFree (pv=0x551760) [0125.503] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0125.503] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d030000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0125.503] CoTaskMemFree (pv=0x54def0) [0125.503] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f3e0000, lpmodinfo=0x23fa2a8, cb=0x18 | out: lpmodinfo=0x23fa2a8*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0125.504] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0125.504] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f3e0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0125.504] CoTaskMemFree (pv=0x54f720) [0125.504] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0125.504] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f3e0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0125.505] CoTaskMemFree (pv=0x54def0) [0125.505] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ed60000, lpmodinfo=0x23fc450, cb=0x18 | out: lpmodinfo=0x23fc450*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0125.505] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0125.505] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ed60000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0125.506] CoTaskMemFree (pv=0x54ef10) [0125.506] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0125.506] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ed60000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0125.506] CoTaskMemFree (pv=0x54d6e0) [0125.506] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d4f0000, lpmodinfo=0x23fe5f8, cb=0x18 | out: lpmodinfo=0x23fe5f8*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0125.507] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0125.507] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d4f0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0125.507] CoTaskMemFree (pv=0x550740) [0125.507] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0125.507] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d4f0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0125.508] CoTaskMemFree (pv=0x54e700) [0125.508] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c640000, lpmodinfo=0x24008b8, cb=0x18 | out: lpmodinfo=0x24008b8*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0125.508] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0125.508] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c640000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0125.509] CoTaskMemFree (pv=0x5547c0) [0125.509] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0125.509] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c640000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0125.509] CoTaskMemFree (pv=0x54f720) [0125.509] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff870d80000, lpmodinfo=0x2402a80, cb=0x18 | out: lpmodinfo=0x2402a80*(lpBaseOfDll=0x7ff870d80000, SizeOfImage=0xa000, EntryPoint=0x7ff870d81350)) returned 1 [0125.510] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0125.510] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff870d80000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0125.510] CoTaskMemFree (pv=0x54def0) [0125.510] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0125.510] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff870d80000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0125.511] CoTaskMemFree (pv=0x5537a0) [0125.511] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff85fa20000, lpmodinfo=0x2404c28, cb=0x18 | out: lpmodinfo=0x2404c28*(lpBaseOfDll=0x7ff85fa20000, SizeOfImage=0x98e000, EntryPoint=0x7ff85fb4d9f0)) returned 1 [0125.511] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0125.511] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff85fa20000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0125.512] CoTaskMemFree (pv=0x54def0) [0125.512] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0125.512] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff85fa20000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll")) returned 0x37 [0125.512] CoTaskMemFree (pv=0x550740) [0125.512] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8650a0000, lpmodinfo=0x2406df8, cb=0x18 | out: lpmodinfo=0x2406df8*(lpBaseOfDll=0x7ff8650a0000, SizeOfImage=0xf7000, EntryPoint=0x7ff8650c4d80)) returned 1 [0125.514] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0125.514] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8650a0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0125.514] CoTaskMemFree (pv=0x5537a0) [0125.514] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0125.514] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8650a0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0125.515] CoTaskMemFree (pv=0x552f90) [0125.515] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff85e280000, lpmodinfo=0x2408fd0, cb=0x18 | out: lpmodinfo=0x2408fd0*(lpBaseOfDll=0x7ff85e280000, SizeOfImage=0x14c6000, EntryPoint=0x0)) returned 1 [0125.515] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0125.515] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff85e280000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0125.516] CoTaskMemFree (pv=0x54ff30) [0125.516] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0125.516] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff85e280000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll")) returned 0x68 [0125.517] CoTaskMemFree (pv=0x5547c0) [0125.517] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d3a0000, lpmodinfo=0x240b218, cb=0x18 | out: lpmodinfo=0x240b218*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0125.517] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0125.517] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d3a0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0125.518] CoTaskMemFree (pv=0x54d6e0) [0125.518] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0125.518] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d3a0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0125.518] CoTaskMemFree (pv=0x54f720) [0125.518] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8607e0000, lpmodinfo=0x240d3c0, cb=0x18 | out: lpmodinfo=0x240d3c0*(lpBaseOfDll=0x7ff8607e0000, SizeOfImage=0x105000, EntryPoint=0x7ff8607e107c)) returned 1 [0125.519] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0125.519] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8607e0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0125.519] CoTaskMemFree (pv=0x54f720) [0125.519] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0125.519] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8607e0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll")) returned 0x3a [0125.520] CoTaskMemFree (pv=0x5547c0) [0125.520] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fa80000, lpmodinfo=0x240f5a0, cb=0x18 | out: lpmodinfo=0x240f5a0*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0125.521] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0125.521] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fa80000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0125.521] CoTaskMemFree (pv=0x5547c0) [0125.521] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0125.521] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fa80000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0125.522] CoTaskMemFree (pv=0x54ef10) [0125.522] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff85d660000, lpmodinfo=0x2411758, cb=0x18 | out: lpmodinfo=0x2411758*(lpBaseOfDll=0x7ff85d660000, SizeOfImage=0xc14000, EntryPoint=0x0)) returned 1 [0125.523] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0125.523] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff85d660000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0125.523] CoTaskMemFree (pv=0x54d6e0) [0125.523] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0125.523] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff85d660000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll")) returned 0x64 [0125.524] CoTaskMemFree (pv=0x550f50) [0125.524] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c240000, lpmodinfo=0x2413998, cb=0x18 | out: lpmodinfo=0x2413998*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0125.525] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0125.525] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c240000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0125.525] CoTaskMemFree (pv=0x54e700) [0125.525] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0125.525] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c240000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0125.526] CoTaskMemFree (pv=0x5537a0) [0125.526] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87eec0000, lpmodinfo=0x2415b40, cb=0x18 | out: lpmodinfo=0x2415b40*(lpBaseOfDll=0x7ff87eec0000, SizeOfImage=0x8000, EntryPoint=0x7ff87eec10b0)) returned 1 [0125.527] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0125.527] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87eec0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0125.527] CoTaskMemFree (pv=0x54def0) [0125.527] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.527] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87eec0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0125.528] CoTaskMemFree (pv=0x551f70) [0125.528] CloseHandle (hObject=0x268) returned 1 [0125.528] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0125.575] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11c0) returned 0x268 [0125.575] EnumProcessModules (in: hProcess=0x268, lphModule=0x2418a98, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2418a98, lpcbNeeded=0x14ef68) returned 1 [0125.576] GetModuleInformation (in: hProcess=0x268, hModule=0x110000, lpmodinfo=0x2418d08, cb=0x18 | out: lpmodinfo=0x2418d08*(lpBaseOfDll=0x110000, SizeOfImage=0x17000, EntryPoint=0x1114a1)) returned 1 [0125.576] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0125.576] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x110000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="around.exe") returned 0xa [0125.576] CoTaskMemFree (pv=0x550740) [0125.577] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0125.577] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x110000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Common Files\\around.exe" (normalized: "c:\\program files (x86)\\common files\\around.exe")) returned 0x2e [0125.577] CoTaskMemFree (pv=0x5547c0) [0125.577] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x241af08, cb=0x18 | out: lpmodinfo=0x241af08*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0125.577] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0125.577] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0125.578] CoTaskMemFree (pv=0x552f90) [0125.578] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0125.578] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0125.578] CoTaskMemFree (pv=0x550f50) [0125.578] GetModuleInformation (in: hProcess=0x268, hModule=0x66350000, lpmodinfo=0x241d0b0, cb=0x18 | out: lpmodinfo=0x241d0b0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0125.579] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0125.579] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x66350000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0125.579] CoTaskMemFree (pv=0x550f50) [0125.580] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0125.580] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x66350000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0125.580] CoTaskMemFree (pv=0x552780) [0125.580] GetModuleInformation (in: hProcess=0x268, hModule=0x662d0000, lpmodinfo=0x241f258, cb=0x18 | out: lpmodinfo=0x241f258*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0125.581] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0125.581] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x662d0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0125.582] CoTaskMemFree (pv=0x5537a0) [0125.582] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0125.582] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x662d0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0125.582] CoTaskMemFree (pv=0x550f50) [0125.583] GetModuleInformation (in: hProcess=0x268, hModule=0x663a0000, lpmodinfo=0x2421410, cb=0x18 | out: lpmodinfo=0x2421410*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0125.584] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0125.584] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x663a0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0125.585] CoTaskMemFree (pv=0x54ef10) [0125.585] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0125.585] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x663a0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0125.586] CoTaskMemFree (pv=0x54f720) [0125.586] CloseHandle (hObject=0x268) returned 1 [0125.586] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0125.586] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x634) returned 0x0 [0125.586] EnumProcesses (in: lpidProcess=0x2423be8, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x2423be8, lpcbNeeded=0x14ee58) returned 1 [0125.595] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa0c) returned 0x268 [0125.595] EnumProcessModules (in: hProcess=0x268, lphModule=0x2424538, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2424538, lpcbNeeded=0x14ef68) returned 1 [0125.595] GetModuleInformation (in: hProcess=0x268, hModule=0xe70000, lpmodinfo=0x24247a8, cb=0x18 | out: lpmodinfo=0x24247a8*(lpBaseOfDll=0xe70000, SizeOfImage=0x17000, EntryPoint=0xe714a1)) returned 1 [0125.596] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0125.596] GetModuleBaseNameW (in: hProcess=0x268, hModule=0xe70000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="rate officer.exe") returned 0x10 [0125.596] CoTaskMemFree (pv=0x552f90) [0125.596] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0125.596] GetModuleFileNameExW (in: hProcess=0x268, hModule=0xe70000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\rate officer.exe" (normalized: "c:\\program files (x86)\\windows media player\\rate officer.exe")) returned 0x3c [0125.597] CoTaskMemFree (pv=0x5547c0) [0125.597] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x24269d8, cb=0x18 | out: lpmodinfo=0x24269d8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0125.597] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0125.597] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0125.598] CoTaskMemFree (pv=0x551760) [0125.598] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0125.598] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0125.598] CoTaskMemFree (pv=0x54def0) [0125.598] GetModuleInformation (in: hProcess=0x268, hModule=0x66350000, lpmodinfo=0x2428b80, cb=0x18 | out: lpmodinfo=0x2428b80*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0125.599] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0125.599] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x66350000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0125.599] CoTaskMemFree (pv=0x54f720) [0125.599] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.599] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x66350000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0125.600] CoTaskMemFree (pv=0x551f70) [0125.600] GetModuleInformation (in: hProcess=0x268, hModule=0x662d0000, lpmodinfo=0x242ad28, cb=0x18 | out: lpmodinfo=0x242ad28*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0125.600] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0125.600] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x662d0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0125.601] CoTaskMemFree (pv=0x5537a0) [0125.601] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0125.601] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x662d0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0125.602] CoTaskMemFree (pv=0x54ff30) [0125.602] GetModuleInformation (in: hProcess=0x268, hModule=0x663a0000, lpmodinfo=0x242cee0, cb=0x18 | out: lpmodinfo=0x242cee0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0125.603] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0125.603] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x663a0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0125.603] CoTaskMemFree (pv=0x551760) [0125.603] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0125.603] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x663a0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0125.604] CoTaskMemFree (pv=0x54ff30) [0125.604] CloseHandle (hObject=0x268) returned 1 [0125.608] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0125.608] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1030) returned 0x268 [0125.608] EnumProcessModules (in: hProcess=0x268, lphModule=0x242f6b8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x242f6b8, lpcbNeeded=0x14ef68) returned 1 [0125.609] GetModuleInformation (in: hProcess=0x268, hModule=0x980000, lpmodinfo=0x242f928, cb=0x18 | out: lpmodinfo=0x242f928*(lpBaseOfDll=0x980000, SizeOfImage=0x17000, EntryPoint=0x9814a1)) returned 1 [0125.609] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0125.609] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x980000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="gmailnotifierpro.exe") returned 0x14 [0125.610] CoTaskMemFree (pv=0x54d6e0) [0125.610] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0125.610] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x980000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsPowerShell\\gmailnotifierpro.exe" (normalized: "c:\\program files\\windowspowershell\\gmailnotifierpro.exe")) returned 0x37 [0125.610] CoTaskMemFree (pv=0x551760) [0125.610] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x2431b50, cb=0x18 | out: lpmodinfo=0x2431b50*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0125.610] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0125.611] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0125.611] CoTaskMemFree (pv=0x54f720) [0125.611] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0125.611] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0125.612] CoTaskMemFree (pv=0x550f50) [0125.612] GetModuleInformation (in: hProcess=0x268, hModule=0x66350000, lpmodinfo=0x2433cf8, cb=0x18 | out: lpmodinfo=0x2433cf8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0125.612] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0125.612] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x66350000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0125.613] CoTaskMemFree (pv=0x54def0) [0125.613] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0125.613] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x66350000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0125.615] CoTaskMemFree (pv=0x54e700) [0125.615] GetModuleInformation (in: hProcess=0x268, hModule=0x662d0000, lpmodinfo=0x2435ea0, cb=0x18 | out: lpmodinfo=0x2435ea0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0125.615] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0125.615] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x662d0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0125.616] CoTaskMemFree (pv=0x5547c0) [0125.616] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0125.616] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x662d0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0125.617] CoTaskMemFree (pv=0x54ff30) [0125.617] GetModuleInformation (in: hProcess=0x268, hModule=0x663a0000, lpmodinfo=0x2438058, cb=0x18 | out: lpmodinfo=0x2438058*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0125.617] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0125.617] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x663a0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0125.618] CoTaskMemFree (pv=0x54ef10) [0125.618] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0125.618] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x663a0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0125.619] CoTaskMemFree (pv=0x550740) [0125.619] CloseHandle (hObject=0x268) returned 1 [0125.619] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0125.619] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10f4) returned 0x268 [0125.619] EnumProcessModules (in: hProcess=0x268, lphModule=0x243a830, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x243a830, lpcbNeeded=0x14ef68) returned 1 [0125.620] GetModuleInformation (in: hProcess=0x268, hModule=0x890000, lpmodinfo=0x243aaa0, cb=0x18 | out: lpmodinfo=0x243aaa0*(lpBaseOfDll=0x890000, SizeOfImage=0x17000, EntryPoint=0x8914a1)) returned 1 [0125.621] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0125.621] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x890000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="yahoomessenger.exe") returned 0x12 [0125.621] CoTaskMemFree (pv=0x5537a0) [0125.621] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0125.621] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x890000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Multimedia Platform\\yahoomessenger.exe" (normalized: "c:\\program files\\windows multimedia platform\\yahoomessenger.exe")) returned 0x3f [0125.621] CoTaskMemFree (pv=0x552f90) [0125.621] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x243ccd0, cb=0x18 | out: lpmodinfo=0x243ccd0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0125.622] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.622] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0125.622] CoTaskMemFree (pv=0x551f70) [0125.622] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0125.622] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0125.623] CoTaskMemFree (pv=0x54ff30) [0125.623] GetModuleInformation (in: hProcess=0x268, hModule=0x66350000, lpmodinfo=0x243ee78, cb=0x18 | out: lpmodinfo=0x243ee78*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0125.623] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0125.623] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x66350000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0125.624] CoTaskMemFree (pv=0x54def0) [0125.624] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0125.624] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x66350000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0125.625] CoTaskMemFree (pv=0x552f90) [0125.625] GetModuleInformation (in: hProcess=0x268, hModule=0x662d0000, lpmodinfo=0x2441020, cb=0x18 | out: lpmodinfo=0x2441020*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0125.625] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0125.626] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x662d0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0125.626] CoTaskMemFree (pv=0x54f720) [0125.626] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0125.626] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x662d0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0125.627] CoTaskMemFree (pv=0x54ff30) [0125.627] GetModuleInformation (in: hProcess=0x268, hModule=0x663a0000, lpmodinfo=0x24431d8, cb=0x18 | out: lpmodinfo=0x24431d8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0125.627] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0125.627] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x663a0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0125.628] CoTaskMemFree (pv=0x553fb0) [0125.628] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0125.628] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x663a0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0125.629] CoTaskMemFree (pv=0x553fb0) [0125.629] CloseHandle (hObject=0x268) returned 1 [0125.629] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0125.634] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4a0) returned 0x268 [0125.634] EnumProcessModules (in: hProcess=0x268, lphModule=0x2445cd8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2445cd8, lpcbNeeded=0x14ef68) returned 1 [0125.653] EnumProcessModules (in: hProcess=0x268, lphModule=0x2445ef0, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x2445ef0, lpcbNeeded=0x14ef68) returned 1 [0125.671] EnumProcessModules (in: hProcess=0x268, lphModule=0x2446308, cb=0x800, lpcbNeeded=0x14ef68 | out: lphModule=0x2446308, lpcbNeeded=0x14ef68) returned 1 [0125.690] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff713720000, lpmodinfo=0x2446b78, cb=0x18 | out: lpmodinfo=0x2446b78*(lpBaseOfDll=0x7ff713720000, SizeOfImage=0x448000, EntryPoint=0x7ff7137be090)) returned 1 [0125.690] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.690] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff713720000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="Explorer.EXE") returned 0xc [0125.691] CoTaskMemFree (pv=0x551f70) [0125.691] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0125.691] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff713720000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\Explorer.EXE" (normalized: "c:\\windows\\explorer.exe")) returned 0x17 [0125.691] CoTaskMemFree (pv=0x552780) [0125.691] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x2448d50, cb=0x18 | out: lpmodinfo=0x2448d50*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0125.692] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.692] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0125.692] CoTaskMemFree (pv=0x551f70) [0125.692] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0125.692] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0125.693] CoTaskMemFree (pv=0x550f50) [0125.693] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f640000, lpmodinfo=0x244aef8, cb=0x18 | out: lpmodinfo=0x244aef8*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0125.693] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0125.693] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f640000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0125.694] CoTaskMemFree (pv=0x552780) [0125.694] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0125.694] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f640000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0125.695] CoTaskMemFree (pv=0x550f50) [0125.695] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ce40000, lpmodinfo=0x244d0b0, cb=0x18 | out: lpmodinfo=0x244d0b0*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0125.695] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0125.695] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ce40000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0125.696] CoTaskMemFree (pv=0x552f90) [0125.696] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0125.696] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ce40000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0125.697] CoTaskMemFree (pv=0x54e700) [0125.697] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87aa90000, lpmodinfo=0x244f268, cb=0x18 | out: lpmodinfo=0x244f268*(lpBaseOfDll=0x7ff87aa90000, SizeOfImage=0x79000, EntryPoint=0x7ff87aaafb90)) returned 1 [0125.697] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0125.697] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87aa90000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0125.698] CoTaskMemFree (pv=0x54d6e0) [0125.698] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0125.698] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87aa90000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0125.699] CoTaskMemFree (pv=0x54ef10) [0125.699] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fde0000, lpmodinfo=0x2451468, cb=0x18 | out: lpmodinfo=0x2451468*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0125.700] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0125.700] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fde0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0125.701] CoTaskMemFree (pv=0x552f90) [0125.701] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0125.701] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fde0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0125.701] CoTaskMemFree (pv=0x553fb0) [0125.701] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fa80000, lpmodinfo=0x2453610, cb=0x18 | out: lpmodinfo=0x2453610*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0125.702] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0125.702] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fa80000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0125.703] CoTaskMemFree (pv=0x550740) [0125.703] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0125.703] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fa80000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0125.704] CoTaskMemFree (pv=0x550f50) [0125.704] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f6f0000, lpmodinfo=0x24557c8, cb=0x18 | out: lpmodinfo=0x24557c8*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0125.705] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0125.705] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f6f0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0125.706] CoTaskMemFree (pv=0x551760) [0125.706] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0125.706] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f6f0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0125.707] CoTaskMemFree (pv=0x550f50) [0125.707] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fe80000, lpmodinfo=0x2457970, cb=0x18 | out: lpmodinfo=0x2457970*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0125.708] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0125.708] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fe80000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0125.709] CoTaskMemFree (pv=0x54ff30) [0125.709] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0125.709] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fe80000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0125.710] CoTaskMemFree (pv=0x550740) [0125.710] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d030000, lpmodinfo=0x2459bb0, cb=0x18 | out: lpmodinfo=0x2459bb0*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0125.711] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0125.711] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d030000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0125.712] CoTaskMemFree (pv=0x54ff30) [0125.712] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0125.712] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d030000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0125.714] CoTaskMemFree (pv=0x54ef10) [0125.714] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c5f0000, lpmodinfo=0x245bd88, cb=0x18 | out: lpmodinfo=0x245bd88*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0125.716] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0125.716] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c5f0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0125.717] CoTaskMemFree (pv=0x551760) [0125.717] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0125.717] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c5f0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0125.718] CoTaskMemFree (pv=0x54d6e0) [0125.718] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ed60000, lpmodinfo=0x245df40, cb=0x18 | out: lpmodinfo=0x245df40*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0125.721] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0125.721] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ed60000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0125.722] CoTaskMemFree (pv=0x5537a0) [0125.722] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0125.722] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ed60000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0125.723] CoTaskMemFree (pv=0x551760) [0125.723] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f3e0000, lpmodinfo=0x24600e8, cb=0x18 | out: lpmodinfo=0x24600e8*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0125.725] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0125.725] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f3e0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0125.726] CoTaskMemFree (pv=0x54f720) [0125.726] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0125.726] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f3e0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0125.727] CoTaskMemFree (pv=0x550740) [0125.728] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c650000, lpmodinfo=0x2462290, cb=0x18 | out: lpmodinfo=0x2462290*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0125.729] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0125.729] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c650000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="SHCORE.dll") returned 0xa [0125.730] CoTaskMemFree (pv=0x54f720) [0125.730] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0125.730] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c650000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHCORE.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0125.732] CoTaskMemFree (pv=0x552780) [0125.732] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fb50000, lpmodinfo=0x2464438, cb=0x18 | out: lpmodinfo=0x2464438*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0125.733] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0125.733] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fb50000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0125.735] CoTaskMemFree (pv=0x552f90) [0125.735] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0125.735] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fb50000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0125.736] CoTaskMemFree (pv=0x54def0) [0125.736] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d650000, lpmodinfo=0x24665e0, cb=0x18 | out: lpmodinfo=0x24665e0*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0125.738] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.738] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d650000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0125.739] CoTaskMemFree (pv=0x551f70) [0125.739] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0125.740] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d650000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0125.741] CoTaskMemFree (pv=0x5537a0) [0125.741] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c710000, lpmodinfo=0x2468788, cb=0x18 | out: lpmodinfo=0x2468788*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0125.743] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0125.743] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c710000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0125.745] CoTaskMemFree (pv=0x5547c0) [0125.745] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.745] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c710000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0125.746] CoTaskMemFree (pv=0x551f70) [0125.746] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c760000, lpmodinfo=0x246aa58, cb=0x18 | out: lpmodinfo=0x246aa58*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0125.748] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0125.748] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c760000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0125.750] CoTaskMemFree (pv=0x54e700) [0125.750] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0125.750] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c760000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0125.752] CoTaskMemFree (pv=0x552780) [0125.752] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fd30000, lpmodinfo=0x246cc20, cb=0x18 | out: lpmodinfo=0x246cc20*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0125.753] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0125.753] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fd30000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0125.757] CoTaskMemFree (pv=0x54def0) [0125.757] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0125.757] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fd30000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0125.758] CoTaskMemFree (pv=0x5547c0) [0125.758] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f970000, lpmodinfo=0x246edd8, cb=0x18 | out: lpmodinfo=0x246edd8*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0125.760] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0125.760] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f970000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0125.762] CoTaskMemFree (pv=0x54e700) [0125.762] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0125.762] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f970000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0125.764] CoTaskMemFree (pv=0x54ff30) [0125.764] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c640000, lpmodinfo=0x2470f80, cb=0x18 | out: lpmodinfo=0x2470f80*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0125.766] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0125.766] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c640000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0125.769] CoTaskMemFree (pv=0x54d6e0) [0125.769] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0125.769] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c640000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0125.771] CoTaskMemFree (pv=0x552780) [0125.771] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c5d0000, lpmodinfo=0x2473148, cb=0x18 | out: lpmodinfo=0x2473148*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0125.773] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0125.773] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c5d0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0125.775] CoTaskMemFree (pv=0x54ef10) [0125.775] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0125.775] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c5d0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0125.777] CoTaskMemFree (pv=0x550740) [0125.777] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d170000, lpmodinfo=0x24752f0, cb=0x18 | out: lpmodinfo=0x24752f0*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0125.779] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0125.779] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d170000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0125.782] CoTaskMemFree (pv=0x54e700) [0125.782] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0125.782] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d170000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0125.784] CoTaskMemFree (pv=0x54e700) [0125.784] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c5c0000, lpmodinfo=0x2477498, cb=0x18 | out: lpmodinfo=0x2477498*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0125.786] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.786] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c5c0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0125.789] CoTaskMemFree (pv=0x551f70) [0125.789] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.789] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c5c0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0125.791] CoTaskMemFree (pv=0x551f70) [0125.791] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ab10000, lpmodinfo=0x2479640, cb=0x18 | out: lpmodinfo=0x2479640*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0125.794] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0125.794] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ab10000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0125.796] CoTaskMemFree (pv=0x54def0) [0125.796] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0125.796] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ab10000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0125.798] CoTaskMemFree (pv=0x5547c0) [0125.799] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87af40000, lpmodinfo=0x247b7e8, cb=0x18 | out: lpmodinfo=0x247b7e8*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0125.801] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0125.801] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87af40000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="UxTheme.dll") returned 0xb [0125.804] CoTaskMemFree (pv=0x550f50) [0125.804] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0125.804] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87af40000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\UxTheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0125.806] CoTaskMemFree (pv=0x551760) [0125.806] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87a590000, lpmodinfo=0x247d990, cb=0x18 | out: lpmodinfo=0x247d990*(lpBaseOfDll=0x7ff87a590000, SizeOfImage=0x22000, EntryPoint=0x7ff87a591a40)) returned 1 [0125.809] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.809] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87a590000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0125.811] CoTaskMemFree (pv=0x551f70) [0125.811] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0125.811] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87a590000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0125.813] CoTaskMemFree (pv=0x550740) [0125.814] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f290000, lpmodinfo=0x247fb38, cb=0x18 | out: lpmodinfo=0x247fb38*(lpBaseOfDll=0x7ff86f290000, SizeOfImage=0xb1000, EntryPoint=0x7ff86f2a08f0)) returned 1 [0125.817] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0125.817] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f290000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="TWINAPI.dll") returned 0xb [0125.819] CoTaskMemFree (pv=0x551760) [0125.819] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0125.820] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f290000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\TWINAPI.dll" (normalized: "c:\\windows\\system32\\twinapi.dll")) returned 0x1f [0125.822] CoTaskMemFree (pv=0x54d6e0) [0125.822] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87a2e0000, lpmodinfo=0x2481ce0, cb=0x18 | out: lpmodinfo=0x2481ce0*(lpBaseOfDll=0x7ff87a2e0000, SizeOfImage=0x2a8000, EntryPoint=0x7ff87a373250)) returned 1 [0125.825] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0125.825] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87a2e0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="d3d11.dll") returned 0x9 [0125.829] CoTaskMemFree (pv=0x54d6e0) [0125.829] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0125.829] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87a2e0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll")) returned 0x1d [0125.831] CoTaskMemFree (pv=0x54def0) [0125.831] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87a6a0000, lpmodinfo=0x2483e88, cb=0x18 | out: lpmodinfo=0x2483e88*(lpBaseOfDll=0x7ff87a6a0000, SizeOfImage=0xe3000, EntryPoint=0x7ff87a6d7da0)) returned 1 [0125.837] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0125.837] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87a6a0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="dcomp.dll") returned 0x9 [0125.839] CoTaskMemFree (pv=0x5537a0) [0125.839] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0125.839] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87a6a0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll")) returned 0x1d [0125.842] CoTaskMemFree (pv=0x54ff30) [0125.842] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b0e0000, lpmodinfo=0x2297610, cb=0x18 | out: lpmodinfo=0x2297610*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0125.845] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0125.845] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b0e0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0125.848] CoTaskMemFree (pv=0x54def0) [0125.848] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0125.848] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b0e0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0125.851] CoTaskMemFree (pv=0x54e700) [0125.851] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c240000, lpmodinfo=0x22997d8, cb=0x18 | out: lpmodinfo=0x22997d8*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0125.853] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0125.853] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c240000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0125.856] CoTaskMemFree (pv=0x54e700) [0125.856] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0125.856] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c240000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0125.859] CoTaskMemFree (pv=0x550740) [0125.859] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bd20000, lpmodinfo=0x229b980, cb=0x18 | out: lpmodinfo=0x229b980*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0125.862] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0125.862] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bd20000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0125.865] CoTaskMemFree (pv=0x54ff30) [0125.865] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0125.865] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bd20000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0125.868] CoTaskMemFree (pv=0x553fb0) [0125.868] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff877aa0000, lpmodinfo=0x229dd40, cb=0x18 | out: lpmodinfo=0x229dd40*(lpBaseOfDll=0x7ff877aa0000, SizeOfImage=0x10e000, EntryPoint=0x7ff877aeeaa0)) returned 1 [0125.871] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0125.871] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff877aa0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="MrmCoreR.dll") returned 0xc [0125.874] CoTaskMemFree (pv=0x552f90) [0125.874] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0125.874] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff877aa0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")) returned 0x20 [0125.877] CoTaskMemFree (pv=0x550f50) [0125.877] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87a230000, lpmodinfo=0x229fef8, cb=0x18 | out: lpmodinfo=0x229fef8*(lpBaseOfDll=0x7ff87a230000, SizeOfImage=0xa2000, EntryPoint=0x7ff87a250a40)) returned 1 [0125.880] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0125.880] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87a230000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="dxgi.dll") returned 0x8 [0125.883] CoTaskMemFree (pv=0x54e700) [0125.883] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0125.883] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87a230000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")) returned 0x1c [0125.886] CoTaskMemFree (pv=0x551760) [0125.886] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c450000, lpmodinfo=0x22a20a0, cb=0x18 | out: lpmodinfo=0x22a20a0*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0125.889] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.889] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c450000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0125.893] CoTaskMemFree (pv=0x551f70) [0125.893] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0125.893] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c450000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0125.896] CoTaskMemFree (pv=0x552f90) [0125.896] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d4f0000, lpmodinfo=0x22a4248, cb=0x18 | out: lpmodinfo=0x22a4248*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0125.900] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0125.900] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d4f0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0125.903] CoTaskMemFree (pv=0x54d6e0) [0125.903] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0125.903] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d4f0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0125.906] CoTaskMemFree (pv=0x552780) [0125.906] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fbb0000, lpmodinfo=0x22a63f0, cb=0x18 | out: lpmodinfo=0x22a63f0*(lpBaseOfDll=0x7ff87fbb0000, SizeOfImage=0x15a000, EntryPoint=0x7ff87fbf38e0)) returned 1 [0125.910] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0125.910] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fbb0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0125.913] CoTaskMemFree (pv=0x552f90) [0125.913] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0125.913] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fbb0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0125.917] CoTaskMemFree (pv=0x54ef10) [0125.917] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d3a0000, lpmodinfo=0x22a8598, cb=0x18 | out: lpmodinfo=0x22a8598*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0125.921] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0125.921] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d3a0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0125.924] CoTaskMemFree (pv=0x550f50) [0125.924] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0125.924] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d3a0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0125.927] CoTaskMemFree (pv=0x54ff30) [0125.927] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f9d0000, lpmodinfo=0x22aa740, cb=0x18 | out: lpmodinfo=0x22aa740*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0125.931] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0125.931] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f9d0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0125.935] CoTaskMemFree (pv=0x54f720) [0125.935] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0125.935] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f9d0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0125.938] CoTaskMemFree (pv=0x54e700) [0125.938] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c3d0000, lpmodinfo=0x22ac8e8, cb=0x18 | out: lpmodinfo=0x22ac8e8*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0125.941] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.941] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c3d0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0125.945] CoTaskMemFree (pv=0x551f70) [0125.945] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0125.945] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c3d0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0125.949] CoTaskMemFree (pv=0x5537a0) [0125.949] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff879c90000, lpmodinfo=0x22aea90, cb=0x18 | out: lpmodinfo=0x22aea90*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0125.952] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0125.952] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff879c90000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0125.956] CoTaskMemFree (pv=0x551760) [0125.956] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0125.956] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff879c90000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0125.960] CoTaskMemFree (pv=0x54e700) [0125.960] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875450000, lpmodinfo=0x22b0c48, cb=0x18 | out: lpmodinfo=0x22b0c48*(lpBaseOfDll=0x7ff875450000, SizeOfImage=0x28000, EntryPoint=0x7ff875458c10)) returned 1 [0125.963] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.964] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875450000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="IDStore.dll") returned 0xb [0125.968] CoTaskMemFree (pv=0x551f70) [0125.968] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0125.968] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875450000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll")) returned 0x1f [0125.972] CoTaskMemFree (pv=0x551f70) [0125.972] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87aca0000, lpmodinfo=0x22b2df0, cb=0x18 | out: lpmodinfo=0x22b2df0*(lpBaseOfDll=0x7ff87aca0000, SizeOfImage=0x1c000, EntryPoint=0x7ff87aca37a0)) returned 1 [0125.976] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0125.976] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87aca0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="SAMLIB.dll") returned 0xa [0125.980] CoTaskMemFree (pv=0x551760) [0125.980] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0125.980] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87aca0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SAMLIB.dll" (normalized: "c:\\windows\\system32\\samlib.dll")) returned 0x1e [0125.983] CoTaskMemFree (pv=0x54ff30) [0125.984] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87a130000, lpmodinfo=0x22b4f98, cb=0x18 | out: lpmodinfo=0x22b4f98*(lpBaseOfDll=0x7ff87a130000, SizeOfImage=0x67000, EntryPoint=0x7ff87a14e710)) returned 1 [0125.987] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0125.987] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87a130000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="Bcp47Langs.dll") returned 0xe [0125.991] CoTaskMemFree (pv=0x551760) [0125.991] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0125.991] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87a130000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Bcp47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")) returned 0x22 [0125.995] CoTaskMemFree (pv=0x5547c0) [0125.995] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86e8b0000, lpmodinfo=0x22b7150, cb=0x18 | out: lpmodinfo=0x22b7150*(lpBaseOfDll=0x7ff86e8b0000, SizeOfImage=0x15000, EntryPoint=0x7ff86e8b2c90)) returned 1 [0125.999] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0125.999] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86e8b0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="SETTINGSYNCPOLICY.dll") returned 0x15 [0126.003] CoTaskMemFree (pv=0x553fb0) [0126.003] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0126.003] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86e8b0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SETTINGSYNCPOLICY.dll" (normalized: "c:\\windows\\system32\\settingsyncpolicy.dll")) returned 0x29 [0126.007] CoTaskMemFree (pv=0x553fb0) [0126.007] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878830000, lpmodinfo=0x22b9328, cb=0x18 | out: lpmodinfo=0x22b9328*(lpBaseOfDll=0x7ff878830000, SizeOfImage=0x55000, EntryPoint=0x7ff878833fb0)) returned 1 [0126.011] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0126.011] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878830000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="policymanager.dll") returned 0x11 [0126.016] CoTaskMemFree (pv=0x550740) [0126.016] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0126.016] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878830000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")) returned 0x25 [0126.020] CoTaskMemFree (pv=0x54f720) [0126.020] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878e80000, lpmodinfo=0x22bb4f0, cb=0x18 | out: lpmodinfo=0x22bb4f0*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0126.024] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0126.024] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878e80000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0126.028] CoTaskMemFree (pv=0x5537a0) [0126.028] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0126.028] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878e80000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0126.032] CoTaskMemFree (pv=0x54d6e0) [0126.032] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86e7b0000, lpmodinfo=0x22bd6b8, cb=0x18 | out: lpmodinfo=0x22bd6b8*(lpBaseOfDll=0x7ff86e7b0000, SizeOfImage=0xf9000, EntryPoint=0x7ff86e7f8000)) returned 1 [0126.036] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0126.036] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86e7b0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="SettingSyncCore.dll") returned 0x13 [0126.041] CoTaskMemFree (pv=0x54d6e0) [0126.041] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0126.041] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86e7b0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll")) returned 0x27 [0126.046] CoTaskMemFree (pv=0x54ef10) [0126.046] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bf40000, lpmodinfo=0x22bf880, cb=0x18 | out: lpmodinfo=0x22bf880*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0126.050] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0126.050] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bf40000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0126.055] CoTaskMemFree (pv=0x54ef10) [0126.055] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0126.055] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bf40000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0126.059] CoTaskMemFree (pv=0x552780) [0126.059] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86e6e0000, lpmodinfo=0x22c1a28, cb=0x18 | out: lpmodinfo=0x22c1a28*(lpBaseOfDll=0x7ff86e6e0000, SizeOfImage=0xce000, EntryPoint=0x7ff86e7114c0)) returned 1 [0126.063] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0126.063] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86e6e0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="TokenBroker.dll") returned 0xf [0126.068] CoTaskMemFree (pv=0x54f720) [0126.068] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0126.068] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86e6e0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll")) returned 0x23 [0126.072] CoTaskMemFree (pv=0x54d6e0) [0126.072] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff876870000, lpmodinfo=0x22c3be0, cb=0x18 | out: lpmodinfo=0x22c3be0*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0126.077] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0126.077] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff876870000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0126.081] CoTaskMemFree (pv=0x551760) [0126.081] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0126.081] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff876870000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0126.085] CoTaskMemFree (pv=0x5537a0) [0126.085] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ad00000, lpmodinfo=0x22c5d98, cb=0x18 | out: lpmodinfo=0x22c5d98*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0126.090] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0126.090] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ad00000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0126.095] CoTaskMemFree (pv=0x551760) [0126.095] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0126.095] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ad00000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0126.099] CoTaskMemFree (pv=0x551760) [0126.099] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff872050000, lpmodinfo=0x22c7f50, cb=0x18 | out: lpmodinfo=0x22c7f50*(lpBaseOfDll=0x7ff872050000, SizeOfImage=0x274000, EntryPoint=0x7ff8720c0400)) returned 1 [0126.104] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0126.104] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff872050000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0126.108] CoTaskMemFree (pv=0x5547c0) [0126.108] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0126.108] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff872050000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")) returned 0x79 [0126.116] CoTaskMemFree (pv=0x551760) [0126.116] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86e500000, lpmodinfo=0x22ca1b8, cb=0x18 | out: lpmodinfo=0x22ca1b8*(lpBaseOfDll=0x7ff86e500000, SizeOfImage=0x65000, EntryPoint=0x7ff86e504c50)) returned 1 [0126.121] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0126.121] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86e500000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="SndVolSSO.DLL") returned 0xd [0126.126] CoTaskMemFree (pv=0x552f90) [0126.126] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0126.126] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86e500000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SndVolSSO.DLL" (normalized: "c:\\windows\\system32\\sndvolsso.dll")) returned 0x21 [0126.130] CoTaskMemFree (pv=0x54d6e0) [0126.130] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878090000, lpmodinfo=0x22cc370, cb=0x18 | out: lpmodinfo=0x22cc370*(lpBaseOfDll=0x7ff878090000, SizeOfImage=0x70000, EntryPoint=0x7ff8780b2960)) returned 1 [0126.135] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0126.135] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878090000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="MMDevApi.dll") returned 0xc [0126.140] CoTaskMemFree (pv=0x552780) [0126.140] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0126.140] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878090000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MMDevApi.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll")) returned 0x20 [0126.145] CoTaskMemFree (pv=0x54ef10) [0126.145] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87afe0000, lpmodinfo=0x22ce528, cb=0x18 | out: lpmodinfo=0x22ce528*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0126.150] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0126.150] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87afe0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0126.155] CoTaskMemFree (pv=0x54def0) [0126.155] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0126.155] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87afe0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0126.160] CoTaskMemFree (pv=0x552780) [0126.160] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86e490000, lpmodinfo=0x22d06d0, cb=0x18 | out: lpmodinfo=0x22d06d0*(lpBaseOfDll=0x7ff86e490000, SizeOfImage=0x6a000, EntryPoint=0x7ff86e4a5e90)) returned 1 [0126.164] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0126.164] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86e490000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="OLEACC.dll") returned 0xa [0126.169] CoTaskMemFree (pv=0x54def0) [0126.169] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0126.169] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86e490000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEACC.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")) returned 0x1e [0126.174] CoTaskMemFree (pv=0x553fb0) [0126.174] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86e390000, lpmodinfo=0x22d2878, cb=0x18 | out: lpmodinfo=0x22d2878*(lpBaseOfDll=0x7ff86e390000, SizeOfImage=0x4a000, EntryPoint=0x7ff86e395800)) returned 1 [0126.179] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0126.179] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86e390000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="dataexchange.dll") returned 0x10 [0126.185] CoTaskMemFree (pv=0x550740) [0126.185] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0126.185] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86e390000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dataexchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll")) returned 0x24 [0126.190] CoTaskMemFree (pv=0x553fb0) [0126.190] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff879920000, lpmodinfo=0x22d4a40, cb=0x18 | out: lpmodinfo=0x22d4a40*(lpBaseOfDll=0x7ff879920000, SizeOfImage=0x1b1000, EntryPoint=0x7ff8799b61a0)) returned 1 [0126.196] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0126.196] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff879920000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="windowscodecs.dll") returned 0x11 [0126.201] CoTaskMemFree (pv=0x54def0) [0126.201] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0126.201] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff879920000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windowscodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")) returned 0x25 [0126.206] CoTaskMemFree (pv=0x54ef10) [0126.206] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86def0000, lpmodinfo=0x22d6c08, cb=0x18 | out: lpmodinfo=0x22d6c08*(lpBaseOfDll=0x7ff86def0000, SizeOfImage=0x4a0000, EntryPoint=0x7ff86df88740)) returned 1 [0126.211] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0126.211] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86def0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="explorerframe.dll") returned 0x11 [0126.224] CoTaskMemFree (pv=0x54d6e0) [0126.224] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0126.224] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86def0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\explorerframe.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll")) returned 0x25 [0126.229] CoTaskMemFree (pv=0x54d6e0) [0126.229] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86dea0000, lpmodinfo=0x22d8dd0, cb=0x18 | out: lpmodinfo=0x22d8dd0*(lpBaseOfDll=0x7ff86dea0000, SizeOfImage=0x50000, EntryPoint=0x7ff86dea2580)) returned 1 [0126.235] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0126.235] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86dea0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="edputil.dll") returned 0xb [0126.241] CoTaskMemFree (pv=0x553fb0) [0126.241] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0126.241] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86dea0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll")) returned 0x1f [0126.246] CoTaskMemFree (pv=0x5537a0) [0126.246] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f5d0000, lpmodinfo=0x22daf78, cb=0x18 | out: lpmodinfo=0x22daf78*(lpBaseOfDll=0x7ff87f5d0000, SizeOfImage=0x6f000, EntryPoint=0x7ff87f5f5f70)) returned 1 [0126.252] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0126.252] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f5d0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="coml2.dll") returned 0x9 [0126.257] CoTaskMemFree (pv=0x5537a0) [0126.257] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0126.257] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f5d0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll")) returned 0x1d [0126.263] CoTaskMemFree (pv=0x54ef10) [0126.263] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86d390000, lpmodinfo=0x22dd120, cb=0x18 | out: lpmodinfo=0x22dd120*(lpBaseOfDll=0x7ff86d390000, SizeOfImage=0xb0b000, EntryPoint=0x7ff86d4da540)) returned 1 [0126.269] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0126.269] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86d390000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="TwinUI.dll") returned 0xa [0126.274] CoTaskMemFree (pv=0x54ff30) [0126.274] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0126.274] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86d390000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\TwinUI.dll" (normalized: "c:\\windows\\system32\\twinui.dll")) returned 0x1e [0126.280] CoTaskMemFree (pv=0x54d6e0) [0126.280] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff876320000, lpmodinfo=0x22df2c8, cb=0x18 | out: lpmodinfo=0x22df2c8*(lpBaseOfDll=0x7ff876320000, SizeOfImage=0x1bd000, EntryPoint=0x7ff87634af90)) returned 1 [0126.285] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0126.285] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff876320000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="Windows.UI.Immersive.dll") returned 0x18 [0126.291] CoTaskMemFree (pv=0x553fb0) [0126.291] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0126.291] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff876320000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\system32\\windows.ui.immersive.dll")) returned 0x2c [0126.296] CoTaskMemFree (pv=0x54def0) [0126.296] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86d340000, lpmodinfo=0x22e18c8, cb=0x18 | out: lpmodinfo=0x22e18c8*(lpBaseOfDll=0x7ff86d340000, SizeOfImage=0x4d000, EntryPoint=0x7ff86d34d180)) returned 1 [0126.302] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0126.302] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86d340000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="windows.immersiveshell.serviceprovider.dll") returned 0x2a [0126.307] CoTaskMemFree (pv=0x54ff30) [0126.307] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0126.307] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86d340000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\windows.immersiveshell.serviceprovider.dll" (normalized: "c:\\windows\\system32\\windows.immersiveshell.serviceprovider.dll")) returned 0x3e [0126.313] CoTaskMemFree (pv=0x5537a0) [0126.313] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86d330000, lpmodinfo=0x22e3af0, cb=0x18 | out: lpmodinfo=0x22e3af0*(lpBaseOfDll=0x7ff86d330000, SizeOfImage=0xc000, EntryPoint=0x7ff86d3318b0)) returned 1 [0126.319] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0126.319] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86d330000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="WLDP.DLL") returned 0x8 [0126.325] CoTaskMemFree (pv=0x5537a0) [0126.325] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0126.325] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86d330000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WLDP.DLL" (normalized: "c:\\windows\\system32\\wldp.dll")) returned 0x1c [0126.332] CoTaskMemFree (pv=0x5547c0) [0126.332] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d340000, lpmodinfo=0x22e5c98, cb=0x18 | out: lpmodinfo=0x22e5c98*(lpBaseOfDll=0x7ff87d340000, SizeOfImage=0x55000, EntryPoint=0x7ff87d357970)) returned 1 [0126.337] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0126.337] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d340000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0126.343] CoTaskMemFree (pv=0x553fb0) [0126.343] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0126.343] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d340000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0126.349] CoTaskMemFree (pv=0x552780) [0126.349] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ad80000, lpmodinfo=0x22e7e50, cb=0x18 | out: lpmodinfo=0x22e7e50*(lpBaseOfDll=0x7ff87ad80000, SizeOfImage=0x25000, EntryPoint=0x7ff87ad95220)) returned 1 [0126.354] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0126.354] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ad80000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="SLC.dll") returned 0x7 [0126.367] CoTaskMemFree (pv=0x550740) [0126.367] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0126.367] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ad80000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SLC.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0126.391] CoTaskMemFree (pv=0x54ef10) [0126.391] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ad20000, lpmodinfo=0x22e9fe8, cb=0x18 | out: lpmodinfo=0x22e9fe8*(lpBaseOfDll=0x7ff87ad20000, SizeOfImage=0x25000, EntryPoint=0x7ff87ad22300)) returned 1 [0126.397] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0126.397] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ad20000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="sppc.dll") returned 0x8 [0126.403] CoTaskMemFree (pv=0x54ff30) [0126.403] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0126.403] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ad20000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll")) returned 0x1c [0126.409] CoTaskMemFree (pv=0x551760) [0126.409] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875130000, lpmodinfo=0x22ec190, cb=0x18 | out: lpmodinfo=0x22ec190*(lpBaseOfDll=0x7ff875130000, SizeOfImage=0x6d000, EntryPoint=0x7ff87513d750)) returned 1 [0126.415] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0126.415] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875130000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="PhotoMetadataHandler.dll") returned 0x18 [0126.421] CoTaskMemFree (pv=0x551f70) [0126.421] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0126.421] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875130000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\PhotoMetadataHandler.dll" (normalized: "c:\\windows\\system32\\photometadatahandler.dll")) returned 0x2c [0126.429] CoTaskMemFree (pv=0x54def0) [0126.429] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86d0a0000, lpmodinfo=0x22ee378, cb=0x18 | out: lpmodinfo=0x22ee378*(lpBaseOfDll=0x7ff86d0a0000, SizeOfImage=0xdb000, EntryPoint=0x7ff86d0b28b0)) returned 1 [0126.435] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0126.435] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86d0a0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="ntshrui.dll") returned 0xb [0126.441] CoTaskMemFree (pv=0x54def0) [0126.441] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0126.441] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86d0a0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll")) returned 0x1f [0126.447] CoTaskMemFree (pv=0x552f90) [0126.447] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86d070000, lpmodinfo=0x22f0520, cb=0x18 | out: lpmodinfo=0x22f0520*(lpBaseOfDll=0x7ff86d070000, SizeOfImage=0x26000, EntryPoint=0x7ff86d071cf0)) returned 1 [0126.453] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0126.453] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86d070000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="srvcli.dll") returned 0xa [0126.459] CoTaskMemFree (pv=0x54ef10) [0126.459] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0126.460] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86d070000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")) returned 0x1e [0126.466] CoTaskMemFree (pv=0x54def0) [0126.466] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8744b0000, lpmodinfo=0x22f26c8, cb=0x18 | out: lpmodinfo=0x22f26c8*(lpBaseOfDll=0x7ff8744b0000, SizeOfImage=0x12000, EntryPoint=0x7ff8744b3580)) returned 1 [0126.472] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0126.472] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8744b0000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="cscapi.dll") returned 0xa [0126.478] CoTaskMemFree (pv=0x552780) [0126.478] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0126.478] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8744b0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")) returned 0x1e [0126.485] CoTaskMemFree (pv=0x552780) [0126.485] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b9d0000, lpmodinfo=0x22f4870, cb=0x18 | out: lpmodinfo=0x22f4870*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0126.491] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0126.491] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b9d0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0126.499] CoTaskMemFree (pv=0x551f70) [0126.499] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0126.499] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b9d0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0126.505] CoTaskMemFree (pv=0x54ef10) [0126.505] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86d020000, lpmodinfo=0x22f6a28, cb=0x18 | out: lpmodinfo=0x22f6a28*(lpBaseOfDll=0x7ff86d020000, SizeOfImage=0x4d000, EntryPoint=0x7ff86d037de0)) returned 1 [0126.512] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0126.512] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86d020000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="thumbcache.dll") returned 0xe [0126.518] CoTaskMemFree (pv=0x54f720) [0126.518] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0126.518] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86d020000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll")) returned 0x22 [0126.526] CoTaskMemFree (pv=0x550740) [0126.526] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86cfd0000, lpmodinfo=0x22f8be0, cb=0x18 | out: lpmodinfo=0x22f8be0*(lpBaseOfDll=0x7ff86cfd0000, SizeOfImage=0xd000, EntryPoint=0x7ff86cfd1ea0)) returned 1 [0126.532] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0126.532] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86cfd0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="LINKINFO.dll") returned 0xc [0126.539] CoTaskMemFree (pv=0x54e700) [0126.539] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0126.539] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86cfd0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\LINKINFO.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll")) returned 0x20 [0126.546] CoTaskMemFree (pv=0x54ef10) [0126.546] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8764e0000, lpmodinfo=0x22fad98, cb=0x18 | out: lpmodinfo=0x22fad98*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0126.552] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0126.552] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8764e0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0126.559] CoTaskMemFree (pv=0x54f720) [0126.559] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0126.559] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8764e0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0126.567] CoTaskMemFree (pv=0x54ff30) [0126.567] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86ce40000, lpmodinfo=0x22fcf50, cb=0x18 | out: lpmodinfo=0x22fcf50*(lpBaseOfDll=0x7ff86ce40000, SizeOfImage=0x18f000, EntryPoint=0x7ff86ce501d8)) returned 1 [0126.573] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0126.573] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86ce40000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="FileSyncShell64.dll") returned 0x13 [0126.580] CoTaskMemFree (pv=0x552780) [0126.580] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0126.580] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86ce40000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\amd64\\filesyncshell64.dll")) returned 0x61 [0126.586] CoTaskMemFree (pv=0x54f720) [0126.586] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86cd90000, lpmodinfo=0x22ff190, cb=0x18 | out: lpmodinfo=0x22ff190*(lpBaseOfDll=0x7ff86cd90000, SizeOfImage=0xa6000, EntryPoint=0x7ff86cddefec)) returned 1 [0126.593] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0126.593] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86cd90000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="MSVCP120.dll") returned 0xc [0126.600] CoTaskMemFree (pv=0x552f90) [0126.600] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0126.600] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86cd90000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\amd64\\MSVCP120.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\amd64\\msvcp120.dll")) returned 0x5a [0126.607] CoTaskMemFree (pv=0x54d6e0) [0126.607] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86cca0000, lpmodinfo=0x23013b8, cb=0x18 | out: lpmodinfo=0x23013b8*(lpBaseOfDll=0x7ff86cca0000, SizeOfImage=0xef000, EntryPoint=0x7ff86ccc29cc)) returned 1 [0126.614] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0126.614] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86cca0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="MSVCR120.dll") returned 0xc [0126.620] CoTaskMemFree (pv=0x54def0) [0126.620] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0126.620] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86cca0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\amd64\\MSVCR120.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\amd64\\msvcr120.dll")) returned 0x5a [0126.628] CoTaskMemFree (pv=0x551f70) [0126.628] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff870d80000, lpmodinfo=0x23035e0, cb=0x18 | out: lpmodinfo=0x23035e0*(lpBaseOfDll=0x7ff870d80000, SizeOfImage=0xa000, EntryPoint=0x7ff870d81350)) returned 1 [0126.636] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0126.636] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff870d80000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0126.644] CoTaskMemFree (pv=0x550f50) [0126.644] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0126.644] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff870d80000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0126.652] CoTaskMemFree (pv=0x551f70) [0126.652] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86ec80000, lpmodinfo=0x2305788, cb=0x18 | out: lpmodinfo=0x2305788*(lpBaseOfDll=0x7ff86ec80000, SizeOfImage=0x28e000, EntryPoint=0x7ff86ed50f00)) returned 1 [0126.659] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0126.659] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86ec80000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="WININET.dll") returned 0xb [0126.666] CoTaskMemFree (pv=0x550740) [0126.666] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0126.666] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86ec80000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WININET.dll" (normalized: "c:\\windows\\system32\\wininet.dll")) returned 0x1f [0126.673] CoTaskMemFree (pv=0x551f70) [0126.673] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86ca80000, lpmodinfo=0x2307930, cb=0x18 | out: lpmodinfo=0x2307930*(lpBaseOfDll=0x7ff86ca80000, SizeOfImage=0x214000, EntryPoint=0x7ff86ca81000)) returned 1 [0126.680] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0126.680] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86ca80000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="GROOVEEX.DLL") returned 0xc [0126.689] CoTaskMemFree (pv=0x54ff30) [0126.689] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0126.689] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86ca80000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\grooveex.dll")) returned 0x67 [0126.697] CoTaskMemFree (pv=0x553fb0) [0126.697] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86ca60000, lpmodinfo=0x2309b70, cb=0x18 | out: lpmodinfo=0x2309b70*(lpBaseOfDll=0x7ff86ca60000, SizeOfImage=0x17000, EntryPoint=0x7ff86ca6c440)) returned 1 [0126.704] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0126.704] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86ca60000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="VCRUNTIME140.dll") returned 0x10 [0126.713] CoTaskMemFree (pv=0x551f70) [0126.713] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0126.713] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86ca60000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\VCRUNTIME140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\vcruntime140.dll")) returned 0x6b [0126.720] CoTaskMemFree (pv=0x550f50) [0126.720] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c9c0000, lpmodinfo=0x230bdc0, cb=0x18 | out: lpmodinfo=0x230bdc0*(lpBaseOfDll=0x7ff86c9c0000, SizeOfImage=0x9e000, EntryPoint=0x7ff86ca09d40)) returned 1 [0126.728] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0126.728] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c9c0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="MSVCP140.dll") returned 0xc [0126.737] CoTaskMemFree (pv=0x553fb0) [0126.737] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0126.737] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c9c0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\MSVCP140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\msvcp140.dll")) returned 0x67 [0126.744] CoTaskMemFree (pv=0x551f70) [0126.744] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b760000, lpmodinfo=0x230e000, cb=0x18 | out: lpmodinfo=0x230e000*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0126.751] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0126.751] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b760000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0126.759] CoTaskMemFree (pv=0x550740) [0126.759] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0126.759] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b760000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0126.766] CoTaskMemFree (pv=0x552780) [0126.766] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c060000, lpmodinfo=0x23101b8, cb=0x18 | out: lpmodinfo=0x23101b8*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0126.773] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0126.773] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c060000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="CRYPTBASE.DLL") returned 0xd [0126.782] CoTaskMemFree (pv=0x54f720) [0126.783] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0126.783] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c060000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.DLL" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0126.790] CoTaskMemFree (pv=0x553fb0) [0126.790] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff872ad0000, lpmodinfo=0x2312370, cb=0x18 | out: lpmodinfo=0x2312370*(lpBaseOfDll=0x7ff872ad0000, SizeOfImage=0x33a000, EntryPoint=0x7ff872ad8520)) returned 1 [0126.800] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0126.800] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff872ad0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="msi.dll") returned 0x7 [0126.877] CoTaskMemFree (pv=0x54def0) [0126.877] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0126.877] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff872ad0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll")) returned 0x1b [0126.885] CoTaskMemFree (pv=0x551760) [0126.885] GetModuleInformation (in: hProcess=0x268, hModule=0x180000000, lpmodinfo=0x2314508, cb=0x18 | out: lpmodinfo=0x2314508*(lpBaseOfDll=0x180000000, SizeOfImage=0x87e000, EntryPoint=0x0)) returned 1 [0126.894] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0126.894] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x180000000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="GrooveIntlResource.dll") returned 0x16 [0126.902] CoTaskMemFree (pv=0x5537a0) [0126.902] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0126.902] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x180000000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\1033\\grooveintlresource.dll")) returned 0x76 [0126.916] CoTaskMemFree (pv=0x551f70) [0126.916] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c980000, lpmodinfo=0x2316778, cb=0x18 | out: lpmodinfo=0x2316778*(lpBaseOfDll=0x7ff86c980000, SizeOfImage=0x37000, EntryPoint=0x7ff86c9820a0)) returned 1 [0126.925] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0126.925] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c980000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="EhStorShell.dll") returned 0xf [0126.933] CoTaskMemFree (pv=0x551760) [0126.933] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0126.933] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c980000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll")) returned 0x23 [0126.941] CoTaskMemFree (pv=0x550f50) [0126.941] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87efb0000, lpmodinfo=0x2318930, cb=0x18 | out: lpmodinfo=0x2318930*(lpBaseOfDll=0x7ff87efb0000, SizeOfImage=0x429000, EntryPoint=0x7ff87efd8740)) returned 1 [0126.948] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0126.948] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87efb0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0126.965] CoTaskMemFree (pv=0x54def0) [0126.965] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0126.965] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87efb0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0126.973] CoTaskMemFree (pv=0x54f720) [0126.973] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873bc0000, lpmodinfo=0x231aae8, cb=0x18 | out: lpmodinfo=0x231aae8*(lpBaseOfDll=0x7ff873bc0000, SizeOfImage=0x25d000, EntryPoint=0x7ff873c48610)) returned 1 [0126.983] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0126.983] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873bc0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="twinui.appcore.dll") returned 0x12 [0126.992] CoTaskMemFree (pv=0x54d6e0) [0126.992] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0126.992] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873bc0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll")) returned 0x26 [0127.001] CoTaskMemFree (pv=0x54ff30) [0127.001] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87a5e0000, lpmodinfo=0x231ccb0, cb=0x18 | out: lpmodinfo=0x231ccb0*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0127.009] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0127.009] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87a5e0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="CoreMessaging.dll") returned 0x11 [0127.017] CoTaskMemFree (pv=0x551760) [0127.017] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0127.017] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87a5e0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0127.026] CoTaskMemFree (pv=0x54def0) [0127.026] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874220000, lpmodinfo=0x231ee78, cb=0x18 | out: lpmodinfo=0x231ee78*(lpBaseOfDll=0x7ff874220000, SizeOfImage=0x288000, EntryPoint=0x7ff87427f670)) returned 1 [0127.033] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0127.034] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874220000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="CoreUIComponents.dll") returned 0x14 [0127.042] CoTaskMemFree (pv=0x54f720) [0127.042] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0127.042] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874220000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll")) returned 0x28 [0127.050] CoTaskMemFree (pv=0x54def0) [0127.050] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c790000, lpmodinfo=0x2321050, cb=0x18 | out: lpmodinfo=0x2321050*(lpBaseOfDll=0x7ff86c790000, SizeOfImage=0x120000, EntryPoint=0x7ff86c7c8310)) returned 1 [0127.060] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0127.060] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c790000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="ApplicationFrame.dll") returned 0x14 [0127.068] CoTaskMemFree (pv=0x54ef10) [0127.068] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0127.068] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c790000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ApplicationFrame.dll" (normalized: "c:\\windows\\system32\\applicationframe.dll")) returned 0x28 [0127.075] CoTaskMemFree (pv=0x54d6e0) [0127.075] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff879030000, lpmodinfo=0x2323228, cb=0x18 | out: lpmodinfo=0x2323228*(lpBaseOfDll=0x7ff879030000, SizeOfImage=0x545000, EntryPoint=0x7ff8791ca450)) returned 1 [0127.084] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0127.084] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff879030000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="d2d1.dll") returned 0x8 [0127.092] CoTaskMemFree (pv=0x550740) [0127.092] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0127.092] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff879030000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll")) returned 0x1c [0127.101] CoTaskMemFree (pv=0x54e700) [0127.101] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c650000, lpmodinfo=0x23253d0, cb=0x18 | out: lpmodinfo=0x23253d0*(lpBaseOfDll=0x7ff86c650000, SizeOfImage=0xda000, EntryPoint=0x7ff86c683c00)) returned 1 [0127.109] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0127.109] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c650000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="wpncore.dll") returned 0xb [0127.117] CoTaskMemFree (pv=0x5547c0) [0127.117] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0127.117] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c650000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wpncore.dll" (normalized: "c:\\windows\\system32\\wpncore.dll")) returned 0x1f [0127.128] CoTaskMemFree (pv=0x54f720) [0127.128] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878b20000, lpmodinfo=0x2327578, cb=0x18 | out: lpmodinfo=0x2327578*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0127.136] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0127.136] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878b20000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="WINHTTP.dll") returned 0xb [0127.144] CoTaskMemFree (pv=0x54def0) [0127.144] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0127.144] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878b20000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINHTTP.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0127.152] CoTaskMemFree (pv=0x5537a0) [0127.152] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86d240000, lpmodinfo=0x2329720, cb=0x18 | out: lpmodinfo=0x2329720*(lpBaseOfDll=0x7ff86d240000, SizeOfImage=0x86000, EntryPoint=0x7ff86d261e10)) returned 1 [0127.160] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0127.160] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86d240000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="NotificationController.dll") returned 0x1a [0127.168] CoTaskMemFree (pv=0x54def0) [0127.168] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0127.168] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86d240000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NotificationController.dll" (normalized: "c:\\windows\\system32\\notificationcontroller.dll")) returned 0x2e [0127.177] CoTaskMemFree (pv=0x550740) [0127.177] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8740b0000, lpmodinfo=0x232b908, cb=0x18 | out: lpmodinfo=0x232b908*(lpBaseOfDll=0x7ff8740b0000, SizeOfImage=0x4b000, EntryPoint=0x7ff8740c7b70)) returned 1 [0127.185] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0127.185] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8740b0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="VEEventDispatcher.dll") returned 0x15 [0127.194] CoTaskMemFree (pv=0x5537a0) [0127.194] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0127.194] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8740b0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll")) returned 0x29 [0127.203] CoTaskMemFree (pv=0x552f90) [0127.203] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c620000, lpmodinfo=0x232dae0, cb=0x18 | out: lpmodinfo=0x232dae0*(lpBaseOfDll=0x7ff86c620000, SizeOfImage=0x2b000, EntryPoint=0x7ff86c624240)) returned 1 [0127.211] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0127.211] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c620000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="AboveLockAppHost.dll") returned 0x14 [0127.226] CoTaskMemFree (pv=0x54ff30) [0127.226] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0127.226] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c620000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\AboveLockAppHost.dll" (normalized: "c:\\windows\\system32\\abovelockapphost.dll")) returned 0x28 [0127.236] CoTaskMemFree (pv=0x5547c0) [0127.237] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c5f0000, lpmodinfo=0x232fcb8, cb=0x18 | out: lpmodinfo=0x232fcb8*(lpBaseOfDll=0x7ff86c5f0000, SizeOfImage=0x26000, EntryPoint=0x7ff86c605cb0)) returned 1 [0127.246] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0127.246] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c5f0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="npsm.dll") returned 0x8 [0127.255] CoTaskMemFree (pv=0x54d6e0) [0127.255] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0127.255] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c5f0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npsm.dll" (normalized: "c:\\windows\\system32\\npsm.dll")) returned 0x1c [0127.263] CoTaskMemFree (pv=0x54f720) [0127.263] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873b20000, lpmodinfo=0x2331e60, cb=0x18 | out: lpmodinfo=0x2331e60*(lpBaseOfDll=0x7ff873b20000, SizeOfImage=0x15000, EntryPoint=0x7ff873b21ab0)) returned 1 [0127.276] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0127.276] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873b20000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="execmodelproxy.dll") returned 0x12 [0127.284] CoTaskMemFree (pv=0x54f720) [0127.285] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0127.285] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873b20000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll")) returned 0x26 [0127.293] CoTaskMemFree (pv=0x5547c0) [0127.293] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86d200000, lpmodinfo=0x2334028, cb=0x18 | out: lpmodinfo=0x2334028*(lpBaseOfDll=0x7ff86d200000, SizeOfImage=0x15000, EntryPoint=0x7ff86d205740)) returned 1 [0127.302] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0127.302] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86d200000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="profext.dll") returned 0xb [0127.310] CoTaskMemFree (pv=0x5547c0) [0127.310] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0127.310] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86d200000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll")) returned 0x1f [0127.323] CoTaskMemFree (pv=0x54ef10) [0127.323] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bab0000, lpmodinfo=0x23361d0, cb=0x18 | out: lpmodinfo=0x23361d0*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0127.331] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0127.331] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bab0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0127.340] CoTaskMemFree (pv=0x54d6e0) [0127.340] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0127.340] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bab0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0127.351] CoTaskMemFree (pv=0x550f50) [0127.351] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c500000, lpmodinfo=0x2338378, cb=0x18 | out: lpmodinfo=0x2338378*(lpBaseOfDll=0x7ff86c500000, SizeOfImage=0x97000, EntryPoint=0x7ff86c50ddc0)) returned 1 [0127.360] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0127.360] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c500000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="wlidprov.dll") returned 0xc [0127.368] CoTaskMemFree (pv=0x54e700) [0127.368] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0127.368] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c500000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wlidprov.dll" (normalized: "c:\\windows\\system32\\wlidprov.dll")) returned 0x20 [0127.387] CoTaskMemFree (pv=0x5537a0) [0127.387] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878330000, lpmodinfo=0x233a530, cb=0x18 | out: lpmodinfo=0x233a530*(lpBaseOfDll=0x7ff878330000, SizeOfImage=0xae000, EntryPoint=0x7ff8783480c0)) returned 1 [0127.400] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0127.400] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878330000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="Windows.Networking.Connectivity.dll") returned 0x23 [0127.409] CoTaskMemFree (pv=0x54def0) [0127.409] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0127.409] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878330000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")) returned 0x37 [0127.418] CoTaskMemFree (pv=0x551f70) [0127.418] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c4f0000, lpmodinfo=0x233c738, cb=0x18 | out: lpmodinfo=0x233c738*(lpBaseOfDll=0x7ff86c4f0000, SizeOfImage=0xc000, EntryPoint=0x7ff86c4f14b0)) returned 1 [0127.426] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0127.427] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c4f0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="NotificationControllerPS.dll") returned 0x1c [0127.436] CoTaskMemFree (pv=0x550740) [0127.436] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0127.436] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c4f0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NotificationControllerPS.dll" (normalized: "c:\\windows\\system32\\notificationcontrollerps.dll")) returned 0x30 [0127.446] CoTaskMemFree (pv=0x5547c0) [0127.446] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c490000, lpmodinfo=0x233e930, cb=0x18 | out: lpmodinfo=0x233e930*(lpBaseOfDll=0x7ff86c490000, SizeOfImage=0x5c000, EntryPoint=0x7ff86c4a7190)) returned 1 [0127.455] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0127.455] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c490000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="NInput.dll") returned 0xa [0127.464] CoTaskMemFree (pv=0x552f90) [0127.464] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0127.464] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c490000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NInput.dll" (normalized: "c:\\windows\\system32\\ninput.dll")) returned 0x1e [0127.473] CoTaskMemFree (pv=0x550f50) [0127.473] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874a90000, lpmodinfo=0x2340ad8, cb=0x18 | out: lpmodinfo=0x2340ad8*(lpBaseOfDll=0x7ff874a90000, SizeOfImage=0xe000, EntryPoint=0x7ff874a91460)) returned 1 [0127.482] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0127.482] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874a90000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0127.491] CoTaskMemFree (pv=0x550f50) [0127.491] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0127.491] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874a90000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0127.501] CoTaskMemFree (pv=0x552780) [0127.501] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875480000, lpmodinfo=0x2342c90, cb=0x18 | out: lpmodinfo=0x2342c90*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0127.510] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0127.511] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875480000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0127.520] CoTaskMemFree (pv=0x5537a0) [0127.520] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0127.520] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875480000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0127.529] CoTaskMemFree (pv=0x550f50) [0127.529] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87efa0000, lpmodinfo=0x2344e48, cb=0x18 | out: lpmodinfo=0x2344e48*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0127.538] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0127.538] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87efa0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0127.549] CoTaskMemFree (pv=0x54ef10) [0127.549] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0127.549] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87efa0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0127.558] CoTaskMemFree (pv=0x54f720) [0127.558] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878bf0000, lpmodinfo=0x2346fe0, cb=0x18 | out: lpmodinfo=0x2346fe0*(lpBaseOfDll=0x7ff878bf0000, SizeOfImage=0x61000, EntryPoint=0x7ff878bf4b50)) returned 1 [0127.567] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0127.567] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878bf0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="wlanapi.dll") returned 0xb [0127.577] CoTaskMemFree (pv=0x552f90) [0127.577] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0127.577] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878bf0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")) returned 0x1f [0127.587] CoTaskMemFree (pv=0x5547c0) [0127.587] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86d310000, lpmodinfo=0x2349188, cb=0x18 | out: lpmodinfo=0x2349188*(lpBaseOfDll=0x7ff86d310000, SizeOfImage=0x16000, EntryPoint=0x7ff86d311d50)) returned 1 [0127.597] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0127.597] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86d310000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="wwapi.dll") returned 0x9 [0127.606] CoTaskMemFree (pv=0x551760) [0127.606] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0127.606] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86d310000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll")) returned 0x1d [0127.616] CoTaskMemFree (pv=0x54def0) [0127.616] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff879580000, lpmodinfo=0x234b330, cb=0x18 | out: lpmodinfo=0x234b330*(lpBaseOfDll=0x7ff879580000, SizeOfImage=0x26f000, EntryPoint=0x7ff8796322b0)) returned 1 [0127.625] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0127.625] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff879580000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="d3d10warp.dll") returned 0xd [0127.634] CoTaskMemFree (pv=0x54f720) [0127.634] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0127.634] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff879580000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll")) returned 0x21 [0127.644] CoTaskMemFree (pv=0x551f70) [0127.644] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8798d0000, lpmodinfo=0x234d4e8, cb=0x18 | out: lpmodinfo=0x234d4e8*(lpBaseOfDll=0x7ff8798d0000, SizeOfImage=0x4b000, EntryPoint=0x7ff8798e72b0)) returned 1 [0127.655] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0127.655] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8798d0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="UIAnimation.dll") returned 0xf [0127.665] CoTaskMemFree (pv=0x5537a0) [0127.665] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0127.665] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8798d0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll")) returned 0x23 [0127.674] CoTaskMemFree (pv=0x54ff30) [0127.674] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c400000, lpmodinfo=0x234f6a0, cb=0x18 | out: lpmodinfo=0x234f6a0*(lpBaseOfDll=0x7ff86c400000, SizeOfImage=0x22000, EntryPoint=0x7ff86c402580)) returned 1 [0127.685] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0127.685] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c400000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="wcmapi.dll") returned 0xa [0127.695] CoTaskMemFree (pv=0x551760) [0127.695] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0127.695] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c400000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wcmapi.dll" (normalized: "c:\\windows\\system32\\wcmapi.dll")) returned 0x1e [0127.704] CoTaskMemFree (pv=0x54ff30) [0127.704] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b380000, lpmodinfo=0x2351848, cb=0x18 | out: lpmodinfo=0x2351848*(lpBaseOfDll=0x7ff87b380000, SizeOfImage=0x2a000, EntryPoint=0x7ff87b388b90)) returned 1 [0127.714] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0127.714] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b380000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="RMCLIENT.dll") returned 0xc [0127.724] CoTaskMemFree (pv=0x54d6e0) [0127.724] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0127.724] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b380000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RMCLIENT.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")) returned 0x20 [0127.734] CoTaskMemFree (pv=0x551760) [0127.734] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87eed0000, lpmodinfo=0x2353a00, cb=0x18 | out: lpmodinfo=0x2353a00*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0127.743] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0127.743] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87eed0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0127.754] CoTaskMemFree (pv=0x54f720) [0127.754] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0127.754] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87eed0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0127.764] CoTaskMemFree (pv=0x550f50) [0127.764] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86d180000, lpmodinfo=0x2355ba8, cb=0x18 | out: lpmodinfo=0x2355ba8*(lpBaseOfDll=0x7ff86d180000, SizeOfImage=0x80000, EntryPoint=0x7ff86d1ad280)) returned 1 [0127.774] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0127.774] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86d180000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0127.784] CoTaskMemFree (pv=0x54def0) [0127.784] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0127.784] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86d180000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")) returned 0x1d [0127.794] CoTaskMemFree (pv=0x54e700) [0127.794] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87be90000, lpmodinfo=0x2357d50, cb=0x18 | out: lpmodinfo=0x2357d50*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0127.804] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0127.804] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87be90000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0127.814] CoTaskMemFree (pv=0x5547c0) [0127.814] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0127.815] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87be90000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0127.824] CoTaskMemFree (pv=0x54ff30) [0127.824] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8750d0000, lpmodinfo=0x2359ef8, cb=0x18 | out: lpmodinfo=0x2359ef8*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0127.834] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0127.834] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8750d0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0127.845] CoTaskMemFree (pv=0x54ef10) [0127.845] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0127.845] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8750d0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0127.856] CoTaskMemFree (pv=0x550740) [0127.856] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874720000, lpmodinfo=0x235c0a0, cb=0x18 | out: lpmodinfo=0x235c0a0*(lpBaseOfDll=0x7ff874720000, SizeOfImage=0x5f000, EntryPoint=0x7ff87474bce0)) returned 1 [0127.867] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0127.867] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874720000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="dsreg.dll") returned 0x9 [0127.877] CoTaskMemFree (pv=0x5537a0) [0127.877] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0127.877] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874720000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dsreg.dll" (normalized: "c:\\windows\\system32\\dsreg.dll")) returned 0x1d [0127.887] CoTaskMemFree (pv=0x552f90) [0127.887] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875230000, lpmodinfo=0x235e248, cb=0x18 | out: lpmodinfo=0x235e248*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff875231b60)) returned 1 [0127.897] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0127.897] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875230000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0127.908] CoTaskMemFree (pv=0x551f70) [0127.908] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0127.908] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875230000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0127.918] CoTaskMemFree (pv=0x54ff30) [0127.918] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bc10000, lpmodinfo=0x23603f0, cb=0x18 | out: lpmodinfo=0x23603f0*(lpBaseOfDll=0x7ff87bc10000, SizeOfImage=0xa000, EntryPoint=0x7ff87bc11830)) returned 1 [0127.928] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0127.928] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bc10000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="DPAPI.DLL") returned 0x9 [0127.939] CoTaskMemFree (pv=0x54def0) [0127.939] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0127.939] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bc10000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DPAPI.DLL" (normalized: "c:\\windows\\system32\\dpapi.dll")) returned 0x1d [0127.949] CoTaskMemFree (pv=0x552f90) [0127.949] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b030000, lpmodinfo=0x2362598, cb=0x18 | out: lpmodinfo=0x2362598*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0127.960] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0127.960] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b030000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0127.975] CoTaskMemFree (pv=0x54f720) [0127.975] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0127.975] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b030000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0127.985] CoTaskMemFree (pv=0x54ff30) [0127.985] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874830000, lpmodinfo=0x2364740, cb=0x18 | out: lpmodinfo=0x2364740*(lpBaseOfDll=0x7ff874830000, SizeOfImage=0xa000, EntryPoint=0x7ff8748314c0)) returned 1 [0127.996] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0127.996] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874830000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0128.007] CoTaskMemFree (pv=0x553fb0) [0128.007] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0128.007] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874830000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0128.018] CoTaskMemFree (pv=0x553fb0) [0128.018] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bb10000, lpmodinfo=0x23668f8, cb=0x18 | out: lpmodinfo=0x23668f8*(lpBaseOfDll=0x7ff87bb10000, SizeOfImage=0x7a000, EntryPoint=0x7ff87bb31a50)) returned 1 [0128.028] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0128.028] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bb10000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0128.038] CoTaskMemFree (pv=0x551f70) [0128.038] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0128.038] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bb10000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0128.048] CoTaskMemFree (pv=0x552780) [0128.048] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c8b0000, lpmodinfo=0x23692c8, cb=0x18 | out: lpmodinfo=0x23692c8*(lpBaseOfDll=0x7ff86c8b0000, SizeOfImage=0x14000, EntryPoint=0x7ff86c8b3710)) returned 1 [0128.059] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0128.059] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c8b0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0128.070] CoTaskMemFree (pv=0x551f70) [0128.070] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0128.070] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c8b0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0128.081] CoTaskMemFree (pv=0x550f50) [0128.081] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c130000, lpmodinfo=0x236b490, cb=0x18 | out: lpmodinfo=0x236b490*(lpBaseOfDll=0x7ff87c130000, SizeOfImage=0x27000, EntryPoint=0x7ff87c140aa0)) returned 1 [0128.091] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0128.091] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c130000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0128.102] CoTaskMemFree (pv=0x552780) [0128.102] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0128.102] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c130000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0128.113] CoTaskMemFree (pv=0x550f50) [0128.113] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c0f0000, lpmodinfo=0x236d638, cb=0x18 | out: lpmodinfo=0x236d638*(lpBaseOfDll=0x7ff87c0f0000, SizeOfImage=0x3a000, EntryPoint=0x7ff87c0f8d20)) returned 1 [0128.123] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0128.123] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c0f0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0128.134] CoTaskMemFree (pv=0x552f90) [0128.134] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0128.134] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c0f0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0128.145] CoTaskMemFree (pv=0x54e700) [0128.145] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c960000, lpmodinfo=0x236f7e0, cb=0x18 | out: lpmodinfo=0x236f7e0*(lpBaseOfDll=0x7ff86c960000, SizeOfImage=0x1e000, EntryPoint=0x7ff86c96ef80)) returned 1 [0128.156] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0128.156] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c960000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0128.167] CoTaskMemFree (pv=0x54d6e0) [0128.167] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0128.167] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c960000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0128.178] CoTaskMemFree (pv=0x54ef10) [0128.178] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875a10000, lpmodinfo=0x2371998, cb=0x18 | out: lpmodinfo=0x2371998*(lpBaseOfDll=0x7ff875a10000, SizeOfImage=0x19000, EntryPoint=0x7ff875a14520)) returned 1 [0128.190] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0128.190] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875a10000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="samcli.dll") returned 0xa [0128.202] CoTaskMemFree (pv=0x552f90) [0128.202] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0128.202] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875a10000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")) returned 0x1e [0128.213] CoTaskMemFree (pv=0x553fb0) [0128.213] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874590000, lpmodinfo=0x2373b40, cb=0x18 | out: lpmodinfo=0x2373b40*(lpBaseOfDll=0x7ff874590000, SizeOfImage=0x10d000, EntryPoint=0x7ff8745bf420)) returned 1 [0128.235] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0128.235] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874590000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="MFPlat.DLL") returned 0xa [0128.246] CoTaskMemFree (pv=0x550740) [0128.246] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0128.246] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874590000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MFPlat.DLL" (normalized: "c:\\windows\\system32\\mfplat.dll")) returned 0x1e [0128.257] CoTaskMemFree (pv=0x550f50) [0128.257] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874560000, lpmodinfo=0x2375ce8, cb=0x18 | out: lpmodinfo=0x2375ce8*(lpBaseOfDll=0x7ff874560000, SizeOfImage=0x2b000, EntryPoint=0x7ff87456c3c0)) returned 1 [0128.272] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0128.272] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874560000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="RTWorkQ.DLL") returned 0xb [0128.283] CoTaskMemFree (pv=0x551760) [0128.284] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0128.284] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874560000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RTWorkQ.DLL" (normalized: "c:\\windows\\system32\\rtworkq.dll")) returned 0x1f [0128.295] CoTaskMemFree (pv=0x550f50) [0128.295] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c1c0000, lpmodinfo=0x2377e90, cb=0x18 | out: lpmodinfo=0x2377e90*(lpBaseOfDll=0x7ff86c1c0000, SizeOfImage=0x64000, EntryPoint=0x7ff86c1c6b20)) returned 1 [0128.307] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0128.307] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c1c0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="stobject.dll") returned 0xc [0128.318] CoTaskMemFree (pv=0x54ff30) [0128.318] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0128.318] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c1c0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll")) returned 0x20 [0128.329] CoTaskMemFree (pv=0x550740) [0128.329] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875d20000, lpmodinfo=0x237a048, cb=0x18 | out: lpmodinfo=0x237a048*(lpBaseOfDll=0x7ff875d20000, SizeOfImage=0x11000, EntryPoint=0x7ff875d23320)) returned 1 [0128.341] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0128.341] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875d20000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="WMICLNT.dll") returned 0xb [0128.352] CoTaskMemFree (pv=0x54ff30) [0128.352] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0128.352] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875d20000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WMICLNT.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")) returned 0x1f [0128.364] CoTaskMemFree (pv=0x54ef10) [0128.364] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8736c0000, lpmodinfo=0x237c1f0, cb=0x18 | out: lpmodinfo=0x237c1f0*(lpBaseOfDll=0x7ff8736c0000, SizeOfImage=0x2a3000, EntryPoint=0x7ff8736e6190)) returned 1 [0128.384] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0128.384] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8736c0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="Windows.StateRepository.dll") returned 0x1b [0128.395] CoTaskMemFree (pv=0x551760) [0128.395] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0128.395] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8736c0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")) returned 0x2f [0128.406] CoTaskMemFree (pv=0x54d6e0) [0128.406] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873620000, lpmodinfo=0x237e3d8, cb=0x18 | out: lpmodinfo=0x237e3d8*(lpBaseOfDll=0x7ff873620000, SizeOfImage=0x94000, EntryPoint=0x7ff873659210)) returned 1 [0128.418] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0128.418] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873620000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="StateRepository.Core.dll") returned 0x18 [0128.429] CoTaskMemFree (pv=0x5537a0) [0128.429] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0128.429] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873620000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")) returned 0x2c [0128.440] CoTaskMemFree (pv=0x551760) [0128.440] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86ab40000, lpmodinfo=0x23805c0, cb=0x18 | out: lpmodinfo=0x23805c0*(lpBaseOfDll=0x7ff86ab40000, SizeOfImage=0x1fe000, EntryPoint=0x7ff86ab416c0)) returned 1 [0128.452] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0128.452] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86ab40000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="BatMeter.dll") returned 0xc [0128.464] CoTaskMemFree (pv=0x54f720) [0128.464] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0128.464] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86ab40000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\BatMeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll")) returned 0x20 [0128.478] CoTaskMemFree (pv=0x550740) [0128.478] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c480000, lpmodinfo=0x2382778, cb=0x18 | out: lpmodinfo=0x2382778*(lpBaseOfDll=0x7ff87c480000, SizeOfImage=0x99000, EntryPoint=0x7ff87c4af4e0)) returned 1 [0128.493] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0128.493] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c480000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="sxs.dll") returned 0x7 [0128.504] CoTaskMemFree (pv=0x54f720) [0128.504] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0128.504] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c480000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0128.515] CoTaskMemFree (pv=0x552780) [0128.515] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87a1a0000, lpmodinfo=0x2384910, cb=0x18 | out: lpmodinfo=0x2384910*(lpBaseOfDll=0x7ff87a1a0000, SizeOfImage=0x4f000, EntryPoint=0x7ff87a1a7ab0)) returned 1 [0128.531] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0128.531] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87a1a0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="InputSwitch.dll") returned 0xf [0128.544] CoTaskMemFree (pv=0x552f90) [0128.544] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0128.544] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87a1a0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\InputSwitch.dll" (normalized: "c:\\windows\\system32\\inputswitch.dll")) returned 0x23 [0128.556] CoTaskMemFree (pv=0x54def0) [0128.556] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff868260000, lpmodinfo=0x2386ac8, cb=0x18 | out: lpmodinfo=0x2386ac8*(lpBaseOfDll=0x7ff868260000, SizeOfImage=0x15a000, EntryPoint=0x7ff868264610)) returned 1 [0128.569] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0128.570] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff868260000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="Windows.UI.Shell.dll") returned 0x14 [0128.581] CoTaskMemFree (pv=0x551f70) [0128.581] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0128.581] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff868260000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.Shell.dll" (normalized: "c:\\windows\\system32\\windows.ui.shell.dll")) returned 0x28 [0128.593] CoTaskMemFree (pv=0x5537a0) [0128.593] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff877bb0000, lpmodinfo=0x2388ca0, cb=0x18 | out: lpmodinfo=0x2388ca0*(lpBaseOfDll=0x7ff877bb0000, SizeOfImage=0x6a000, EntryPoint=0x7ff877bb9d60)) returned 1 [0128.607] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0128.607] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff877bb0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="wincorlib.DLL") returned 0xd [0128.618] CoTaskMemFree (pv=0x5547c0) [0128.618] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0128.618] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff877bb0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wincorlib.DLL" (normalized: "c:\\windows\\system32\\wincorlib.dll")) returned 0x21 [0128.630] CoTaskMemFree (pv=0x551f70) [0128.630] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878580000, lpmodinfo=0x238ae58, cb=0x18 | out: lpmodinfo=0x238ae58*(lpBaseOfDll=0x7ff878580000, SizeOfImage=0x7a000, EntryPoint=0x7ff8785a7630)) returned 1 [0128.642] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0128.642] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878580000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="es.dll") returned 0x6 [0128.654] CoTaskMemFree (pv=0x54e700) [0128.654] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0128.654] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878580000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")) returned 0x1a [0128.666] CoTaskMemFree (pv=0x552780) [0128.666] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8681e0000, lpmodinfo=0x238cff0, cb=0x18 | out: lpmodinfo=0x238cff0*(lpBaseOfDll=0x7ff8681e0000, SizeOfImage=0x7b000, EntryPoint=0x7ff8681e3af0)) returned 1 [0128.679] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0128.679] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8681e0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="prnfldr.dll") returned 0xb [0128.692] CoTaskMemFree (pv=0x54def0) [0128.692] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0128.692] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8681e0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll")) returned 0x1f [0128.704] CoTaskMemFree (pv=0x5547c0) [0128.704] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c1b0000, lpmodinfo=0x238f198, cb=0x18 | out: lpmodinfo=0x238f198*(lpBaseOfDll=0x7ff86c1b0000, SizeOfImage=0x10000, EntryPoint=0x7ff86c1b78e0)) returned 1 [0128.717] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0128.717] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c1b0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="atlthunk.dll") returned 0xc [0128.729] CoTaskMemFree (pv=0x54e700) [0128.729] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0128.729] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c1b0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\atlthunk.dll" (normalized: "c:\\windows\\system32\\atlthunk.dll")) returned 0x20 [0128.741] CoTaskMemFree (pv=0x54ff30) [0128.741] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff868160000, lpmodinfo=0x2391350, cb=0x18 | out: lpmodinfo=0x2391350*(lpBaseOfDll=0x7ff868160000, SizeOfImage=0x79000, EntryPoint=0x7ff8681622d0)) returned 1 [0128.753] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0128.753] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff868160000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="dxp.dll") returned 0x7 [0128.766] CoTaskMemFree (pv=0x54d6e0) [0128.766] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0128.766] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff868160000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dxp.dll" (normalized: "c:\\windows\\system32\\dxp.dll")) returned 0x1b [0128.778] CoTaskMemFree (pv=0x552780) [0128.779] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff868110000, lpmodinfo=0x23934e8, cb=0x18 | out: lpmodinfo=0x23934e8*(lpBaseOfDll=0x7ff868110000, SizeOfImage=0x42000, EntryPoint=0x7ff868112230)) returned 1 [0128.791] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0128.791] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff868110000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="SHDOCVW.dll") returned 0xb [0128.803] CoTaskMemFree (pv=0x54ef10) [0128.803] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0128.803] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff868110000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHDOCVW.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll")) returned 0x1f [0128.816] CoTaskMemFree (pv=0x550740) [0128.816] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c190000, lpmodinfo=0x2395690, cb=0x18 | out: lpmodinfo=0x2395690*(lpBaseOfDll=0x7ff86c190000, SizeOfImage=0x17000, EntryPoint=0x7ff86c192790)) returned 1 [0128.828] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0128.828] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c190000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="Syncreg.dll") returned 0xb [0128.841] CoTaskMemFree (pv=0x54e700) [0128.841] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0128.841] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c190000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll")) returned 0x1f [0128.855] CoTaskMemFree (pv=0x54e700) [0128.855] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8680c0000, lpmodinfo=0x2397838, cb=0x18 | out: lpmodinfo=0x2397838*(lpBaseOfDll=0x7ff8680c0000, SizeOfImage=0x50000, EntryPoint=0x7ff8680cbe50)) returned 1 [0128.867] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0128.867] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8680c0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="Actioncenter.dll") returned 0x10 [0128.881] CoTaskMemFree (pv=0x551f70) [0128.881] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0128.881] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8680c0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Actioncenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll")) returned 0x24 [0128.961] CoTaskMemFree (pv=0x551f70) [0128.961] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8788f0000, lpmodinfo=0x2399a00, cb=0x18 | out: lpmodinfo=0x2399a00*(lpBaseOfDll=0x7ff8788f0000, SizeOfImage=0x64000, EntryPoint=0x7ff878905ae0)) returned 1 [0128.973] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0128.974] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8788f0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0128.986] CoTaskMemFree (pv=0x54def0) [0128.986] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0128.987] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8788f0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0129.000] CoTaskMemFree (pv=0x5547c0) [0129.000] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff867e70000, lpmodinfo=0x239bba8, cb=0x18 | out: lpmodinfo=0x239bba8*(lpBaseOfDll=0x7ff867e70000, SizeOfImage=0x243000, EntryPoint=0x7ff867e736c0)) returned 1 [0129.012] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0129.012] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff867e70000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="authui.dll") returned 0xa [0129.025] CoTaskMemFree (pv=0x550f50) [0129.025] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0129.025] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff867e70000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\authui.dll" (normalized: "c:\\windows\\system32\\authui.dll")) returned 0x1e [0129.037] CoTaskMemFree (pv=0x551760) [0129.037] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff867de0000, lpmodinfo=0x239dd50, cb=0x18 | out: lpmodinfo=0x239dd50*(lpBaseOfDll=0x7ff867de0000, SizeOfImage=0x88000, EntryPoint=0x7ff867df4510)) returned 1 [0129.049] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0129.049] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff867de0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="AUDIOSES.DLL") returned 0xc [0129.083] CoTaskMemFree (pv=0x551f70) [0129.083] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0129.083] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff867de0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\AUDIOSES.DLL" (normalized: "c:\\windows\\system32\\audioses.dll")) returned 0x20 [0129.130] CoTaskMemFree (pv=0x550740) [0129.130] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8670a0000, lpmodinfo=0x239ff08, cb=0x18 | out: lpmodinfo=0x239ff08*(lpBaseOfDll=0x7ff8670a0000, SizeOfImage=0x1c0000, EntryPoint=0x7ff8670a9e40)) returned 1 [0129.142] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0129.142] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8670a0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="pnidui.dll") returned 0xa [0129.178] CoTaskMemFree (pv=0x551760) [0129.178] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0129.178] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8670a0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll")) returned 0x1e [0129.191] CoTaskMemFree (pv=0x54d6e0) [0129.191] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8759e0000, lpmodinfo=0x23a20b0, cb=0x18 | out: lpmodinfo=0x23a20b0*(lpBaseOfDll=0x7ff8759e0000, SizeOfImage=0x23000, EntryPoint=0x7ff8759e99a0)) returned 1 [0129.203] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0129.203] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8759e0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="NetworkStatus.dll") returned 0x11 [0129.261] CoTaskMemFree (pv=0x54d6e0) [0129.261] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0129.261] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8759e0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NetworkStatus.dll" (normalized: "c:\\windows\\system32\\networkstatus.dll")) returned 0x25 [0129.274] CoTaskMemFree (pv=0x54def0) [0129.274] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f3b0000, lpmodinfo=0x23a4278, cb=0x18 | out: lpmodinfo=0x23a4278*(lpBaseOfDll=0x7ff86f3b0000, SizeOfImage=0x79000, EntryPoint=0x7ff86f3b76a0)) returned 1 [0129.288] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0129.288] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f3b0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="NetSetupShim.dll") returned 0x10 [0129.301] CoTaskMemFree (pv=0x5537a0) [0129.301] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0129.301] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f3b0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll")) returned 0x24 [0129.314] CoTaskMemFree (pv=0x54ff30) [0129.314] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f390000, lpmodinfo=0x23a6440, cb=0x18 | out: lpmodinfo=0x23a6440*(lpBaseOfDll=0x7ff86f390000, SizeOfImage=0x1f000, EntryPoint=0x7ff86f3937e0)) returned 1 [0129.347] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0129.347] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f390000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="NetSetupApi.dll") returned 0xf [0129.361] CoTaskMemFree (pv=0x54def0) [0129.361] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0129.361] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f390000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll")) returned 0x23 [0129.399] CoTaskMemFree (pv=0x54e700) [0129.399] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ae10000, lpmodinfo=0x23a85f8, cb=0x18 | out: lpmodinfo=0x23a85f8*(lpBaseOfDll=0x7ff87ae10000, SizeOfImage=0x15000, EntryPoint=0x7ff87ae12850)) returned 1 [0129.413] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0129.413] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ae10000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="wpdshserviceobj.dll") returned 0x13 [0129.426] CoTaskMemFree (pv=0x54e700) [0129.426] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0129.426] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ae10000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wpdshserviceobj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll")) returned 0x27 [0129.457] CoTaskMemFree (pv=0x550740) [0129.457] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff879c50000, lpmodinfo=0x23aa7c0, cb=0x18 | out: lpmodinfo=0x23aa7c0*(lpBaseOfDll=0x7ff879c50000, SizeOfImage=0x33000, EntryPoint=0x7ff879c53800)) returned 1 [0129.470] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0129.470] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff879c50000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="PortableDeviceTypes.dll") returned 0x17 [0129.483] CoTaskMemFree (pv=0x54ff30) [0129.483] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0129.483] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff879c50000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll")) returned 0x2b [0129.507] CoTaskMemFree (pv=0x553fb0) [0129.507] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878180000, lpmodinfo=0x23ac998, cb=0x18 | out: lpmodinfo=0x23ac998*(lpBaseOfDll=0x7ff878180000, SizeOfImage=0xa1000, EntryPoint=0x7ff878183db0)) returned 1 [0129.520] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0129.520] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878180000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="PortableDeviceApi.dll") returned 0x15 [0129.533] CoTaskMemFree (pv=0x552f90) [0129.533] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0129.533] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878180000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll")) returned 0x29 [0129.546] CoTaskMemFree (pv=0x550f50) [0129.546] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff879bb0000, lpmodinfo=0x23aeb70, cb=0x18 | out: lpmodinfo=0x23aeb70*(lpBaseOfDll=0x7ff879bb0000, SizeOfImage=0x40000, EntryPoint=0x7ff879bc3750)) returned 1 [0129.559] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0129.559] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff879bb0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="SettingMonitor.dll") returned 0x12 [0129.574] CoTaskMemFree (pv=0x54e700) [0129.574] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0129.574] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff879bb0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SettingMonitor.dll" (normalized: "c:\\windows\\system32\\settingmonitor.dll")) returned 0x26 [0129.587] CoTaskMemFree (pv=0x551760) [0129.587] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff879ae0000, lpmodinfo=0x23b0d38, cb=0x18 | out: lpmodinfo=0x23b0d38*(lpBaseOfDll=0x7ff879ae0000, SizeOfImage=0xc6000, EntryPoint=0x7ff879ae3ac0)) returned 1 [0129.601] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0129.601] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff879ae0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="cscui.dll") returned 0x9 [0129.614] CoTaskMemFree (pv=0x551f70) [0129.614] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0129.614] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff879ae0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll")) returned 0x1d [0129.627] CoTaskMemFree (pv=0x552f90) [0129.627] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff877dd0000, lpmodinfo=0x23b2ee0, cb=0x18 | out: lpmodinfo=0x23b2ee0*(lpBaseOfDll=0x7ff877dd0000, SizeOfImage=0x51000, EntryPoint=0x7ff877dd25e0)) returned 1 [0129.641] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0129.641] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff877dd0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="cscobj.dll") returned 0xa [0129.654] CoTaskMemFree (pv=0x54d6e0) [0129.654] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0129.654] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff877dd0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll")) returned 0x1e [0129.667] CoTaskMemFree (pv=0x552780) [0129.667] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff877d90000, lpmodinfo=0x23b5088, cb=0x18 | out: lpmodinfo=0x23b5088*(lpBaseOfDll=0x7ff877d90000, SizeOfImage=0x3c000, EntryPoint=0x7ff877d925e0)) returned 1 [0129.680] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0129.680] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff877d90000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="bthprops.cpl") returned 0xc [0129.694] CoTaskMemFree (pv=0x552f90) [0129.694] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0129.695] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff877d90000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl")) returned 0x20 [0129.710] CoTaskMemFree (pv=0x54ef10) [0129.710] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875270000, lpmodinfo=0x23b7240, cb=0x18 | out: lpmodinfo=0x23b7240*(lpBaseOfDll=0x7ff875270000, SizeOfImage=0x16000, EntryPoint=0x7ff8752719f0)) returned 1 [0129.723] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0129.723] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875270000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0129.737] CoTaskMemFree (pv=0x550f50) [0129.737] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0129.737] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875270000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0129.751] CoTaskMemFree (pv=0x54ff30) [0129.751] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875250000, lpmodinfo=0x23b93f8, cb=0x18 | out: lpmodinfo=0x23b93f8*(lpBaseOfDll=0x7ff875250000, SizeOfImage=0x1a000, EntryPoint=0x7ff875252430)) returned 1 [0129.764] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0129.764] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875250000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0129.792] CoTaskMemFree (pv=0x54f720) [0129.792] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0129.792] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875250000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0129.808] CoTaskMemFree (pv=0x54e700) [0129.808] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff877d30000, lpmodinfo=0x23bb5b0, cb=0x18 | out: lpmodinfo=0x23bb5b0*(lpBaseOfDll=0x7ff877d30000, SizeOfImage=0x5d000, EntryPoint=0x7ff877d36c90)) returned 1 [0129.821] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0129.821] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff877d30000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="srchadmin.dll") returned 0xd [0129.871] CoTaskMemFree (pv=0x551f70) [0129.871] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0129.871] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff877d30000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll")) returned 0x21 [0129.885] CoTaskMemFree (pv=0x5537a0) [0129.885] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8727c0000, lpmodinfo=0x23bd768, cb=0x18 | out: lpmodinfo=0x23bd768*(lpBaseOfDll=0x7ff8727c0000, SizeOfImage=0x40000, EntryPoint=0x7ff8727d6c60)) returned 1 [0129.903] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0129.903] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8727c0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0129.916] CoTaskMemFree (pv=0x551760) [0129.916] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0129.916] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8727c0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0129.938] CoTaskMemFree (pv=0x54e700) [0129.938] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff866d50000, lpmodinfo=0x23bf920, cb=0x18 | out: lpmodinfo=0x23bf920*(lpBaseOfDll=0x7ff866d50000, SizeOfImage=0x346000, EntryPoint=0x7ff866d58530)) returned 1 [0129.951] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0129.951] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff866d50000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="SyncCenter.dll") returned 0xe [0129.965] CoTaskMemFree (pv=0x551f70) [0129.965] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0129.965] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff866d50000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll")) returned 0x22 [0130.002] CoTaskMemFree (pv=0x551f70) [0130.002] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff877ca0000, lpmodinfo=0x23c1ad8, cb=0x18 | out: lpmodinfo=0x23c1ad8*(lpBaseOfDll=0x7ff877ca0000, SizeOfImage=0x82000, EntryPoint=0x7ff877ca4ef0)) returned 1 [0130.015] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0130.015] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff877ca0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="imapi2.dll") returned 0xa [0130.047] CoTaskMemFree (pv=0x551760) [0130.047] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0130.047] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff877ca0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll")) returned 0x1e [0130.061] CoTaskMemFree (pv=0x54ff30) [0130.061] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875a40000, lpmodinfo=0x23c3c80, cb=0x18 | out: lpmodinfo=0x23c3c80*(lpBaseOfDll=0x7ff875a40000, SizeOfImage=0xa0000, EntryPoint=0x7ff875a656b0)) returned 1 [0130.075] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0130.075] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875a40000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="hgcpl.dll") returned 0x9 [0130.090] CoTaskMemFree (pv=0x551760) [0130.091] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0130.091] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875a40000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\hgcpl.dll" (normalized: "c:\\windows\\system32\\hgcpl.dll")) returned 0x1d [0130.105] CoTaskMemFree (pv=0x5547c0) [0130.105] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875940000, lpmodinfo=0x23c5e28, cb=0x18 | out: lpmodinfo=0x23c5e28*(lpBaseOfDll=0x7ff875940000, SizeOfImage=0x98000, EntryPoint=0x7ff875963980)) returned 1 [0130.126] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0130.126] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875940000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="DUser.dll") returned 0x9 [0130.140] CoTaskMemFree (pv=0x553fb0) [0130.140] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0130.140] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875940000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DUser.dll" (normalized: "c:\\windows\\system32\\duser.dll")) returned 0x1d [0130.185] CoTaskMemFree (pv=0x553fb0) [0130.185] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff877c20000, lpmodinfo=0x23c7fd0, cb=0x18 | out: lpmodinfo=0x23c7fd0*(lpBaseOfDll=0x7ff877c20000, SizeOfImage=0x77000, EntryPoint=0x7ff877c22af0)) returned 1 [0130.205] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0130.205] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff877c20000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="provsvc.dll") returned 0xb [0130.226] CoTaskMemFree (pv=0x550740) [0130.226] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0130.226] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff877c20000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll")) returned 0x1f [0130.249] CoTaskMemFree (pv=0x54f720) [0130.249] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86b060000, lpmodinfo=0x23ca178, cb=0x18 | out: lpmodinfo=0x23ca178*(lpBaseOfDll=0x7ff86b060000, SizeOfImage=0x48000, EntryPoint=0x7ff86b06a430)) returned 1 [0130.263] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0130.263] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86b060000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="NotificationObjFactory.dll") returned 0x1a [0130.479] CoTaskMemFree (pv=0x5537a0) [0130.479] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0130.479] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86b060000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NotificationObjFactory.dll" (normalized: "c:\\windows\\system32\\notificationobjfactory.dll")) returned 0x2e [0130.494] CoTaskMemFree (pv=0x54d6e0) [0130.494] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff870840000, lpmodinfo=0x23cc360, cb=0x18 | out: lpmodinfo=0x23cc360*(lpBaseOfDll=0x7ff870840000, SizeOfImage=0x1b8000, EntryPoint=0x7ff8708ae630)) returned 1 [0130.516] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0130.516] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff870840000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="urlmon.dll") returned 0xa [0130.582] CoTaskMemFree (pv=0x54d6e0) [0130.582] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0130.582] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff870840000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")) returned 0x1e [0130.597] CoTaskMemFree (pv=0x54ef10) [0130.597] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c340000, lpmodinfo=0x23ce508, cb=0x18 | out: lpmodinfo=0x23ce508*(lpBaseOfDll=0x7ff86c340000, SizeOfImage=0xb4000, EntryPoint=0x7ff86c3553b0)) returned 1 [0130.614] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0130.614] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c340000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="Windows.Internal.Shell.Broker.dll") returned 0x21 [0130.629] CoTaskMemFree (pv=0x54ef10) [0130.629] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0130.629] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c340000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Windows.Internal.Shell.Broker.dll" (normalized: "c:\\windows\\system32\\windows.internal.shell.broker.dll")) returned 0x35 [0130.643] CoTaskMemFree (pv=0x552780) [0130.643] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff60eb50000, lpmodinfo=0x23d0710, cb=0x18 | out: lpmodinfo=0x23d0710*(lpBaseOfDll=0x7ff60eb50000, SizeOfImage=0x7cc000, EntryPoint=0x0)) returned 1 [0130.657] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0130.657] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff60eb50000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="ntoskrnl.exe") returned 0xc [0130.672] CoTaskMemFree (pv=0x54f720) [0130.672] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0130.672] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff60eb50000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntoskrnl.exe" (normalized: "c:\\windows\\system32\\ntoskrnl.exe")) returned 0x20 [0130.688] CoTaskMemFree (pv=0x54d6e0) [0130.688] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875600000, lpmodinfo=0x23d28c8, cb=0x18 | out: lpmodinfo=0x23d28c8*(lpBaseOfDll=0x7ff875600000, SizeOfImage=0xaa000, EntryPoint=0x7ff875637c30)) returned 1 [0130.713] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0130.713] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875600000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="StructuredQuery.dll") returned 0x13 [0130.730] CoTaskMemFree (pv=0x551760) [0130.730] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0130.730] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875600000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StructuredQuery.dll" (normalized: "c:\\windows\\system32\\structuredquery.dll")) returned 0x27 [0130.745] CoTaskMemFree (pv=0x5537a0) [0130.745] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8669d0000, lpmodinfo=0x23d4a90, cb=0x18 | out: lpmodinfo=0x23d4a90*(lpBaseOfDll=0x7ff8669d0000, SizeOfImage=0x1b3000, EntryPoint=0x7ff866a39be0)) returned 1 [0130.760] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0130.760] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8669d0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="DUI70.dll") returned 0x9 [0130.775] CoTaskMemFree (pv=0x551760) [0130.775] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0130.775] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8669d0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DUI70.dll" (normalized: "c:\\windows\\system32\\dui70.dll")) returned 0x1d [0130.789] CoTaskMemFree (pv=0x551760) [0130.789] GetModuleInformation (in: hProcess=0x268, hModule=0x87f0000, lpmodinfo=0x23d6c38, cb=0x18 | out: lpmodinfo=0x23d6c38*(lpBaseOfDll=0x87f0000, SizeOfImage=0x91000, EntryPoint=0x0)) returned 1 [0130.804] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0130.804] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x87f0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="UIRibbonRes.dll") returned 0xf [0130.819] CoTaskMemFree (pv=0x5547c0) [0130.819] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0130.820] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x87f0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\UIRibbonRes.dll" (normalized: "c:\\windows\\system32\\uiribbonres.dll")) returned 0x23 [0130.836] CoTaskMemFree (pv=0x551760) [0130.836] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87adb0000, lpmodinfo=0x23d8df0, cb=0x18 | out: lpmodinfo=0x23d8df0*(lpBaseOfDll=0x7ff87adb0000, SizeOfImage=0x23000, EntryPoint=0x7ff87adb3670)) returned 1 [0130.850] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0130.850] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87adb0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="WINMM.dll") returned 0x9 [0130.872] CoTaskMemFree (pv=0x552f90) [0130.872] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0130.872] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87adb0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINMM.dll" (normalized: "c:\\windows\\system32\\winmm.dll")) returned 0x1d [0130.887] CoTaskMemFree (pv=0x54d6e0) [0130.887] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ad50000, lpmodinfo=0x23daf98, cb=0x18 | out: lpmodinfo=0x23daf98*(lpBaseOfDll=0x7ff87ad50000, SizeOfImage=0x2c000, EntryPoint=0x7ff87ad58210)) returned 1 [0130.902] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0130.902] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ad50000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="WINMMBASE.dll") returned 0xd [0130.919] CoTaskMemFree (pv=0x552780) [0130.919] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0130.919] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ad50000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINMMBASE.dll" (normalized: "c:\\windows\\system32\\winmmbase.dll")) returned 0x21 [0130.935] CoTaskMemFree (pv=0x54ef10) [0130.935] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874540000, lpmodinfo=0x23dd150, cb=0x18 | out: lpmodinfo=0x23dd150*(lpBaseOfDll=0x7ff874540000, SizeOfImage=0x1b000, EntryPoint=0x7ff874541040)) returned 1 [0130.953] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0130.953] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874540000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="MPR.dll") returned 0x7 [0130.968] CoTaskMemFree (pv=0x54def0) [0130.968] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0130.968] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874540000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MPR.dll" (normalized: "c:\\windows\\system32\\mpr.dll")) returned 0x1b [0130.984] CoTaskMemFree (pv=0x552780) [0130.984] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874530000, lpmodinfo=0x23df2e8, cb=0x18 | out: lpmodinfo=0x23df2e8*(lpBaseOfDll=0x7ff874530000, SizeOfImage=0xb000, EntryPoint=0x7ff874531a40)) returned 1 [0131.000] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0131.000] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874530000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="drprov.dll") returned 0xa [0131.016] CoTaskMemFree (pv=0x54def0) [0131.016] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0131.016] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874530000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll")) returned 0x1e [0131.032] CoTaskMemFree (pv=0x553fb0) [0131.032] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874510000, lpmodinfo=0x23e1490, cb=0x18 | out: lpmodinfo=0x23e1490*(lpBaseOfDll=0x7ff874510000, SizeOfImage=0x16000, EntryPoint=0x7ff874513380)) returned 1 [0131.047] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0131.047] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874510000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="ntlanman.dll") returned 0xc [0131.063] CoTaskMemFree (pv=0x550740) [0131.063] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0131.063] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874510000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll")) returned 0x20 [0131.079] CoTaskMemFree (pv=0x553fb0) [0131.079] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8744f0000, lpmodinfo=0x23e3648, cb=0x18 | out: lpmodinfo=0x23e3648*(lpBaseOfDll=0x7ff8744f0000, SizeOfImage=0x20000, EntryPoint=0x7ff8744f1920)) returned 1 [0131.105] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0131.105] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8744f0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="davclnt.dll") returned 0xb [0131.120] CoTaskMemFree (pv=0x54def0) [0131.120] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0131.120] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8744f0000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll")) returned 0x1f [0131.137] CoTaskMemFree (pv=0x54ef10) [0131.137] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8744e0000, lpmodinfo=0x23e57f0, cb=0x18 | out: lpmodinfo=0x23e57f0*(lpBaseOfDll=0x7ff8744e0000, SizeOfImage=0xc000, EntryPoint=0x7ff8744e1860)) returned 1 [0131.162] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0131.162] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8744e0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="DAVHLPR.dll") returned 0xb [0131.179] CoTaskMemFree (pv=0x54d6e0) [0131.179] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0131.179] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8744e0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DAVHLPR.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll")) returned 0x1f [0131.195] CoTaskMemFree (pv=0x54d6e0) [0131.195] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff866210000, lpmodinfo=0x23e7998, cb=0x18 | out: lpmodinfo=0x23e7998*(lpBaseOfDll=0x7ff866210000, SizeOfImage=0x127000, EntryPoint=0x7ff866212130)) returned 1 [0131.227] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0131.227] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff866210000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="NetworkExplorer.dll") returned 0x13 [0131.244] CoTaskMemFree (pv=0x553fb0) [0131.244] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0131.244] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff866210000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NetworkExplorer.dll" (normalized: "c:\\windows\\system32\\networkexplorer.dll")) returned 0x27 [0131.261] CoTaskMemFree (pv=0x5537a0) [0131.261] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff866190000, lpmodinfo=0x23e9b60, cb=0x18 | out: lpmodinfo=0x23e9b60*(lpBaseOfDll=0x7ff866190000, SizeOfImage=0x7f000, EntryPoint=0x7ff8661917d0)) returned 1 [0131.277] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0131.277] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff866190000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="dlnashext.dll") returned 0xd [0131.291] CoTaskMemFree (pv=0x5537a0) [0131.291] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0131.291] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff866190000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dlnashext.dll" (normalized: "c:\\windows\\system32\\dlnashext.dll")) returned 0x21 [0131.307] CoTaskMemFree (pv=0x54ef10) [0131.307] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87adf0000, lpmodinfo=0x23ebd18, cb=0x18 | out: lpmodinfo=0x23ebd18*(lpBaseOfDll=0x7ff87adf0000, SizeOfImage=0x1f000, EntryPoint=0x7ff87ae054a0)) returned 1 [0131.323] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0131.323] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87adf0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="DevDispItemProvider.dll") returned 0x17 [0131.341] CoTaskMemFree (pv=0x54ff30) [0131.341] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0131.341] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87adf0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DevDispItemProvider.dll" (normalized: "c:\\windows\\system32\\devdispitemprovider.dll")) returned 0x2b [0131.359] CoTaskMemFree (pv=0x54d6e0) [0131.359] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873ae0000, lpmodinfo=0x23edef0, cb=0x18 | out: lpmodinfo=0x23edef0*(lpBaseOfDll=0x7ff873ae0000, SizeOfImage=0x1b000, EntryPoint=0x7ff873aeaf40)) returned 1 [0131.396] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0131.396] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873ae0000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="capauthz.dll") returned 0xc [0131.412] CoTaskMemFree (pv=0x553fb0) [0131.412] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0131.412] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873ae0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll")) returned 0x20 [0131.428] CoTaskMemFree (pv=0x54def0) [0131.428] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff867db0000, lpmodinfo=0x23f00a8, cb=0x18 | out: lpmodinfo=0x23f00a8*(lpBaseOfDll=0x7ff867db0000, SizeOfImage=0x2e000, EntryPoint=0x7ff867db6580)) returned 1 [0131.445] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0131.445] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff867db0000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="wscinterop.dll") returned 0xe [0131.461] CoTaskMemFree (pv=0x54ff30) [0131.461] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0131.461] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff867db0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wscinterop.dll" (normalized: "c:\\windows\\system32\\wscinterop.dll")) returned 0x22 [0131.478] CoTaskMemFree (pv=0x5537a0) [0131.478] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87acc0000, lpmodinfo=0x23f2260, cb=0x18 | out: lpmodinfo=0x23f2260*(lpBaseOfDll=0x7ff87acc0000, SizeOfImage=0x35000, EntryPoint=0x7ff87acc3cc0)) returned 1 [0131.494] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0131.494] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87acc0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="WSCAPI.dll") returned 0xa [0131.510] CoTaskMemFree (pv=0x5537a0) [0131.510] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0131.510] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87acc0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WSCAPI.dll" (normalized: "c:\\windows\\system32\\wscapi.dll")) returned 0x1e [0131.527] CoTaskMemFree (pv=0x5547c0) [0131.527] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff867320000, lpmodinfo=0x23f4408, cb=0x18 | out: lpmodinfo=0x23f4408*(lpBaseOfDll=0x7ff867320000, SizeOfImage=0x121000, EntryPoint=0x7ff867321cc0)) returned 1 [0131.543] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0131.543] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff867320000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="wscui.cpl") returned 0x9 [0131.559] CoTaskMemFree (pv=0x553fb0) [0131.559] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0131.559] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff867320000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl")) returned 0x1d [0131.576] CoTaskMemFree (pv=0x552780) [0131.576] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff870e10000, lpmodinfo=0x23f65b0, cb=0x18 | out: lpmodinfo=0x23f65b0*(lpBaseOfDll=0x7ff870e10000, SizeOfImage=0x1a9000, EntryPoint=0x7ff870e64060)) returned 1 [0131.593] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0131.593] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff870e10000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0131.608] CoTaskMemFree (pv=0x550740) [0131.609] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0131.609] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff870e10000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll")) returned 0x70 [0131.624] CoTaskMemFree (pv=0x54ef10) [0131.624] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff866040000, lpmodinfo=0x23f8800, cb=0x18 | out: lpmodinfo=0x23f8800*(lpBaseOfDll=0x7ff866040000, SizeOfImage=0x141000, EntryPoint=0x7ff866045f70)) returned 1 [0131.642] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0131.642] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff866040000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="werconcpl.dll") returned 0xd [0131.658] CoTaskMemFree (pv=0x54ff30) [0131.658] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0131.658] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff866040000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\werconcpl.dll" (normalized: "c:\\windows\\system32\\werconcpl.dll")) returned 0x21 [0131.674] CoTaskMemFree (pv=0x551760) [0131.674] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8755b0000, lpmodinfo=0x23fa9b8, cb=0x18 | out: lpmodinfo=0x23fa9b8*(lpBaseOfDll=0x7ff8755b0000, SizeOfImage=0x4e000, EntryPoint=0x7ff8755c1ce0)) returned 1 [0131.690] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0131.690] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8755b0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="framedynos.dll") returned 0xe [0131.707] CoTaskMemFree (pv=0x551f70) [0131.707] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0131.708] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8755b0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")) returned 0x22 [0131.724] CoTaskMemFree (pv=0x54def0) [0131.724] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874c00000, lpmodinfo=0x23fcb70, cb=0x18 | out: lpmodinfo=0x23fcb70*(lpBaseOfDll=0x7ff874c00000, SizeOfImage=0xa0000, EntryPoint=0x7ff874c70910)) returned 1 [0131.739] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0131.739] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874c00000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="wer.dll") returned 0x7 [0131.756] CoTaskMemFree (pv=0x54def0) [0131.756] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0131.756] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874c00000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")) returned 0x1b [0131.772] CoTaskMemFree (pv=0x552f90) [0131.772] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874a70000, lpmodinfo=0x23fed08, cb=0x18 | out: lpmodinfo=0x23fed08*(lpBaseOfDll=0x7ff874a70000, SizeOfImage=0x14000, EntryPoint=0x7ff874a750c0)) returned 1 [0131.789] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0131.789] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874a70000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="hcproviders.dll") returned 0xf [0131.806] CoTaskMemFree (pv=0x54ef10) [0131.806] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0131.806] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874a70000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\hcproviders.dll" (normalized: "c:\\windows\\system32\\hcproviders.dll")) returned 0x23 [0131.825] CoTaskMemFree (pv=0x54def0) [0131.825] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff865970000, lpmodinfo=0x2400ec0, cb=0x18 | out: lpmodinfo=0x2400ec0*(lpBaseOfDll=0x7ff865970000, SizeOfImage=0xac000, EntryPoint=0x7ff8659759c0)) returned 1 [0131.843] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0131.843] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff865970000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="ieproxy.dll") returned 0xb [0131.865] CoTaskMemFree (pv=0x552780) [0131.865] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0131.865] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff865970000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ieproxy.dll" (normalized: "c:\\windows\\system32\\ieproxy.dll")) returned 0x1f [0131.881] CoTaskMemFree (pv=0x552780) [0131.881] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f070000, lpmodinfo=0x2403068, cb=0x18 | out: lpmodinfo=0x2403068*(lpBaseOfDll=0x7ff86f070000, SizeOfImage=0x10000, EntryPoint=0x7ff86f073d50)) returned 1 [0131.898] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0131.898] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f070000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="pcacli.dll") returned 0xa [0131.914] CoTaskMemFree (pv=0x551f70) [0131.914] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0131.914] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f070000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\pcacli.dll" (normalized: "c:\\windows\\system32\\pcacli.dll")) returned 0x1e [0131.931] CoTaskMemFree (pv=0x54ef10) [0131.931] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8779f0000, lpmodinfo=0x2405210, cb=0x18 | out: lpmodinfo=0x2405210*(lpBaseOfDll=0x7ff8779f0000, SizeOfImage=0xa9000, EntryPoint=0x7ff877a19010)) returned 1 [0131.948] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0131.948] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8779f0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="Windows.UI.dll") returned 0xe [0131.965] CoTaskMemFree (pv=0x54f720) [0131.965] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0131.965] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8779f0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll")) returned 0x22 [0131.982] CoTaskMemFree (pv=0x550740) [0131.982] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff861830000, lpmodinfo=0x24073c8, cb=0x18 | out: lpmodinfo=0x24073c8*(lpBaseOfDll=0x7ff861830000, SizeOfImage=0x50000, EntryPoint=0x7ff861861220)) returned 1 [0131.998] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0131.998] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff861830000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="Windows.System.Launcher.dll") returned 0x1b [0132.017] CoTaskMemFree (pv=0x54e700) [0132.017] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0132.017] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff861830000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.System.Launcher.dll" (normalized: "c:\\windows\\system32\\windows.system.launcher.dll")) returned 0x2f [0132.037] CoTaskMemFree (pv=0x54ef10) [0132.037] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873e20000, lpmodinfo=0x24095b0, cb=0x18 | out: lpmodinfo=0x24095b0*(lpBaseOfDll=0x7ff873e20000, SizeOfImage=0x9000, EntryPoint=0x7ff873e21480)) returned 1 [0132.057] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0132.057] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873e20000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="WpPortingLibrary.dll") returned 0x14 [0132.074] CoTaskMemFree (pv=0x54f720) [0132.074] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0132.074] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873e20000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll")) returned 0x28 [0132.091] CoTaskMemFree (pv=0x54ff30) [0132.091] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ae30000, lpmodinfo=0x240b788, cb=0x18 | out: lpmodinfo=0x240b788*(lpBaseOfDll=0x7ff87ae30000, SizeOfImage=0xc000, EntryPoint=0x7ff87ae31470)) returned 1 [0132.108] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0132.108] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ae30000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="dsclient.dll") returned 0xc [0132.125] CoTaskMemFree (pv=0x552780) [0132.125] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0132.125] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ae30000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dsclient.dll" (normalized: "c:\\windows\\system32\\dsclient.dll")) returned 0x20 [0132.141] CoTaskMemFree (pv=0x54f720) [0132.141] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8642b0000, lpmodinfo=0x240d940, cb=0x18 | out: lpmodinfo=0x240d940*(lpBaseOfDll=0x7ff8642b0000, SizeOfImage=0xccd000, EntryPoint=0x7ff8643fe880)) returned 1 [0132.160] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0132.160] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8642b0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="ieframe.dll") returned 0xb [0132.176] CoTaskMemFree (pv=0x552f90) [0132.176] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0132.176] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8642b0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll")) returned 0x1f [0132.194] CoTaskMemFree (pv=0x54d6e0) [0132.194] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff870dc0000, lpmodinfo=0x240fae8, cb=0x18 | out: lpmodinfo=0x240fae8*(lpBaseOfDll=0x7ff870dc0000, SizeOfImage=0xc000, EntryPoint=0x7ff870dc35c0)) returned 1 [0132.210] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0132.210] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff870dc0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="Secur32.dll") returned 0xb [0132.240] CoTaskMemFree (pv=0x54def0) [0132.240] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0132.240] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff870dc0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0132.258] CoTaskMemFree (pv=0x551f70) [0132.258] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c2e0000, lpmodinfo=0x2411c90, cb=0x18 | out: lpmodinfo=0x2411c90*(lpBaseOfDll=0x7ff86c2e0000, SizeOfImage=0x3e000, EntryPoint=0x7ff86c2e9650)) returned 1 [0132.279] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0132.279] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c2e0000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="MLANG.dll") returned 0x9 [0132.295] CoTaskMemFree (pv=0x550f50) [0132.295] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0132.295] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c2e0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MLANG.dll" (normalized: "c:\\windows\\system32\\mlang.dll")) returned 0x1d [0132.321] CoTaskMemFree (pv=0x551f70) [0132.321] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff867cf0000, lpmodinfo=0x2413e38, cb=0x18 | out: lpmodinfo=0x2413e38*(lpBaseOfDll=0x7ff867cf0000, SizeOfImage=0x9000, EntryPoint=0x7ff867cf1b60)) returned 1 [0132.338] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0132.338] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff867cf0000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="IconCodecService.dll") returned 0x14 [0132.357] CoTaskMemFree (pv=0x550740) [0132.357] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0132.357] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff867cf0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IconCodecService.dll" (normalized: "c:\\windows\\system32\\iconcodecservice.dll")) returned 0x28 [0132.385] CoTaskMemFree (pv=0x551f70) [0132.386] CloseHandle (hObject=0x268) returned 1 [0132.386] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0132.386] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x878) returned 0x268 [0132.386] EnumProcessModules (in: hProcess=0x268, lphModule=0x241aca8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x241aca8, lpcbNeeded=0x14ef68) returned 1 [0132.393] EnumProcessModules (in: hProcess=0x268, lphModule=0x241aec0, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x241aec0, lpcbNeeded=0x14ef68) returned 1 [0132.404] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff629050000, lpmodinfo=0x241b330, cb=0x18 | out: lpmodinfo=0x241b330*(lpBaseOfDll=0x7ff629050000, SizeOfImage=0x17000, EntryPoint=0x7ff6290544f0)) returned 1 [0132.404] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0132.404] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff629050000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="RuntimeBroker.exe") returned 0x11 [0132.405] CoTaskMemFree (pv=0x54ff30) [0132.405] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0132.405] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff629050000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RuntimeBroker.exe" (normalized: "c:\\windows\\system32\\runtimebroker.exe")) returned 0x25 [0132.405] CoTaskMemFree (pv=0x553fb0) [0132.405] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpmodinfo=0x241d530, cb=0x18 | out: lpmodinfo=0x241d530*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0132.406] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0132.406] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0132.406] CoTaskMemFree (pv=0x551f70) [0132.406] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0132.406] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ffa0000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0132.407] CoTaskMemFree (pv=0x550f50) [0132.407] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f640000, lpmodinfo=0x241f6d8, cb=0x18 | out: lpmodinfo=0x241f6d8*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0132.407] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0132.407] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f640000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0132.408] CoTaskMemFree (pv=0x553fb0) [0132.408] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0132.408] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f640000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0132.408] CoTaskMemFree (pv=0x551f70) [0132.408] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ce40000, lpmodinfo=0x2421890, cb=0x18 | out: lpmodinfo=0x2421890*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0132.409] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0132.409] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ce40000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0132.409] CoTaskMemFree (pv=0x550740) [0132.409] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0132.410] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ce40000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0132.410] CoTaskMemFree (pv=0x552780) [0132.410] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fde0000, lpmodinfo=0x2423a48, cb=0x18 | out: lpmodinfo=0x2423a48*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0132.411] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0132.411] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fde0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0132.412] CoTaskMemFree (pv=0x54f720) [0132.412] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0132.412] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fde0000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0132.412] CoTaskMemFree (pv=0x553fb0) [0132.412] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fe80000, lpmodinfo=0x2425c48, cb=0x18 | out: lpmodinfo=0x2425c48*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0132.413] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0132.413] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fe80000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0132.414] CoTaskMemFree (pv=0x54def0) [0132.414] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0132.414] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fe80000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0132.415] CoTaskMemFree (pv=0x551760) [0132.415] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f6f0000, lpmodinfo=0x2427df0, cb=0x18 | out: lpmodinfo=0x2427df0*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0132.416] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0132.416] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f6f0000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0132.417] CoTaskMemFree (pv=0x5537a0) [0132.417] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0132.417] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f6f0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0132.418] CoTaskMemFree (pv=0x551f70) [0132.418] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d030000, lpmodinfo=0x2429f98, cb=0x18 | out: lpmodinfo=0x2429f98*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0132.419] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0132.419] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d030000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0132.419] CoTaskMemFree (pv=0x551760) [0132.420] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0132.420] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d030000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0132.421] CoTaskMemFree (pv=0x550f50) [0132.421] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c5f0000, lpmodinfo=0x242c170, cb=0x18 | out: lpmodinfo=0x242c170*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0132.422] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0132.422] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c5f0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0132.423] CoTaskMemFree (pv=0x54def0) [0132.423] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0132.423] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c5f0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0132.424] CoTaskMemFree (pv=0x54f720) [0132.424] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c640000, lpmodinfo=0x242e3c0, cb=0x18 | out: lpmodinfo=0x242e3c0*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0132.425] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0132.425] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c640000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0132.426] CoTaskMemFree (pv=0x54d6e0) [0132.426] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0132.426] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c640000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0132.428] CoTaskMemFree (pv=0x54ff30) [0132.428] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d3a0000, lpmodinfo=0x2430588, cb=0x18 | out: lpmodinfo=0x2430588*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0132.429] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0132.429] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d3a0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0132.430] CoTaskMemFree (pv=0x551760) [0132.430] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0132.430] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d3a0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0132.431] CoTaskMemFree (pv=0x54def0) [0132.431] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f970000, lpmodinfo=0x2432730, cb=0x18 | out: lpmodinfo=0x2432730*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0132.432] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0132.432] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f970000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0132.433] CoTaskMemFree (pv=0x54f720) [0132.433] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0132.433] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f970000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0132.435] CoTaskMemFree (pv=0x54def0) [0132.435] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f3e0000, lpmodinfo=0x24348d8, cb=0x18 | out: lpmodinfo=0x24348d8*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0132.436] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0132.436] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f3e0000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0132.437] CoTaskMemFree (pv=0x54ef10) [0132.437] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0132.438] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f3e0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0132.444] CoTaskMemFree (pv=0x54d6e0) [0132.444] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ed60000, lpmodinfo=0x2436a80, cb=0x18 | out: lpmodinfo=0x2436a80*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0132.445] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0132.445] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ed60000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0132.447] CoTaskMemFree (pv=0x550740) [0132.447] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0132.447] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ed60000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0132.448] CoTaskMemFree (pv=0x54e700) [0132.448] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d4f0000, lpmodinfo=0x2438c28, cb=0x18 | out: lpmodinfo=0x2438c28*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0132.449] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0132.449] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d4f0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0132.451] CoTaskMemFree (pv=0x5547c0) [0132.451] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0132.451] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d4f0000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0132.453] CoTaskMemFree (pv=0x54f720) [0132.453] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87f9d0000, lpmodinfo=0x243add0, cb=0x18 | out: lpmodinfo=0x243add0*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0132.454] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0132.454] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87f9d0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0132.456] CoTaskMemFree (pv=0x54def0) [0132.456] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0132.456] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87f9d0000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0132.458] CoTaskMemFree (pv=0x5537a0) [0132.458] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fa80000, lpmodinfo=0x243cf78, cb=0x18 | out: lpmodinfo=0x243cf78*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0132.459] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0132.459] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fa80000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0132.461] CoTaskMemFree (pv=0x54def0) [0132.461] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0132.461] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fa80000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0132.463] CoTaskMemFree (pv=0x550740) [0132.463] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c650000, lpmodinfo=0x243f248, cb=0x18 | out: lpmodinfo=0x243f248*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0132.465] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0132.465] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c650000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0132.467] CoTaskMemFree (pv=0x5537a0) [0132.467] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0132.467] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c650000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0132.468] CoTaskMemFree (pv=0x552f90) [0132.469] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c450000, lpmodinfo=0x24413f0, cb=0x18 | out: lpmodinfo=0x24413f0*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0132.470] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0132.470] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c450000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0132.472] CoTaskMemFree (pv=0x54ff30) [0132.472] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0132.472] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c450000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0132.474] CoTaskMemFree (pv=0x5547c0) [0132.474] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff876870000, lpmodinfo=0x2443598, cb=0x18 | out: lpmodinfo=0x2443598*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0132.476] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0132.476] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff876870000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0132.482] CoTaskMemFree (pv=0x54d6e0) [0132.482] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0132.482] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff876870000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0132.484] CoTaskMemFree (pv=0x54f720) [0132.484] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff879c90000, lpmodinfo=0x2445750, cb=0x18 | out: lpmodinfo=0x2445750*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0132.486] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0132.486] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff879c90000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0132.488] CoTaskMemFree (pv=0x54f720) [0132.488] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0132.488] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff879c90000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0132.490] CoTaskMemFree (pv=0x5547c0) [0132.490] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fd30000, lpmodinfo=0x2447908, cb=0x18 | out: lpmodinfo=0x2447908*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0132.492] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0132.492] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fd30000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0132.494] CoTaskMemFree (pv=0x5547c0) [0132.494] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0132.494] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fd30000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0132.496] CoTaskMemFree (pv=0x54ef10) [0132.496] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873560000, lpmodinfo=0x2449ac0, cb=0x18 | out: lpmodinfo=0x2449ac0*(lpBaseOfDll=0x7ff873560000, SizeOfImage=0xb2000, EntryPoint=0x7ff87357f750)) returned 1 [0132.498] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0132.498] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873560000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="Windows.Security.Authentication.OnlineId.dll") returned 0x2c [0132.500] CoTaskMemFree (pv=0x54d6e0) [0132.500] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0132.500] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873560000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll" (normalized: "c:\\windows\\system32\\windows.security.authentication.onlineid.dll")) returned 0x40 [0132.503] CoTaskMemFree (pv=0x550f50) [0132.503] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff876320000, lpmodinfo=0x244bcf8, cb=0x18 | out: lpmodinfo=0x244bcf8*(lpBaseOfDll=0x7ff876320000, SizeOfImage=0x1bd000, EntryPoint=0x7ff87634af90)) returned 1 [0132.504] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0132.504] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff876320000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="Windows.UI.Immersive.dll") returned 0x18 [0132.506] CoTaskMemFree (pv=0x54e700) [0132.507] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0132.507] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff876320000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\system32\\windows.ui.immersive.dll")) returned 0x2c [0132.509] CoTaskMemFree (pv=0x5537a0) [0132.509] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b0e0000, lpmodinfo=0x244dee0, cb=0x18 | out: lpmodinfo=0x244dee0*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0132.511] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0132.511] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b0e0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0132.514] CoTaskMemFree (pv=0x54def0) [0132.514] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0132.514] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b0e0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0132.518] CoTaskMemFree (pv=0x551f70) [0132.519] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87af40000, lpmodinfo=0x24500a8, cb=0x18 | out: lpmodinfo=0x24500a8*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0132.521] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0132.521] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87af40000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="UxTheme.dll") returned 0xb [0132.523] CoTaskMemFree (pv=0x550740) [0132.523] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0132.523] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87af40000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\UxTheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0132.526] CoTaskMemFree (pv=0x5547c0) [0132.526] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86a070000, lpmodinfo=0x2452250, cb=0x18 | out: lpmodinfo=0x2452250*(lpBaseOfDll=0x7ff86a070000, SizeOfImage=0x53000, EntryPoint=0x7ff86a0a3590)) returned 1 [0132.528] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0132.528] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86a070000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="windows.cortana.onecore.dll") returned 0x1b [0132.531] CoTaskMemFree (pv=0x552f90) [0132.531] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0132.531] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86a070000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.cortana.onecore.dll" (normalized: "c:\\windows\\system32\\windows.cortana.onecore.dll")) returned 0x2f [0132.533] CoTaskMemFree (pv=0x550f50) [0132.533] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c760000, lpmodinfo=0x2454438, cb=0x18 | out: lpmodinfo=0x2454438*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0132.535] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0132.535] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c760000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="Windows.Storage.dll") returned 0x13 [0132.538] CoTaskMemFree (pv=0x550f50) [0132.538] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0132.538] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c760000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Windows.Storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0132.541] CoTaskMemFree (pv=0x552780) [0132.541] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c710000, lpmodinfo=0x2456600, cb=0x18 | out: lpmodinfo=0x2456600*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0132.543] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0132.543] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c710000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0132.546] CoTaskMemFree (pv=0x5537a0) [0132.547] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0132.547] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c710000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0132.550] CoTaskMemFree (pv=0x550f50) [0132.550] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87fb50000, lpmodinfo=0x24587b8, cb=0x18 | out: lpmodinfo=0x24587b8*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0132.552] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0132.552] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87fb50000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0132.558] CoTaskMemFree (pv=0x54ef10) [0132.558] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0132.558] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87fb50000, lpFilename=0x54f720, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0132.561] CoTaskMemFree (pv=0x54f720) [0132.561] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c5d0000, lpmodinfo=0x245a960, cb=0x18 | out: lpmodinfo=0x245a960*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0132.563] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0132.564] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c5d0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0132.566] CoTaskMemFree (pv=0x552f90) [0132.566] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0132.567] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c5d0000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0132.570] CoTaskMemFree (pv=0x5547c0) [0132.570] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c320000, lpmodinfo=0x245cb08, cb=0x18 | out: lpmodinfo=0x245cb08*(lpBaseOfDll=0x7ff86c320000, SizeOfImage=0x1f000, EntryPoint=0x7ff86c321500)) returned 1 [0132.573] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0132.573] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c320000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="Windows.Cortana.ProxyStub.dll") returned 0x1d [0132.576] CoTaskMemFree (pv=0x551760) [0132.576] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0132.576] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c320000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Cortana.ProxyStub.dll" (normalized: "c:\\windows\\system32\\windows.cortana.proxystub.dll")) returned 0x31 [0132.579] CoTaskMemFree (pv=0x54def0) [0132.579] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d650000, lpmodinfo=0x245ed00, cb=0x18 | out: lpmodinfo=0x245ed00*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0132.587] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0132.587] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d650000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0132.590] CoTaskMemFree (pv=0x54f720) [0132.590] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0132.590] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d650000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0132.593] CoTaskMemFree (pv=0x551f70) [0132.593] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873f90000, lpmodinfo=0x24610c0, cb=0x18 | out: lpmodinfo=0x24610c0*(lpBaseOfDll=0x7ff873f90000, SizeOfImage=0x44000, EntryPoint=0x7ff873f9c010)) returned 1 [0132.609] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0132.609] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873f90000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="execmodelclient.dll") returned 0x13 [0132.612] CoTaskMemFree (pv=0x5537a0) [0132.612] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0132.612] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873f90000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\execmodelclient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")) returned 0x27 [0132.615] CoTaskMemFree (pv=0x54ff30) [0132.615] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87a5e0000, lpmodinfo=0x2463288, cb=0x18 | out: lpmodinfo=0x2463288*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0132.618] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0132.618] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87a5e0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="CoreMessaging.dll") returned 0x11 [0132.621] CoTaskMemFree (pv=0x551760) [0132.621] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0132.621] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87a5e0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0132.624] CoTaskMemFree (pv=0x54ff30) [0132.624] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8764e0000, lpmodinfo=0x2465450, cb=0x18 | out: lpmodinfo=0x2465450*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0132.627] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0132.627] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8764e0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0132.631] CoTaskMemFree (pv=0x54d6e0) [0132.631] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0132.631] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8764e0000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0132.634] CoTaskMemFree (pv=0x551760) [0132.634] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bd20000, lpmodinfo=0x2467608, cb=0x18 | out: lpmodinfo=0x2467608*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0132.637] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0132.637] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bd20000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0132.640] CoTaskMemFree (pv=0x54f720) [0132.640] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0132.640] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bd20000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0132.646] CoTaskMemFree (pv=0x550f50) [0132.646] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86d200000, lpmodinfo=0x24697b0, cb=0x18 | out: lpmodinfo=0x24697b0*(lpBaseOfDll=0x7ff86d200000, SizeOfImage=0x15000, EntryPoint=0x7ff86d205740)) returned 1 [0132.649] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0132.649] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86d200000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="profext.dll") returned 0xb [0132.652] CoTaskMemFree (pv=0x54def0) [0132.652] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0132.652] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86d200000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll")) returned 0x1f [0132.656] CoTaskMemFree (pv=0x54e700) [0132.656] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bab0000, lpmodinfo=0x246b958, cb=0x18 | out: lpmodinfo=0x246b958*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0132.659] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0132.659] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bab0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0132.662] CoTaskMemFree (pv=0x5547c0) [0132.662] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0132.662] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bab0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0132.666] CoTaskMemFree (pv=0x54ff30) [0132.666] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878330000, lpmodinfo=0x246db00, cb=0x18 | out: lpmodinfo=0x246db00*(lpBaseOfDll=0x7ff878330000, SizeOfImage=0xae000, EntryPoint=0x7ff8783480c0)) returned 1 [0132.670] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0132.670] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878330000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="Windows.Networking.Connectivity.dll") returned 0x23 [0132.674] CoTaskMemFree (pv=0x54ef10) [0132.674] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0132.674] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878330000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")) returned 0x37 [0132.677] CoTaskMemFree (pv=0x550740) [0132.677] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875480000, lpmodinfo=0x246fd08, cb=0x18 | out: lpmodinfo=0x246fd08*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0132.682] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0132.682] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875480000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0132.686] CoTaskMemFree (pv=0x5537a0) [0132.686] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0132.686] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875480000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0132.689] CoTaskMemFree (pv=0x552f90) [0132.689] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87efa0000, lpmodinfo=0x2471ec0, cb=0x18 | out: lpmodinfo=0x2471ec0*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0132.693] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0132.693] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87efa0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0132.697] CoTaskMemFree (pv=0x551f70) [0132.697] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0132.697] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87efa0000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0132.700] CoTaskMemFree (pv=0x54ff30) [0132.700] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8727c0000, lpmodinfo=0x2474058, cb=0x18 | out: lpmodinfo=0x2474058*(lpBaseOfDll=0x7ff8727c0000, SizeOfImage=0x40000, EntryPoint=0x7ff8727d6c60)) returned 1 [0132.704] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0132.704] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8727c0000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0132.707] CoTaskMemFree (pv=0x54def0) [0132.707] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0132.707] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8727c0000, lpFilename=0x552f90, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0132.712] CoTaskMemFree (pv=0x552f90) [0132.712] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff874a90000, lpmodinfo=0x2476210, cb=0x18 | out: lpmodinfo=0x2476210*(lpBaseOfDll=0x7ff874a90000, SizeOfImage=0xe000, EntryPoint=0x7ff874a91460)) returned 1 [0132.720] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0132.720] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff874a90000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0132.724] CoTaskMemFree (pv=0x54f720) [0132.724] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0132.724] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff874a90000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0132.728] CoTaskMemFree (pv=0x54ff30) [0132.728] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c480000, lpmodinfo=0x24783c8, cb=0x18 | out: lpmodinfo=0x24783c8*(lpBaseOfDll=0x7ff87c480000, SizeOfImage=0x99000, EntryPoint=0x7ff87c4af4e0)) returned 1 [0132.732] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0132.732] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c480000, lpBaseName=0x553fb0, nSize=0x800 | out: lpBaseName="sxs.dll") returned 0x7 [0132.736] CoTaskMemFree (pv=0x553fb0) [0132.736] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0132.736] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c480000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0132.739] CoTaskMemFree (pv=0x553fb0) [0132.739] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878bf0000, lpmodinfo=0x247a560, cb=0x18 | out: lpmodinfo=0x247a560*(lpBaseOfDll=0x7ff878bf0000, SizeOfImage=0x61000, EntryPoint=0x7ff878bf4b50)) returned 1 [0132.743] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0132.743] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878bf0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="wlanapi.dll") returned 0xb [0132.747] CoTaskMemFree (pv=0x551f70) [0132.747] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0132.747] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878bf0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")) returned 0x1f [0132.752] CoTaskMemFree (pv=0x552780) [0132.752] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86d310000, lpmodinfo=0x247c708, cb=0x18 | out: lpmodinfo=0x247c708*(lpBaseOfDll=0x7ff86d310000, SizeOfImage=0x16000, EntryPoint=0x7ff86d311d50)) returned 1 [0132.756] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0132.756] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86d310000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="wwapi.dll") returned 0x9 [0132.760] CoTaskMemFree (pv=0x551f70) [0132.760] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0132.760] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86d310000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll")) returned 0x1d [0132.764] CoTaskMemFree (pv=0x550f50) [0132.764] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bf40000, lpmodinfo=0x247e8b0, cb=0x18 | out: lpmodinfo=0x247e8b0*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0132.768] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0132.768] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bf40000, lpBaseName=0x552780, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0132.774] CoTaskMemFree (pv=0x552780) [0132.774] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0132.774] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bf40000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0132.778] CoTaskMemFree (pv=0x550f50) [0132.778] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87bbd0000, lpmodinfo=0x2480a58, cb=0x18 | out: lpmodinfo=0x2480a58*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0132.782] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0132.782] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87bbd0000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0132.786] CoTaskMemFree (pv=0x552f90) [0132.786] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0132.786] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87bbd0000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0132.795] CoTaskMemFree (pv=0x54e700) [0132.795] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c060000, lpmodinfo=0x2482c00, cb=0x18 | out: lpmodinfo=0x2482c00*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0132.799] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0132.799] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c060000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0132.804] CoTaskMemFree (pv=0x54d6e0) [0132.804] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0132.804] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c060000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0132.808] CoTaskMemFree (pv=0x54ef10) [0132.808] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86c400000, lpmodinfo=0x2484db8, cb=0x18 | out: lpmodinfo=0x2484db8*(lpBaseOfDll=0x7ff86c400000, SizeOfImage=0x22000, EntryPoint=0x7ff86c402580)) returned 1 [0132.813] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0132.813] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86c400000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="wcmapi.dll") returned 0xa [0132.819] CoTaskMemFree (pv=0x552f90) [0132.819] CoTaskMemAlloc (cb=0x804) returned 0x553fb0 [0132.819] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86c400000, lpFilename=0x553fb0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wcmapi.dll" (normalized: "c:\\windows\\system32\\wcmapi.dll")) returned 0x1e [0132.824] CoTaskMemFree (pv=0x553fb0) [0132.825] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b380000, lpmodinfo=0x2486f60, cb=0x18 | out: lpmodinfo=0x2486f60*(lpBaseOfDll=0x7ff87b380000, SizeOfImage=0x2a000, EntryPoint=0x7ff87b388b90)) returned 1 [0132.830] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0132.830] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b380000, lpBaseName=0x550740, nSize=0x800 | out: lpBaseName="RMCLIENT.dll") returned 0xc [0132.850] CoTaskMemFree (pv=0x550740) [0132.850] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0132.851] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b380000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RMCLIENT.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")) returned 0x20 [0132.855] CoTaskMemFree (pv=0x550f50) [0132.855] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86f220000, lpmodinfo=0x2489118, cb=0x18 | out: lpmodinfo=0x2489118*(lpBaseOfDll=0x7ff86f220000, SizeOfImage=0x17000, EntryPoint=0x7ff86f226620)) returned 1 [0132.860] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0132.860] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86f220000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="msauserext.dll") returned 0xe [0132.864] CoTaskMemFree (pv=0x551760) [0132.864] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0132.864] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86f220000, lpFilename=0x550f50, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msauserext.dll" (normalized: "c:\\windows\\system32\\msauserext.dll")) returned 0x22 [0132.869] CoTaskMemFree (pv=0x550f50) [0132.869] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ae40000, lpmodinfo=0x248b2d0, cb=0x18 | out: lpmodinfo=0x248b2d0*(lpBaseOfDll=0x7ff87ae40000, SizeOfImage=0x2c000, EntryPoint=0x7ff87ae41d20)) returned 1 [0132.875] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0132.875] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ae40000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="AuthBroker.dll") returned 0xe [0132.879] CoTaskMemFree (pv=0x54ff30) [0132.879] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0132.879] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ae40000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\AuthBroker.dll" (normalized: "c:\\windows\\system32\\authbroker.dll")) returned 0x22 [0132.903] CoTaskMemFree (pv=0x550740) [0132.903] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875230000, lpmodinfo=0x248d488, cb=0x18 | out: lpmodinfo=0x248d488*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff875231b60)) returned 1 [0132.925] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0132.925] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875230000, lpBaseName=0x54ff30, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0132.930] CoTaskMemFree (pv=0x54ff30) [0132.930] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0132.930] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875230000, lpFilename=0x54ef10, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0132.935] CoTaskMemFree (pv=0x54ef10) [0132.935] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87b9d0000, lpmodinfo=0x248f630, cb=0x18 | out: lpmodinfo=0x248f630*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0132.939] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0132.939] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87b9d0000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0132.944] CoTaskMemFree (pv=0x551760) [0132.944] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0132.944] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87b9d0000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0132.949] CoTaskMemFree (pv=0x54d6e0) [0132.949] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878b20000, lpmodinfo=0x24917e8, cb=0x18 | out: lpmodinfo=0x24917e8*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0132.962] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0132.962] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878b20000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="WINHTTP.dll") returned 0xb [0132.968] CoTaskMemFree (pv=0x5537a0) [0132.968] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0132.968] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878b20000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINHTTP.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0132.973] CoTaskMemFree (pv=0x551760) [0132.973] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86d2d0000, lpmodinfo=0x2493990, cb=0x18 | out: lpmodinfo=0x2493990*(lpBaseOfDll=0x7ff86d2d0000, SizeOfImage=0x36000, EntryPoint=0x7ff86d2d27f0)) returned 1 [0132.978] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0132.978] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86d2d0000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="Windows.Networking.HostName.dll") returned 0x1f [0132.984] CoTaskMemFree (pv=0x54f720) [0132.984] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0132.984] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86d2d0000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll")) returned 0x33 [0132.989] CoTaskMemFree (pv=0x550740) [0132.989] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ab10000, lpmodinfo=0x2495b88, cb=0x18 | out: lpmodinfo=0x2495b88*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0132.997] CoTaskMemAlloc (cb=0x804) returned 0x54f720 [0132.999] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ab10000, lpBaseName=0x54f720, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0133.004] CoTaskMemFree (pv=0x54f720) [0133.004] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0133.005] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ab10000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0133.009] CoTaskMemFree (pv=0x552780) [0133.009] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875600000, lpmodinfo=0x22a74b0, cb=0x18 | out: lpmodinfo=0x22a74b0*(lpBaseOfDll=0x7ff875600000, SizeOfImage=0xaa000, EntryPoint=0x7ff875637c30)) returned 1 [0133.014] CoTaskMemAlloc (cb=0x804) returned 0x552f90 [0133.014] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875600000, lpBaseName=0x552f90, nSize=0x800 | out: lpBaseName="StructuredQuery.dll") returned 0x13 [0133.019] CoTaskMemFree (pv=0x552f90) [0133.019] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0133.019] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875600000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StructuredQuery.dll" (normalized: "c:\\windows\\system32\\structuredquery.dll")) returned 0x27 [0133.025] CoTaskMemFree (pv=0x54def0) [0133.025] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875790000, lpmodinfo=0x22a9678, cb=0x18 | out: lpmodinfo=0x22a9678*(lpBaseOfDll=0x7ff875790000, SizeOfImage=0x48000, EntryPoint=0x7ff87579c0e0)) returned 1 [0133.030] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0133.030] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875790000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="MSWB7.dll") returned 0x9 [0133.036] CoTaskMemFree (pv=0x551f70) [0133.036] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0133.036] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875790000, lpFilename=0x5537a0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MSWB7.dll" (normalized: "c:\\windows\\system32\\mswb7.dll")) returned 0x1d [0133.041] CoTaskMemFree (pv=0x5537a0) [0133.041] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff878df0000, lpmodinfo=0x22ab820, cb=0x18 | out: lpmodinfo=0x22ab820*(lpBaseOfDll=0x7ff878df0000, SizeOfImage=0x4a000, EntryPoint=0x7ff878dfac30)) returned 1 [0133.047] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0133.047] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff878df0000, lpBaseName=0x5547c0, nSize=0x800 | out: lpBaseName="deviceaccess.dll") returned 0x10 [0133.052] CoTaskMemFree (pv=0x5547c0) [0133.052] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0133.052] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff878df0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")) returned 0x24 [0133.057] CoTaskMemFree (pv=0x551f70) [0133.057] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff86e6e0000, lpmodinfo=0x22ad9e8, cb=0x18 | out: lpmodinfo=0x22ad9e8*(lpBaseOfDll=0x7ff86e6e0000, SizeOfImage=0xce000, EntryPoint=0x7ff86e7114c0)) returned 1 [0133.063] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0133.063] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff86e6e0000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="TokenBroker.dll") returned 0xf [0133.068] CoTaskMemFree (pv=0x54e700) [0133.068] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0133.068] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff86e6e0000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll")) returned 0x23 [0133.075] CoTaskMemFree (pv=0x552780) [0133.075] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ad00000, lpmodinfo=0x22afba0, cb=0x18 | out: lpmodinfo=0x22afba0*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0133.080] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0133.080] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ad00000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0133.085] CoTaskMemFree (pv=0x54def0) [0133.085] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0133.086] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ad00000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0133.091] CoTaskMemFree (pv=0x5547c0) [0133.091] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff861830000, lpmodinfo=0x22b1d58, cb=0x18 | out: lpmodinfo=0x22b1d58*(lpBaseOfDll=0x7ff861830000, SizeOfImage=0x50000, EntryPoint=0x7ff861861220)) returned 1 [0133.096] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0133.097] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff861830000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="Windows.System.Launcher.dll") returned 0x1b [0133.102] CoTaskMemFree (pv=0x54e700) [0133.102] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0133.102] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff861830000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.System.Launcher.dll" (normalized: "c:\\windows\\system32\\windows.system.launcher.dll")) returned 0x2f [0133.108] CoTaskMemFree (pv=0x54ff30) [0133.108] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873e20000, lpmodinfo=0x22b4358, cb=0x18 | out: lpmodinfo=0x22b4358*(lpBaseOfDll=0x7ff873e20000, SizeOfImage=0x9000, EntryPoint=0x7ff873e21480)) returned 1 [0133.114] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0133.114] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873e20000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="WpPortingLibrary.dll") returned 0x14 [0133.119] CoTaskMemFree (pv=0x54d6e0) [0133.119] CoTaskMemAlloc (cb=0x804) returned 0x552780 [0133.119] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873e20000, lpFilename=0x552780, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll")) returned 0x28 [0133.125] CoTaskMemFree (pv=0x552780) [0133.125] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87ae30000, lpmodinfo=0x22b6530, cb=0x18 | out: lpmodinfo=0x22b6530*(lpBaseOfDll=0x7ff87ae30000, SizeOfImage=0xc000, EntryPoint=0x7ff87ae31470)) returned 1 [0133.130] CoTaskMemAlloc (cb=0x804) returned 0x54ef10 [0133.130] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87ae30000, lpBaseName=0x54ef10, nSize=0x800 | out: lpBaseName="dsclient.dll") returned 0xc [0133.136] CoTaskMemFree (pv=0x54ef10) [0133.136] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0133.136] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87ae30000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dsclient.dll" (normalized: "c:\\windows\\system32\\dsclient.dll")) returned 0x20 [0133.142] CoTaskMemFree (pv=0x550740) [0133.142] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff865970000, lpmodinfo=0x22b86e8, cb=0x18 | out: lpmodinfo=0x22b86e8*(lpBaseOfDll=0x7ff865970000, SizeOfImage=0xac000, EntryPoint=0x7ff8659759c0)) returned 1 [0133.148] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0133.148] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff865970000, lpBaseName=0x54e700, nSize=0x800 | out: lpBaseName="ieproxy.dll") returned 0xb [0133.154] CoTaskMemFree (pv=0x54e700) [0133.154] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0133.154] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff865970000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ieproxy.dll" (normalized: "c:\\windows\\system32\\ieproxy.dll")) returned 0x1f [0133.159] CoTaskMemFree (pv=0x54e700) [0133.159] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff8736c0000, lpmodinfo=0x22ba890, cb=0x18 | out: lpmodinfo=0x22ba890*(lpBaseOfDll=0x7ff8736c0000, SizeOfImage=0x2a3000, EntryPoint=0x7ff8736e6190)) returned 1 [0133.165] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0133.165] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff8736c0000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="Windows.StateRepository.dll") returned 0x1b [0133.171] CoTaskMemFree (pv=0x551f70) [0133.171] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0133.171] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff8736c0000, lpFilename=0x551f70, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")) returned 0x2f [0133.178] CoTaskMemFree (pv=0x551f70) [0133.178] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff873620000, lpmodinfo=0x22bca78, cb=0x18 | out: lpmodinfo=0x22bca78*(lpBaseOfDll=0x7ff873620000, SizeOfImage=0x94000, EntryPoint=0x7ff873659210)) returned 1 [0133.184] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0133.184] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff873620000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="StateRepository.Core.dll") returned 0x18 [0133.190] CoTaskMemFree (pv=0x54def0) [0133.190] CoTaskMemAlloc (cb=0x804) returned 0x5547c0 [0133.190] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff873620000, lpFilename=0x5547c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")) returned 0x2c [0133.195] CoTaskMemFree (pv=0x5547c0) [0133.195] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff875080000, lpmodinfo=0x22bec60, cb=0x18 | out: lpmodinfo=0x22bec60*(lpBaseOfDll=0x7ff875080000, SizeOfImage=0x41000, EntryPoint=0x7ff875084840)) returned 1 [0133.201] CoTaskMemAlloc (cb=0x804) returned 0x550f50 [0133.201] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff875080000, lpBaseName=0x550f50, nSize=0x800 | out: lpBaseName="usermgrproxy.dll") returned 0x10 [0133.207] CoTaskMemFree (pv=0x550f50) [0133.207] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0133.207] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff875080000, lpFilename=0x551760, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\usermgrproxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")) returned 0x24 [0133.213] CoTaskMemFree (pv=0x551760) [0133.214] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff867260000, lpmodinfo=0x22c0e28, cb=0x18 | out: lpmodinfo=0x22c0e28*(lpBaseOfDll=0x7ff867260000, SizeOfImage=0x4b000, EntryPoint=0x7ff867271590)) returned 1 [0133.226] CoTaskMemAlloc (cb=0x804) returned 0x551f70 [0133.226] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff867260000, lpBaseName=0x551f70, nSize=0x800 | out: lpBaseName="vaultcli.dll") returned 0xc [0133.232] CoTaskMemFree (pv=0x551f70) [0133.232] CoTaskMemAlloc (cb=0x804) returned 0x550740 [0133.232] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff867260000, lpFilename=0x550740, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\vaultcli.dll" (normalized: "c:\\windows\\system32\\vaultcli.dll")) returned 0x20 [0133.238] CoTaskMemFree (pv=0x550740) [0133.239] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87d170000, lpmodinfo=0x22c2fe0, cb=0x18 | out: lpmodinfo=0x22c2fe0*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0133.244] CoTaskMemAlloc (cb=0x804) returned 0x551760 [0133.244] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87d170000, lpBaseName=0x551760, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0133.251] CoTaskMemFree (pv=0x551760) [0133.251] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0133.251] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87d170000, lpFilename=0x54d6e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0133.258] CoTaskMemFree (pv=0x54d6e0) [0133.258] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff87c5c0000, lpmodinfo=0x22c5188, cb=0x18 | out: lpmodinfo=0x22c5188*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0133.264] CoTaskMemAlloc (cb=0x804) returned 0x54d6e0 [0133.264] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff87c5c0000, lpBaseName=0x54d6e0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0133.270] CoTaskMemFree (pv=0x54d6e0) [0133.270] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0133.270] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff87c5c0000, lpFilename=0x54def0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0133.278] CoTaskMemFree (pv=0x54def0) [0133.278] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff870840000, lpmodinfo=0x22c7330, cb=0x18 | out: lpmodinfo=0x22c7330*(lpBaseOfDll=0x7ff870840000, SizeOfImage=0x1b8000, EntryPoint=0x7ff8708ae630)) returned 1 [0133.284] CoTaskMemAlloc (cb=0x804) returned 0x5537a0 [0133.284] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff870840000, lpBaseName=0x5537a0, nSize=0x800 | out: lpBaseName="urlmon.dll") returned 0xa [0133.291] CoTaskMemFree (pv=0x5537a0) [0133.291] CoTaskMemAlloc (cb=0x804) returned 0x54ff30 [0133.291] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff870840000, lpFilename=0x54ff30, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")) returned 0x1e [0133.297] CoTaskMemFree (pv=0x54ff30) [0133.297] GetModuleInformation (in: hProcess=0x268, hModule=0x7ff861360000, lpmodinfo=0x22c94d8, cb=0x18 | out: lpmodinfo=0x22c94d8*(lpBaseOfDll=0x7ff861360000, SizeOfImage=0xa3000, EntryPoint=0x7ff861374810)) returned 1 [0133.303] CoTaskMemAlloc (cb=0x804) returned 0x54def0 [0133.303] GetModuleBaseNameW (in: hProcess=0x268, hModule=0x7ff861360000, lpBaseName=0x54def0, nSize=0x800 | out: lpBaseName="wpnapps.dll") returned 0xb [0133.310] CoTaskMemFree (pv=0x54def0) [0133.310] CoTaskMemAlloc (cb=0x804) returned 0x54e700 [0133.310] GetModuleFileNameExW (in: hProcess=0x268, hModule=0x7ff861360000, lpFilename=0x54e700, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wpnapps.dll" (normalized: "c:\\windows\\system32\\wpnapps.dll")) returned 0x1f [0133.316] CoTaskMemFree (pv=0x54e700) [0133.316] CloseHandle (hObject=0x268) returned 1 [0133.316] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0133.393] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0137.331] CoTaskMemAlloc (cb=0x20c) returned 0x528b80 [0137.332] SHGetFolderPathW (in: hwnd=0x0, csidl=7, hToken=0x0, dwFlags=0x0, pszPath=0x528b80 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x0 [0137.340] CoTaskMemFree (pv=0x528b80) [0137.341] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpFilePart=0x0) returned 0x53 [0137.342] CoTaskMemAlloc (cb=0x20c) returned 0x528b80 [0137.342] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x528b80 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0137.343] CoTaskMemFree (pv=0x528b80) [0137.343] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0137.343] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14eac0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0137.348] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ef00) returned 1 [0137.348] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\svchost.exe"), fInfoLevelId=0x0, lpFileInformation=0x14efe0 | out: lpFileInformation=0x14efe0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0137.349] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eec0) returned 1 [0137.351] GetFullPathNameW (in: lpFileName="a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", nBufferLength=0x105, lpBuffer=0x14ea70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", lpFilePart=0x0) returned 0x62 [0137.351] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14ea70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0137.357] CopyFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\svchost.exe"), bFailIfExists=1) returned 1 [0138.489] LocalAlloc (uFlags=0x0, uBytes=0x64) returned 0x558950 [0138.489] LocalAlloc (uFlags=0x0, uBytes=0x4e) returned 0x557cd0 [0141.827] LocalFree (hMem=0x558950) returned 0x0 [0141.827] LocalFree (hMem=0x557cd0) returned 0x0 [0141.835] CoGetContextToken (in: pToken=0x14ee20 | out: pToken=0x14ee20) returned 0x0 [0141.835] CObjectContext::QueryInterface () returned 0x0 [0141.835] CObjectContext::GetCurrentThreadType () returned 0x0 [0141.835] Release () returned 0x0 [0141.836] CoGetContextToken (in: pToken=0x14e930 | out: pToken=0x14e930) returned 0x0 [0141.836] CObjectContext::QueryInterface () returned 0x0 [0141.836] CObjectContext::GetCurrentThreadType () returned 0x0 [0141.836] Release () returned 0x0 [0141.837] CoGetContextToken (in: pToken=0x14e930 | out: pToken=0x14e930) returned 0x0 [0141.837] CObjectContext::QueryInterface () returned 0x0 [0141.837] CObjectContext::GetCurrentThreadType () returned 0x0 [0141.837] Release () returned 0x0 [0141.845] CoGetContextToken (in: pToken=0x14e930 | out: pToken=0x14e930) returned 0x0 [0141.845] CObjectContext::QueryInterface () returned 0x0 [0141.845] CObjectContext::GetCurrentThreadType () returned 0x0 [0141.845] Release () returned 0x0 [0141.865] CoGetContextToken (in: pToken=0x14e940 | out: pToken=0x14e940) returned 0x0 [0141.865] CObjectContext::QueryInterface () returned 0x0 [0141.865] CObjectContext::GetCurrentThreadType () returned 0x0 [0141.865] Release () returned 0x0 [0141.865] CoUninitialize () Thread: id = 2 os_tid = 0xd28 Thread: id = 3 os_tid = 0xd00 Thread: id = 4 os_tid = 0x7b8 [0070.058] CoGetContextToken (in: pToken=0x1a73fa80 | out: pToken=0x1a73fa80) returned 0x0 [0070.058] CObjectContext::QueryInterface () returned 0x0 [0070.058] CObjectContext::GetCurrentThreadType () returned 0x0 [0070.058] Release () returned 0x0 [0070.058] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0070.058] RoInitialize () returned 0x1 [0070.058] RoUninitialize () returned 0x0 [0141.837] EtwEventUnregister () returned 0x0 [0141.862] CloseHandle (hObject=0x4b0) returned 1 Thread: id = 5 os_tid = 0x13d4 Thread: id = 6 os_tid = 0x13d8 Thread: id = 7 os_tid = 0xe2c Thread: id = 8 os_tid = 0xe30 [0138.528] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0139.185] RoInitialize () returned 0x1 [0139.186] RoUninitialize () returned 0x0 [0139.197] ShellExecuteExW (in: pExecInfo=0x22cf428*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpParameters=0x0, lpDirectory="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\", nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x22cf428*(cbSize=0x70, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpParameters=0x0, lpDirectory="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\", nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x4b0)) returned 1 [0141.731] CoGetContextToken (in: pToken=0x1b03fc00 | out: pToken=0x1b03fc00) returned 0x0 [0141.733] CoUninitialize () Thread: id = 9 os_tid = 0xdec Thread: id = 10 os_tid = 0xb04 Thread: id = 11 os_tid = 0x126c Process: id = "2" image_name = "svchost.exe" filename = "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\svchost.exe" page_root = "0x49435000" os_pid = "0x57c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xb9c" cmd_line = "\"C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe\" " cur_dir = "C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\" os_username = "XC64ZB\\RDhJ0CNFevzX" bitness = "32" os_groups = "XC64ZB\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000f72e" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Region: id = 416 start_va = 0x10000 end_va = 0x2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000010000" filename = "" Region: id = 417 start_va = 0x30000 end_va = 0x44fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000030000" filename = "" Region: id = 418 start_va = 0x50000 end_va = 0x14ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000050000" filename = "" Region: id = 419 start_va = 0x150000 end_va = 0x153fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000150000" filename = "" Region: id = 420 start_va = 0x160000 end_va = 0x160fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000160000" filename = "" Region: id = 421 start_va = 0x170000 end_va = 0x171fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000170000" filename = "" Region: id = 422 start_va = 0x200000 end_va = 0x3fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000200000" filename = "" Region: id = 423 start_va = 0x400000 end_va = 0x40bfff monitored = 1 entry_point = 0x407cfe region_type = mapped_file name = "svchost.exe" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\svchost.exe") Region: id = 424 start_va = 0x7ffe0000 end_va = 0x7ffeffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000007ffe0000" filename = "" Region: id = 425 start_va = 0x7ff5fffd0000 end_va = 0x7ff5ffff2fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5fffd0000" filename = "" Region: id = 426 start_va = 0x7ff87ffa0000 end_va = 0x7ff880160fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "ntdll.dll" filename = "\\Windows\\System32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll") Region: id = 427 start_va = 0x560000 end_va = 0x566fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000560000" filename = "" Region: id = 428 start_va = 0x600000 end_va = 0x6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000600000" filename = "" Region: id = 429 start_va = 0x7ff865560000 end_va = 0x7ff8655c7fff monitored = 1 entry_point = 0x7ff865564970 region_type = mapped_file name = "mscoree.dll" filename = "\\Windows\\System32\\mscoree.dll" (normalized: "c:\\windows\\system32\\mscoree.dll") Region: id = 430 start_va = 0x7ff87ce40000 end_va = 0x7ff87d027fff monitored = 0 entry_point = 0x7ff87ce6ba70 region_type = mapped_file name = "kernelbase.dll" filename = "\\Windows\\System32\\KernelBase.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll") Region: id = 431 start_va = 0x7ff87f640000 end_va = 0x7ff87f6ecfff monitored = 0 entry_point = 0x7ff87f6581a0 region_type = mapped_file name = "kernel32.dll" filename = "\\Windows\\System32\\kernel32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll") Region: id = 432 start_va = 0x10000 end_va = 0x1ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000010000" filename = "" Region: id = 433 start_va = 0x7ff5ffed0000 end_va = 0x7ff5fffcffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00007ff5ffed0000" filename = "" Region: id = 434 start_va = 0x410000 end_va = 0x4cdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "locale.nls" filename = "\\Windows\\System32\\locale.nls" (normalized: "c:\\windows\\system32\\locale.nls") Region: id = 435 start_va = 0x180000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 436 start_va = 0x700000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 437 start_va = 0x700000 end_va = 0x7fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000700000" filename = "" Region: id = 438 start_va = 0x7ff87aa90000 end_va = 0x7ff87ab08fff monitored = 0 entry_point = 0x7ff87aaafb90 region_type = mapped_file name = "apphelp.dll" filename = "\\Windows\\System32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll") Region: id = 439 start_va = 0x7ff5ffe50000 end_va = 0x7ff5ffecdfff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sysmain.sdb" filename = "\\Windows\\AppPatch\\apppatch64\\sysmain.sdb" (normalized: "c:\\windows\\apppatch\\apppatch64\\sysmain.sdb") Region: id = 440 start_va = 0x7ff87fd30000 end_va = 0x7ff87fdd6fff monitored = 0 entry_point = 0x7ff87fd458d0 region_type = mapped_file name = "advapi32.dll" filename = "\\Windows\\System32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll") Region: id = 441 start_va = 0x7ff87fde0000 end_va = 0x7ff87fe7cfff monitored = 0 entry_point = 0x7ff87fde78a0 region_type = mapped_file name = "msvcrt.dll" filename = "\\Windows\\System32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll") Region: id = 442 start_va = 0x800000 end_va = 0x8fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000800000" filename = "" Region: id = 443 start_va = 0x7ff87f970000 end_va = 0x7ff87f9cafff monitored = 0 entry_point = 0x7ff87f9838b0 region_type = mapped_file name = "sechost.dll" filename = "\\Windows\\System32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll") Region: id = 444 start_va = 0x7ff87fe80000 end_va = 0x7ff87ff9bfff monitored = 0 entry_point = 0x7ff87fec02b0 region_type = mapped_file name = "rpcrt4.dll" filename = "\\Windows\\System32\\rpcrt4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll") Region: id = 445 start_va = 0x20000 end_va = 0x26fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000020000" filename = "" Region: id = 446 start_va = 0x900000 end_va = 0xafffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 447 start_va = 0x900000 end_va = 0x9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000900000" filename = "" Region: id = 448 start_va = 0x7ff8654c0000 end_va = 0x7ff865557fff monitored = 1 entry_point = 0x7ff8654c1000 region_type = mapped_file name = "mscoreei.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll") Region: id = 449 start_va = 0x7ff87fb50000 end_va = 0x7ff87fba1fff monitored = 0 entry_point = 0x7ff87fb5f530 region_type = mapped_file name = "shlwapi.dll" filename = "\\Windows\\System32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll") Region: id = 450 start_va = 0x7ff87f6f0000 end_va = 0x7ff87f96cfff monitored = 0 entry_point = 0x7ff87f7c4970 region_type = mapped_file name = "combase.dll" filename = "\\Windows\\System32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll") Region: id = 451 start_va = 0x7ff87d030000 end_va = 0x7ff87d099fff monitored = 0 entry_point = 0x7ff87d066d50 region_type = mapped_file name = "bcryptprimitives.dll" filename = "\\Windows\\System32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll") Region: id = 452 start_va = 0x7ff87f3e0000 end_va = 0x7ff87f565fff monitored = 0 entry_point = 0x7ff87f42ffc0 region_type = mapped_file name = "gdi32.dll" filename = "\\Windows\\System32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll") Region: id = 453 start_va = 0x7ff87ed60000 end_va = 0x7ff87eeb5fff monitored = 0 entry_point = 0x7ff87ed6a8d0 region_type = mapped_file name = "user32.dll" filename = "\\Windows\\System32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll") Region: id = 454 start_va = 0x180000 end_va = 0x1b8fff monitored = 0 entry_point = 0x1812f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 455 start_va = 0x1c0000 end_va = 0x1c6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001c0000" filename = "" Region: id = 456 start_va = 0xa00000 end_va = 0xb87fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000a00000" filename = "" Region: id = 457 start_va = 0x7ff87d4f0000 end_va = 0x7ff87d52afff monitored = 0 entry_point = 0x7ff87d4f12f0 region_type = mapped_file name = "imm32.dll" filename = "\\Windows\\System32\\imm32.dll" (normalized: "c:\\windows\\system32\\imm32.dll") Region: id = 458 start_va = 0xb90000 end_va = 0xd10fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000b90000" filename = "" Region: id = 459 start_va = 0xd20000 end_va = 0x211ffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000d20000" filename = "" Region: id = 460 start_va = 0x180000 end_va = 0x180fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000180000" filename = "" Region: id = 461 start_va = 0x190000 end_va = 0x190fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000190000" filename = "" Region: id = 462 start_va = 0x1a0000 end_va = 0x1a6fff monitored = 1 entry_point = 0x1a7cfe region_type = mapped_file name = "svchost.exe" filename = "\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\svchost.exe") Region: id = 463 start_va = 0x7ff87c640000 end_va = 0x7ff87c64efff monitored = 0 entry_point = 0x7ff87c643210 region_type = mapped_file name = "kernel.appcore.dll" filename = "\\Windows\\System32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll") Region: id = 464 start_va = 0x7ff870d80000 end_va = 0x7ff870d89fff monitored = 0 entry_point = 0x7ff870d81350 region_type = mapped_file name = "version.dll" filename = "\\Windows\\System32\\version.dll" (normalized: "c:\\windows\\system32\\version.dll") Region: id = 465 start_va = 0x7ff85fa20000 end_va = 0x7ff8603adfff monitored = 1 entry_point = 0x7ff85fb4d9f0 region_type = mapped_file name = "clr.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll") Region: id = 466 start_va = 0x7ff873350000 end_va = 0x7ff873446fff monitored = 0 entry_point = 0x7ff873374d80 region_type = mapped_file name = "msvcr120_clr0400.dll" filename = "\\Windows\\System32\\msvcr120_clr0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll") Region: id = 467 start_va = 0x1a0000 end_va = 0x1a0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001a0000" filename = "" Region: id = 468 start_va = 0x1b0000 end_va = 0x1bffff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000001b0000" filename = "" Region: id = 469 start_va = 0x1d0000 end_va = 0x1dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001d0000" filename = "" Region: id = 470 start_va = 0x7ff8002b0000 end_va = 0x7ff8002bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff8002b0000" filename = "" Region: id = 471 start_va = 0x7ff8002c0000 end_va = 0x7ff8002cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff8002c0000" filename = "" Region: id = 472 start_va = 0x7ff8002d0000 end_va = 0x7ff80035ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff8002d0000" filename = "" Region: id = 473 start_va = 0x7ff800360000 end_va = 0x7ff8003cffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff800360000" filename = "" Region: id = 474 start_va = 0x1e0000 end_va = 0x1e0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001e0000" filename = "" Region: id = 475 start_va = 0x1f0000 end_va = 0x1f0fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000001f0000" filename = "" Region: id = 476 start_va = 0x2120000 end_va = 0x2216fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 477 start_va = 0x2220000 end_va = 0x2376fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 478 start_va = 0x2380000 end_va = 0x257ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002380000" filename = "" Region: id = 479 start_va = 0x2400000 end_va = 0x24fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002400000" filename = "" Region: id = 480 start_va = 0x2220000 end_va = 0x231ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002220000" filename = "" Region: id = 481 start_va = 0x2370000 end_va = 0x2376fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002370000" filename = "" Region: id = 482 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 483 start_va = 0x2500000 end_va = 0x1a4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002500000" filename = "" Region: id = 484 start_va = 0x1a500000 end_va = 0x1a86ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a500000" filename = "" Region: id = 485 start_va = 0x2120000 end_va = 0x21e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 486 start_va = 0x2210000 end_va = 0x2216fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002210000" filename = "" Region: id = 487 start_va = 0x1a870000 end_va = 0x1aa6ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a870000" filename = "" Region: id = 488 start_va = 0x1a900000 end_va = 0x1a9fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001a900000" filename = "" Region: id = 489 start_va = 0x1aa00000 end_va = 0x1ab00fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001aa00000" filename = "" Region: id = 490 start_va = 0x1ab10000 end_va = 0x1ac0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ab10000" filename = "" Region: id = 491 start_va = 0x1ac10000 end_va = 0x1ad0ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001ac10000" filename = "" Region: id = 492 start_va = 0x1ad10000 end_va = 0x1b046fff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "sortdefault.nls" filename = "\\Windows\\Globalization\\Sorting\\SortDefault.nls" (normalized: "c:\\windows\\globalization\\sorting\\sortdefault.nls") Region: id = 493 start_va = 0x7ff85e550000 end_va = 0x7ff85fa15fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "mscorlib.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll") Region: id = 494 start_va = 0x7ff5ffe30000 end_va = 0x7ff5ffecffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5ffe30000" filename = "" Region: id = 495 start_va = 0x7ff5ffe20000 end_va = 0x7ff5ffe2ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff5ffe20000" filename = "" Region: id = 496 start_va = 0x7ff87d3a0000 end_va = 0x7ff87d4e2fff monitored = 0 entry_point = 0x7ff87d3c8210 region_type = mapped_file name = "ole32.dll" filename = "\\Windows\\System32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll") Region: id = 497 start_va = 0x2120000 end_va = 0x21dffff monitored = 0 entry_point = 0x2140da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 498 start_va = 0x21e0000 end_va = 0x21e6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021e0000" filename = "" Region: id = 499 start_va = 0x1b050000 end_va = 0x1b12cfff monitored = 0 entry_point = 0x1b0ae0b0 region_type = mapped_file name = "rpcss.dll" filename = "\\Windows\\System32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll") Region: id = 500 start_va = 0x7ff8003d0000 end_va = 0x7ff80040ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff8003d0000" filename = "" Region: id = 501 start_va = 0x7ff800410000 end_va = 0x7ff80041ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00007ff800410000" filename = "" Region: id = 502 start_va = 0x7ff873240000 end_va = 0x7ff873344fff monitored = 1 entry_point = 0x7ff87324107c region_type = mapped_file name = "clrjit.dll" filename = "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll") Region: id = 503 start_va = 0x7ff87fa80000 end_va = 0x7ff87fb40fff monitored = 0 entry_point = 0x7ff87faa0da0 region_type = mapped_file name = "oleaut32.dll" filename = "\\Windows\\System32\\oleaut32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll") Region: id = 504 start_va = 0x4d0000 end_va = 0x4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004d0000" filename = "" Region: id = 505 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 506 start_va = 0x7ff8606d0000 end_va = 0x7ff8612e3fff monitored = 1 entry_point = 0x0 region_type = mapped_file name = "system.ni.dll" filename = "\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll") Region: id = 507 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 508 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 509 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 510 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 511 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 512 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 513 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 514 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 515 start_va = 0x580000 end_va = 0x58ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000580000" filename = "" Region: id = 516 start_va = 0x590000 end_va = 0x59ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000590000" filename = "" Region: id = 517 start_va = 0x5a0000 end_va = 0x5affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005a0000" filename = "" Region: id = 518 start_va = 0x5b0000 end_va = 0x5bffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005b0000" filename = "" Region: id = 519 start_va = 0x5c0000 end_va = 0x5dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005c0000" filename = "" Region: id = 520 start_va = 0x2120000 end_va = 0x214ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 521 start_va = 0x5e0000 end_va = 0x5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000005e0000" filename = "" Region: id = 522 start_va = 0x2150000 end_va = 0x21affff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002150000" filename = "" Region: id = 523 start_va = 0x21b0000 end_va = 0x21dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021b0000" filename = "" Region: id = 524 start_va = 0x21f0000 end_va = 0x21fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000021f0000" filename = "" Region: id = 525 start_va = 0x7ff87c240000 end_va = 0x7ff87c26cfff monitored = 0 entry_point = 0x7ff87c259d40 region_type = mapped_file name = "sspicli.dll" filename = "\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll") Region: id = 526 start_va = 0x2120000 end_va = 0x21d6fff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000002120000" filename = "" Region: id = 527 start_va = 0x1b050000 end_va = 0x1b24ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b050000" filename = "" Region: id = 528 start_va = 0x1b100000 end_va = 0x1b1fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b100000" filename = "" Region: id = 529 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 530 start_va = 0x4f0000 end_va = 0x4fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004f0000" filename = "" Region: id = 531 start_va = 0x4e0000 end_va = 0x4effff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x00000000004e0000" filename = "" Region: id = 532 start_va = 0x7ff87eec0000 end_va = 0x7ff87eec7fff monitored = 0 entry_point = 0x7ff87eec10b0 region_type = mapped_file name = "psapi.dll" filename = "\\Windows\\System32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll") Region: id = 533 start_va = 0x4e0000 end_va = 0x4e1fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004e0000" filename = "" Region: id = 534 start_va = 0x4f0000 end_va = 0x4f0fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x00000000004f0000" filename = "" Region: id = 535 start_va = 0x1b200000 end_va = 0x1b2dffff monitored = 0 entry_point = 0x0 region_type = mapped_file name = "kernelbase.dll.mui" filename = "\\Windows\\System32\\en-US\\KernelBase.dll.mui" (normalized: "c:\\windows\\system32\\en-us\\kernelbase.dll.mui") Region: id = 536 start_va = 0x1b2e0000 end_va = 0x1b3dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b2e0000" filename = "" Region: id = 537 start_va = 0x1b3e0000 end_va = 0x1b4dffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b3e0000" filename = "" Region: id = 538 start_va = 0x500000 end_va = 0x50ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000500000" filename = "" Region: id = 539 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 540 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 541 start_va = 0x7ff87d650000 end_va = 0x7ff87ebaefff monitored = 0 entry_point = 0x7ff87d7b11f0 region_type = mapped_file name = "shell32.dll" filename = "\\Windows\\System32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll") Region: id = 542 start_va = 0x7ff87c710000 end_va = 0x7ff87c752fff monitored = 0 entry_point = 0x7ff87c724b50 region_type = mapped_file name = "cfgmgr32.dll" filename = "\\Windows\\System32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll") Region: id = 543 start_va = 0x7ff87c760000 end_va = 0x7ff87cda3fff monitored = 0 entry_point = 0x7ff87c9264b0 region_type = mapped_file name = "windows.storage.dll" filename = "\\Windows\\System32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll") Region: id = 544 start_va = 0x7ff87c650000 end_va = 0x7ff87c704fff monitored = 0 entry_point = 0x7ff87c6922e0 region_type = mapped_file name = "shcore.dll" filename = "\\Windows\\System32\\SHCore.dll" (normalized: "c:\\windows\\system32\\shcore.dll") Region: id = 545 start_va = 0x7ff87c5f0000 end_va = 0x7ff87c63afff monitored = 0 entry_point = 0x7ff87c5f35f0 region_type = mapped_file name = "powrprof.dll" filename = "\\Windows\\System32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll") Region: id = 546 start_va = 0x7ff87c5d0000 end_va = 0x7ff87c5e3fff monitored = 0 entry_point = 0x7ff87c5d52e0 region_type = mapped_file name = "profapi.dll" filename = "\\Windows\\System32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll") Region: id = 547 start_va = 0x500000 end_va = 0x500fff monitored = 1 entry_point = 0x0 region_type = pagefile_backed name = "pagefile_0x0000000000500000" filename = "" Region: id = 548 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 549 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 550 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 551 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 552 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 553 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 554 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 555 start_va = 0x540000 end_va = 0x54ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000540000" filename = "" Region: id = 556 start_va = 0x550000 end_va = 0x55ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000550000" filename = "" Region: id = 557 start_va = 0x570000 end_va = 0x57ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000570000" filename = "" Region: id = 558 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 559 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 560 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 561 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 562 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 563 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 564 start_va = 0x530000 end_va = 0x53ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000530000" filename = "" Region: id = 565 start_va = 0x7ff87c450000 end_va = 0x7ff87c478fff monitored = 0 entry_point = 0x7ff87c464530 region_type = mapped_file name = "bcrypt.dll" filename = "\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll") Region: id = 566 start_va = 0x7ff87bf40000 end_va = 0x7ff87bf56fff monitored = 0 entry_point = 0x7ff87bf479d0 region_type = mapped_file name = "cryptsp.dll" filename = "\\Windows\\System32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll") Region: id = 567 start_va = 0x7ff87bbd0000 end_va = 0x7ff87bc03fff monitored = 0 entry_point = 0x7ff87bbeae70 region_type = mapped_file name = "rsaenh.dll" filename = "\\Windows\\System32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll") Region: id = 568 start_va = 0x7ff87c060000 end_va = 0x7ff87c06afff monitored = 0 entry_point = 0x7ff87c0619a0 region_type = mapped_file name = "cryptbase.dll" filename = "\\Windows\\System32\\cryptbase.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll") Region: id = 569 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 570 start_va = 0x1b500000 end_va = 0x1b5fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b500000" filename = "" Region: id = 571 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 572 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 573 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Region: id = 580 start_va = 0x1b600000 end_va = 0x1b6fffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x000000001b600000" filename = "" Region: id = 581 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 582 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 583 start_va = 0x510000 end_va = 0x51ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000510000" filename = "" Region: id = 584 start_va = 0x520000 end_va = 0x52ffff monitored = 1 entry_point = 0x0 region_type = private name = "private_0x0000000000520000" filename = "" Thread: id = 12 os_tid = 0x354 [0142.621] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0142.635] RoInitialize () returned 0x1 [0142.635] RoUninitialize () returned 0x0 [0142.901] GetUserNameW (in: lpBuffer=0x14b9b0, pcbBuffer=0x14bcd8 | out: lpBuffer="RDhJ0CNFevzX", pcbBuffer=0x14bcd8) returned 1 [0143.022] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x14e0d0 | out: lpLuid=0x14e0d0*(LowPart=0x14, HighPart=0)) returned 1 [0143.024] GetCurrentProcess () returned 0xffffffffffffffff [0143.024] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x20, TokenHandle=0x14e0c8 | out: TokenHandle=0x14e0c8*=0x25c) returned 1 [0143.025] AdjustTokenPrivileges (in: TokenHandle=0x25c, DisableAllPrivileges=0, NewState=0x2512880*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0143.025] CloseHandle (hObject=0x25c) returned 1 [0143.037] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1250a1b0, Length=0x20000, ResultLength=0x14efc0 | out: SystemInformation=0x1250a1b0, ResultLength=0x14efc0*=0x1ddf0) returned 0x0 [0143.060] GetCurrentProcessId () returned 0x57c [0143.065] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd14) returned 0x0 [0143.072] EnumProcesses (in: lpidProcess=0x25501c8, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x25501c8, lpcbNeeded=0x14ee58) returned 1 [0143.080] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x14eab0, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0143.091] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10ec) returned 0x260 [0143.091] EnumProcessModules (in: hProcess=0x260, lphModule=0x2550f30, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2550f30, lpcbNeeded=0x14ef68) returned 1 [0143.092] GetModuleInformation (in: hProcess=0x260, hModule=0xae0000, lpmodinfo=0x25511a0, cb=0x18 | out: lpmodinfo=0x25511a0*(lpBaseOfDll=0xae0000, SizeOfImage=0x17000, EntryPoint=0xae14a1)) returned 1 [0143.094] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.094] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xae0000, lpBaseName=0x6983e0, nSize=0x800 | out: lpBaseName="winscp.exe") returned 0xa [0143.095] CoTaskMemFree (pv=0x6983e0) [0143.095] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.095] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xae0000, lpFilename=0x6983e0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows NT\\winscp.exe" (normalized: "c:\\program files\\windows nt\\winscp.exe")) returned 0x26 [0143.096] CoTaskMemFree (pv=0x6983e0) [0143.096] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25533c8, cb=0x18 | out: lpmodinfo=0x25533c8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0143.096] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.096] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6983e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0143.097] CoTaskMemFree (pv=0x6983e0) [0143.097] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.097] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6983e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0143.097] CoTaskMemFree (pv=0x6983e0) [0143.097] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x2555570, cb=0x18 | out: lpmodinfo=0x2555570*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0143.098] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.098] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6983e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0143.098] CoTaskMemFree (pv=0x6983e0) [0143.098] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.098] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6983e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0143.099] CoTaskMemFree (pv=0x6983e0) [0143.099] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x2557718, cb=0x18 | out: lpmodinfo=0x2557718*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0143.100] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.100] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6983e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0143.100] CoTaskMemFree (pv=0x6983e0) [0143.100] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.100] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6983e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0143.101] CoTaskMemFree (pv=0x6983e0) [0143.101] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x25598d0, cb=0x18 | out: lpmodinfo=0x25598d0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0143.102] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.102] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6983e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0143.102] CoTaskMemFree (pv=0x6983e0) [0143.102] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.103] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6983e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0143.103] CoTaskMemFree (pv=0x6983e0) [0143.103] CloseHandle (hObject=0x260) returned 1 [0143.110] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0143.110] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb88) returned 0x260 [0143.110] EnumProcessModules (in: hProcess=0x260, lphModule=0x255c288, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x255c288, lpcbNeeded=0x14ef68) returned 1 [0143.111] GetModuleInformation (in: hProcess=0x260, hModule=0xa60000, lpmodinfo=0x255c4f8, cb=0x18 | out: lpmodinfo=0x255c4f8*(lpBaseOfDll=0xa60000, SizeOfImage=0x17000, EntryPoint=0xa614a1)) returned 1 [0143.111] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.111] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xa60000, lpBaseName=0x6983e0, nSize=0x800 | out: lpBaseName="those.exe") returned 0x9 [0143.112] CoTaskMemFree (pv=0x6983e0) [0143.112] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.112] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xa60000, lpFilename=0x6983e0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows NT\\those.exe" (normalized: "c:\\program files (x86)\\windows nt\\those.exe")) returned 0x2b [0143.112] CoTaskMemFree (pv=0x6983e0) [0143.112] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x255e6f0, cb=0x18 | out: lpmodinfo=0x255e6f0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0143.113] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.113] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6983e0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0143.113] CoTaskMemFree (pv=0x6983e0) [0143.113] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.113] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6983e0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0143.114] CoTaskMemFree (pv=0x6983e0) [0143.114] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x2560898, cb=0x18 | out: lpmodinfo=0x2560898*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0143.114] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.114] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6983e0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0143.114] CoTaskMemFree (pv=0x6983e0) [0143.115] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.115] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6983e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0143.115] CoTaskMemFree (pv=0x6983e0) [0143.115] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x2562a40, cb=0x18 | out: lpmodinfo=0x2562a40*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0143.117] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.117] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6983e0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0143.117] CoTaskMemFree (pv=0x6983e0) [0143.117] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.117] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6983e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0143.118] CoTaskMemFree (pv=0x6983e0) [0143.118] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x2564bf8, cb=0x18 | out: lpmodinfo=0x2564bf8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0143.119] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.119] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6983e0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0143.120] CoTaskMemFree (pv=0x6983e0) [0143.120] CoTaskMemAlloc (cb=0x804) returned 0x6983e0 [0143.120] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6983e0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0143.120] CoTaskMemFree (pv=0x6983e0) [0143.120] CloseHandle (hObject=0x260) returned 1 [0143.121] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0143.121] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x310) returned 0x260 [0143.121] EnumProcessModules (in: hProcess=0x260, lphModule=0x2567310, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2567310, lpcbNeeded=0x14ef68) returned 1 [0143.125] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff689230000, lpmodinfo=0x2567580, cb=0x18 | out: lpmodinfo=0x2567580*(lpBaseOfDll=0x7ff689230000, SizeOfImage=0x13000, EntryPoint=0x7ff689233100)) returned 1 [0143.125] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.126] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff689230000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="dwm.exe") returned 0x7 [0143.126] CoTaskMemFree (pv=0x698870) [0143.126] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.126] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff689230000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwm.exe" (normalized: "c:\\windows\\system32\\dwm.exe")) returned 0x1b [0143.127] CoTaskMemFree (pv=0x698870) [0143.127] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2569750, cb=0x18 | out: lpmodinfo=0x2569750*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0143.127] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.127] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0143.128] CoTaskMemFree (pv=0x698870) [0143.128] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.128] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0143.129] CoTaskMemFree (pv=0x698870) [0143.129] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x256b8f8, cb=0x18 | out: lpmodinfo=0x256b8f8*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0143.129] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.129] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0143.130] CoTaskMemFree (pv=0x698870) [0143.130] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.130] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0143.130] CoTaskMemFree (pv=0x698870) [0143.130] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x256dab0, cb=0x18 | out: lpmodinfo=0x256dab0*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0143.131] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.131] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0143.132] CoTaskMemFree (pv=0x698870) [0143.132] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.132] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0143.132] CoTaskMemFree (pv=0x698870) [0143.132] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87aa90000, lpmodinfo=0x256fc68, cb=0x18 | out: lpmodinfo=0x256fc68*(lpBaseOfDll=0x7ff87aa90000, SizeOfImage=0x79000, EntryPoint=0x7ff87aaafb90)) returned 1 [0143.133] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.133] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87aa90000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0143.134] CoTaskMemFree (pv=0x698870) [0143.134] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.134] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87aa90000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0143.135] CoTaskMemFree (pv=0x698870) [0143.135] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x2571e68, cb=0x18 | out: lpmodinfo=0x2571e68*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0143.136] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.136] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0143.138] CoTaskMemFree (pv=0x698870) [0143.138] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.138] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0143.138] CoTaskMemFree (pv=0x698870) [0143.139] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x2574010, cb=0x18 | out: lpmodinfo=0x2574010*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0143.139] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.139] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0143.140] CoTaskMemFree (pv=0x698870) [0143.140] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.140] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0143.141] CoTaskMemFree (pv=0x698870) [0143.141] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x25761c8, cb=0x18 | out: lpmodinfo=0x25761c8*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0143.142] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.142] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0143.143] CoTaskMemFree (pv=0x698870) [0143.143] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.143] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0143.144] CoTaskMemFree (pv=0x698870) [0143.144] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x2578370, cb=0x18 | out: lpmodinfo=0x2578370*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0143.145] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.145] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0143.146] CoTaskMemFree (pv=0x698870) [0143.146] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.146] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0143.147] CoTaskMemFree (pv=0x698870) [0143.148] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x257a5b0, cb=0x18 | out: lpmodinfo=0x257a5b0*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0143.149] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.149] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="gdi32.dll") returned 0x9 [0143.150] CoTaskMemFree (pv=0x698870) [0143.150] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.150] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\gdi32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0143.152] CoTaskMemFree (pv=0x698870) [0143.152] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x257c758, cb=0x18 | out: lpmodinfo=0x257c758*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0143.153] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.153] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0143.154] CoTaskMemFree (pv=0x698870) [0143.154] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.154] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0143.155] CoTaskMemFree (pv=0x698870) [0143.155] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87aa60000, lpmodinfo=0x257e900, cb=0x18 | out: lpmodinfo=0x257e900*(lpBaseOfDll=0x7ff87aa60000, SizeOfImage=0x2c000, EntryPoint=0x7ff87aa6f120)) returned 1 [0143.156] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.156] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87aa60000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="dwmredir.dll") returned 0xc [0143.158] CoTaskMemFree (pv=0x698870) [0143.158] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.158] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87aa60000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dwmredir.dll" (normalized: "c:\\windows\\system32\\dwmredir.dll")) returned 0x20 [0143.159] CoTaskMemFree (pv=0x698870) [0143.159] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a980000, lpmodinfo=0x2580ab8, cb=0x18 | out: lpmodinfo=0x2580ab8*(lpBaseOfDll=0x7ff87a980000, SizeOfImage=0xd5000, EntryPoint=0x7ff87a9cb980)) returned 1 [0143.160] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.160] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a980000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="udwm.dll") returned 0x8 [0143.162] CoTaskMemFree (pv=0x698870) [0143.162] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.162] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a980000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\udwm.dll" (normalized: "c:\\windows\\system32\\udwm.dll")) returned 0x1c [0143.163] CoTaskMemFree (pv=0x698870) [0143.163] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a790000, lpmodinfo=0x2582c60, cb=0x18 | out: lpmodinfo=0x2582c60*(lpBaseOfDll=0x7ff87a790000, SizeOfImage=0x1e3000, EntryPoint=0x7ff87a842160)) returned 1 [0143.165] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.165] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a790000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="dwmcore.dll") returned 0xb [0143.167] CoTaskMemFree (pv=0x698870) [0143.167] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.167] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a790000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmcore.dll" (normalized: "c:\\windows\\system32\\dwmcore.dll")) returned 0x1f [0143.168] CoTaskMemFree (pv=0x698870) [0143.168] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x2584e08, cb=0x18 | out: lpmodinfo=0x2584e08*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0143.171] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.171] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0143.173] CoTaskMemFree (pv=0x698870) [0143.174] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.174] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0143.175] CoTaskMemFree (pv=0x698870) [0143.175] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x2586fc0, cb=0x18 | out: lpmodinfo=0x2586fc0*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0143.177] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.177] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0143.179] CoTaskMemFree (pv=0x698870) [0143.179] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.179] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0143.181] CoTaskMemFree (pv=0x698870) [0143.181] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x2589168, cb=0x18 | out: lpmodinfo=0x2589168*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0143.183] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.183] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0143.185] CoTaskMemFree (pv=0x698870) [0143.185] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.185] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0143.188] CoTaskMemFree (pv=0x698870) [0143.188] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a6a0000, lpmodinfo=0x258b458, cb=0x18 | out: lpmodinfo=0x258b458*(lpBaseOfDll=0x7ff87a6a0000, SizeOfImage=0xe3000, EntryPoint=0x7ff87a6d7da0)) returned 1 [0143.190] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.190] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a6a0000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="dcomp.dll") returned 0x9 [0143.192] CoTaskMemFree (pv=0x698870) [0143.192] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.192] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a6a0000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll")) returned 0x1d [0143.193] CoTaskMemFree (pv=0x698870) [0143.193] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpmodinfo=0x258d600, cb=0x18 | out: lpmodinfo=0x258d600*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0143.195] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.195] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="CoreMessaging.dll") returned 0x11 [0143.199] CoTaskMemFree (pv=0x698870) [0143.199] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.199] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0143.200] CoTaskMemFree (pv=0x698870) [0143.200] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpmodinfo=0x258f7c8, cb=0x18 | out: lpmodinfo=0x258f7c8*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0143.202] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.202] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0143.204] CoTaskMemFree (pv=0x698870) [0143.204] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.204] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0143.206] CoTaskMemFree (pv=0x698870) [0143.206] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87af40000, lpmodinfo=0x2591970, cb=0x18 | out: lpmodinfo=0x2591970*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0143.209] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.209] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87af40000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0143.211] CoTaskMemFree (pv=0x698870) [0143.211] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.211] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87af40000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0143.213] CoTaskMemFree (pv=0x698870) [0143.213] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a5c0000, lpmodinfo=0x2593b18, cb=0x18 | out: lpmodinfo=0x2593b18*(lpBaseOfDll=0x7ff87a5c0000, SizeOfImage=0x16000, EntryPoint=0x7ff87a5ca430)) returned 1 [0143.215] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.215] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a5c0000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="dwmghost.dll") returned 0xc [0143.238] CoTaskMemFree (pv=0x698870) [0143.238] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.238] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a5c0000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dwmghost.dll" (normalized: "c:\\windows\\system32\\dwmghost.dll")) returned 0x20 [0143.240] CoTaskMemFree (pv=0x698870) [0143.240] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a590000, lpmodinfo=0x2595cd0, cb=0x18 | out: lpmodinfo=0x2595cd0*(lpBaseOfDll=0x7ff87a590000, SizeOfImage=0x22000, EntryPoint=0x7ff87a591a40)) returned 1 [0143.242] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.242] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a590000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0143.244] CoTaskMemFree (pv=0x698870) [0143.244] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.244] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a590000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0143.246] CoTaskMemFree (pv=0x698870) [0143.246] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a2e0000, lpmodinfo=0x2597e78, cb=0x18 | out: lpmodinfo=0x2597e78*(lpBaseOfDll=0x7ff87a2e0000, SizeOfImage=0x2a8000, EntryPoint=0x7ff87a373250)) returned 1 [0143.249] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.249] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a2e0000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="d3d11.dll") returned 0x9 [0143.251] CoTaskMemFree (pv=0x698870) [0143.251] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.251] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a2e0000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll")) returned 0x1d [0143.253] CoTaskMemFree (pv=0x698870) [0143.255] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a230000, lpmodinfo=0x259a020, cb=0x18 | out: lpmodinfo=0x259a020*(lpBaseOfDll=0x7ff87a230000, SizeOfImage=0xa2000, EntryPoint=0x7ff87a250a40)) returned 1 [0143.257] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.257] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a230000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="dxgi.dll") returned 0x8 [0143.259] CoTaskMemFree (pv=0x698870) [0143.259] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.259] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a230000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")) returned 0x1c [0143.262] CoTaskMemFree (pv=0x698870) [0143.262] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879920000, lpmodinfo=0x259c1c8, cb=0x18 | out: lpmodinfo=0x259c1c8*(lpBaseOfDll=0x7ff879920000, SizeOfImage=0x1b1000, EntryPoint=0x7ff8799b61a0)) returned 1 [0143.264] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.264] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879920000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="WindowsCodecs.dll") returned 0x11 [0143.267] CoTaskMemFree (pv=0x698870) [0143.267] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.267] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879920000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WindowsCodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")) returned 0x25 [0143.269] CoTaskMemFree (pv=0x698870) [0143.269] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x259e390, cb=0x18 | out: lpmodinfo=0x259e390*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0143.271] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.271] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0143.274] CoTaskMemFree (pv=0x698870) [0143.274] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.274] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0143.277] CoTaskMemFree (pv=0x698870) [0143.277] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x25a0558, cb=0x18 | out: lpmodinfo=0x25a0558*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0143.279] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.279] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0143.282] CoTaskMemFree (pv=0x698870) [0143.282] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.282] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0143.285] CoTaskMemFree (pv=0x698870) [0143.285] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8798d0000, lpmodinfo=0x25a2700, cb=0x18 | out: lpmodinfo=0x25a2700*(lpBaseOfDll=0x7ff8798d0000, SizeOfImage=0x4b000, EntryPoint=0x7ff8798e72b0)) returned 1 [0143.288] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.288] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8798d0000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="UIAnimation.dll") returned 0xf [0143.290] CoTaskMemFree (pv=0x698870) [0143.291] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.291] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8798d0000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll")) returned 0x23 [0143.293] CoTaskMemFree (pv=0x698870) [0143.293] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879840000, lpmodinfo=0x25a48b8, cb=0x18 | out: lpmodinfo=0x25a48b8*(lpBaseOfDll=0x7ff879840000, SizeOfImage=0x32000, EntryPoint=0x7ff87985f6d0)) returned 1 [0143.296] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.296] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879840000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="ism32k.dll") returned 0xa [0143.299] CoTaskMemFree (pv=0x698870) [0143.299] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.299] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879840000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ism32k.dll" (normalized: "c:\\windows\\system32\\ism32k.dll")) returned 0x1e [0143.301] CoTaskMemFree (pv=0x698870) [0143.301] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879830000, lpmodinfo=0x25a6a60, cb=0x18 | out: lpmodinfo=0x25a6a60*(lpBaseOfDll=0x7ff879830000, SizeOfImage=0xb000, EntryPoint=0x7ff879831650)) returned 1 [0143.304] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.304] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879830000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="avrt.dll") returned 0x8 [0143.307] CoTaskMemFree (pv=0x698870) [0143.307] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.307] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879830000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\avrt.dll" (normalized: "c:\\windows\\system32\\avrt.dll")) returned 0x1c [0143.310] CoTaskMemFree (pv=0x698870) [0143.310] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8797f0000, lpmodinfo=0x25a8c08, cb=0x18 | out: lpmodinfo=0x25a8c08*(lpBaseOfDll=0x7ff8797f0000, SizeOfImage=0x40000, EntryPoint=0x7ff8798177d0)) returned 1 [0143.313] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.313] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8797f0000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="Windows.Gaming.Input.dll") returned 0x18 [0143.316] CoTaskMemFree (pv=0x698870) [0143.316] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.316] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8797f0000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Gaming.Input.dll" (normalized: "c:\\windows\\system32\\windows.gaming.input.dll")) returned 0x2c [0143.319] CoTaskMemFree (pv=0x698870) [0143.319] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x25aadf0, cb=0x18 | out: lpmodinfo=0x25aadf0*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0143.322] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.322] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0143.325] CoTaskMemFree (pv=0x698870) [0143.325] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.327] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0143.330] CoTaskMemFree (pv=0x698870) [0143.330] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c650000, lpmodinfo=0x25ad1c0, cb=0x18 | out: lpmodinfo=0x25ad1c0*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0143.333] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.333] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c650000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0143.338] CoTaskMemFree (pv=0x698870) [0143.338] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.338] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c650000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0143.341] CoTaskMemFree (pv=0x698870) [0143.341] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879580000, lpmodinfo=0x25af368, cb=0x18 | out: lpmodinfo=0x25af368*(lpBaseOfDll=0x7ff879580000, SizeOfImage=0x26f000, EntryPoint=0x7ff8796322b0)) returned 1 [0143.343] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.343] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879580000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="d3d10warp.dll") returned 0xd [0143.347] CoTaskMemFree (pv=0x698870) [0143.347] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.347] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879580000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll")) returned 0x21 [0143.351] CoTaskMemFree (pv=0x698870) [0143.351] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879030000, lpmodinfo=0x25b1520, cb=0x18 | out: lpmodinfo=0x25b1520*(lpBaseOfDll=0x7ff879030000, SizeOfImage=0x545000, EntryPoint=0x7ff8791ca450)) returned 1 [0143.354] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.354] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879030000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="d2d1.dll") returned 0x8 [0143.357] CoTaskMemFree (pv=0x698870) [0143.357] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.357] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879030000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll")) returned 0x1c [0143.360] CoTaskMemFree (pv=0x698870) [0143.360] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878ff0000, lpmodinfo=0x25b36c8, cb=0x18 | out: lpmodinfo=0x25b36c8*(lpBaseOfDll=0x7ff878ff0000, SizeOfImage=0x36000, EntryPoint=0x7ff879000070)) returned 1 [0143.364] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.364] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878ff0000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0143.367] CoTaskMemFree (pv=0x698870) [0143.367] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.367] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878ff0000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0143.370] CoTaskMemFree (pv=0x698870) [0143.370] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878fc0000, lpmodinfo=0x25b5870, cb=0x18 | out: lpmodinfo=0x25b5870*(lpBaseOfDll=0x7ff878fc0000, SizeOfImage=0x29000, EntryPoint=0x7ff878fcca00)) returned 1 [0143.374] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.374] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878fc0000, lpBaseName=0x698870, nSize=0x800 | out: lpBaseName="Cabinet.dll") returned 0xb [0143.377] CoTaskMemFree (pv=0x698870) [0143.377] CoTaskMemAlloc (cb=0x804) returned 0x698870 [0143.377] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878fc0000, lpFilename=0x698870, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")) returned 0x1f [0143.381] CoTaskMemFree (pv=0x698870) [0143.381] CloseHandle (hObject=0x260) returned 1 [0143.381] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0143.381] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x900) returned 0x260 [0143.381] EnumProcessModules (in: hProcess=0x260, lphModule=0x25b8a78, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25b8a78, lpcbNeeded=0x14ef68) returned 1 [0143.382] GetModuleInformation (in: hProcess=0x260, hModule=0x110000, lpmodinfo=0x25b8ce8, cb=0x18 | out: lpmodinfo=0x25b8ce8*(lpBaseOfDll=0x110000, SizeOfImage=0x17000, EntryPoint=0x1114a1)) returned 1 [0143.382] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.382] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x110000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="boy.exe") returned 0x7 [0143.383] CoTaskMemFree (pv=0x698010) [0143.383] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.383] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x110000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Media Player\\boy.exe" (normalized: "c:\\program files\\windows media player\\boy.exe")) returned 0x2d [0143.383] CoTaskMemFree (pv=0x698010) [0143.383] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25baee0, cb=0x18 | out: lpmodinfo=0x25baee0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0143.384] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.384] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0143.384] CoTaskMemFree (pv=0x698010) [0143.384] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.384] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0143.385] CoTaskMemFree (pv=0x698010) [0143.385] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x25bd088, cb=0x18 | out: lpmodinfo=0x25bd088*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0143.385] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.385] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0143.386] CoTaskMemFree (pv=0x698010) [0143.386] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.386] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0143.387] CoTaskMemFree (pv=0x698010) [0143.387] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x25bf230, cb=0x18 | out: lpmodinfo=0x25bf230*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0143.387] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.387] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0143.388] CoTaskMemFree (pv=0x698010) [0143.388] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.388] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0143.389] CoTaskMemFree (pv=0x698010) [0143.389] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x25c13e8, cb=0x18 | out: lpmodinfo=0x25c13e8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0143.389] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.390] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0143.391] CoTaskMemFree (pv=0x698010) [0143.391] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.391] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0143.391] CoTaskMemFree (pv=0x698010) [0143.391] CloseHandle (hObject=0x260) returned 1 [0143.392] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0143.392] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1178) returned 0x260 [0143.392] EnumProcessModules (in: hProcess=0x260, lphModule=0x25c3b00, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25c3b00, lpcbNeeded=0x14ef68) returned 1 [0143.393] GetModuleInformation (in: hProcess=0x260, hModule=0xe00000, lpmodinfo=0x25c3d70, cb=0x18 | out: lpmodinfo=0x25c3d70*(lpBaseOfDll=0xe00000, SizeOfImage=0x17000, EntryPoint=0xe014a1)) returned 1 [0143.393] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.393] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xe00000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="isspos.exe") returned 0xa [0143.393] CoTaskMemFree (pv=0x698010) [0143.393] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.393] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xe00000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Sidebar\\isspos.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\isspos.exe")) returned 0x31 [0143.394] CoTaskMemFree (pv=0x698010) [0143.394] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25c5f78, cb=0x18 | out: lpmodinfo=0x25c5f78*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0143.394] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.394] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0143.395] CoTaskMemFree (pv=0x698010) [0143.395] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.395] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0143.396] CoTaskMemFree (pv=0x698010) [0143.396] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x25c8120, cb=0x18 | out: lpmodinfo=0x25c8120*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0143.396] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.396] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0143.397] CoTaskMemFree (pv=0x698010) [0143.397] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.397] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0143.397] CoTaskMemFree (pv=0x698010) [0143.397] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x25ca2c8, cb=0x18 | out: lpmodinfo=0x25ca2c8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0143.399] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.399] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0143.400] CoTaskMemFree (pv=0x698010) [0143.400] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.400] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0143.400] CoTaskMemFree (pv=0x698010) [0143.400] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x25cc480, cb=0x18 | out: lpmodinfo=0x25cc480*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0143.401] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.401] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0143.402] CoTaskMemFree (pv=0x698010) [0143.402] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0143.402] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0143.403] CoTaskMemFree (pv=0x698010) [0143.403] CloseHandle (hObject=0x260) returned 1 [0143.403] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0143.403] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1020) returned 0x260 [0143.403] EnumProcessModules (in: hProcess=0x260, lphModule=0x25ceb98, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25ceb98, lpcbNeeded=0x14ef68) returned 1 [0143.404] GetModuleInformation (in: hProcess=0x260, hModule=0xe10000, lpmodinfo=0x25cee08, cb=0x18 | out: lpmodinfo=0x25cee08*(lpBaseOfDll=0xe10000, SizeOfImage=0x17000, EntryPoint=0xe114a1)) returned 1 [0143.404] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.404] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xe10000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="foxmailincmail.exe") returned 0x12 [0143.405] CoTaskMemFree (pv=0x698690) [0143.405] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.405] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xe10000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Common Files\\foxmailincmail.exe" (normalized: "c:\\program files (x86)\\common files\\foxmailincmail.exe")) returned 0x36 [0143.405] CoTaskMemFree (pv=0x698690) [0143.405] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25d1028, cb=0x18 | out: lpmodinfo=0x25d1028*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0143.406] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.406] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0143.407] CoTaskMemFree (pv=0x698690) [0143.407] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.407] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0143.407] CoTaskMemFree (pv=0x698690) [0143.407] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x25d31d0, cb=0x18 | out: lpmodinfo=0x25d31d0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0143.408] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.408] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0143.408] CoTaskMemFree (pv=0x698690) [0143.408] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.408] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0143.409] CoTaskMemFree (pv=0x698690) [0143.409] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x25d5378, cb=0x18 | out: lpmodinfo=0x25d5378*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0143.410] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.410] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0143.410] CoTaskMemFree (pv=0x698690) [0143.410] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.410] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0143.411] CoTaskMemFree (pv=0x698690) [0143.411] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x25d7530, cb=0x18 | out: lpmodinfo=0x25d7530*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0143.412] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.412] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0143.413] CoTaskMemFree (pv=0x698690) [0143.413] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.413] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0143.413] CoTaskMemFree (pv=0x698690) [0143.413] CloseHandle (hObject=0x260) returned 1 [0143.414] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0143.414] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x494) returned 0x260 [0143.414] EnumProcessModules (in: hProcess=0x260, lphModule=0x25d9c48, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25d9c48, lpcbNeeded=0x14ef68) returned 1 [0143.414] GetModuleInformation (in: hProcess=0x260, hModule=0x150000, lpmodinfo=0x25d9eb8, cb=0x18 | out: lpmodinfo=0x25d9eb8*(lpBaseOfDll=0x150000, SizeOfImage=0x17000, EntryPoint=0x1514a1)) returned 1 [0143.415] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.415] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x150000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="bitkinex.exe") returned 0xc [0143.415] CoTaskMemFree (pv=0x698690) [0143.415] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.415] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x150000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Reference Assemblies\\bitkinex.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\bitkinex.exe")) returned 0x38 [0143.416] CoTaskMemFree (pv=0x698690) [0143.416] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25dc0d8, cb=0x18 | out: lpmodinfo=0x25dc0d8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0143.416] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.416] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0143.417] CoTaskMemFree (pv=0x698690) [0143.417] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.417] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0143.418] CoTaskMemFree (pv=0x698690) [0143.418] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x25de280, cb=0x18 | out: lpmodinfo=0x25de280*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0143.418] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.418] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0143.419] CoTaskMemFree (pv=0x698690) [0143.419] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.419] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0143.419] CoTaskMemFree (pv=0x698690) [0143.419] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x25e0428, cb=0x18 | out: lpmodinfo=0x25e0428*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0143.420] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.420] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0143.421] CoTaskMemFree (pv=0x698690) [0143.421] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.421] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0143.422] CoTaskMemFree (pv=0x698690) [0143.422] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x25e25e0, cb=0x18 | out: lpmodinfo=0x25e25e0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0143.423] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.423] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0143.423] CoTaskMemFree (pv=0x698690) [0143.423] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.423] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0143.424] CoTaskMemFree (pv=0x698690) [0143.424] CloseHandle (hObject=0x260) returned 1 [0143.425] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0143.425] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3cc) returned 0x260 [0143.425] EnumProcessModules (in: hProcess=0x260, lphModule=0x25e4cf8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25e4cf8, lpcbNeeded=0x14ef68) returned 1 [0143.432] EnumProcessModules (in: hProcess=0x260, lphModule=0x25e4f10, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x25e4f10, lpcbNeeded=0x14ef68) returned 1 [0143.440] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff6a3140000, lpmodinfo=0x25e5380, cb=0x18 | out: lpmodinfo=0x25e5380*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0143.440] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.440] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0143.440] CoTaskMemFree (pv=0x698690) [0143.440] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.440] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0143.441] CoTaskMemFree (pv=0x698690) [0143.441] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25e7560, cb=0x18 | out: lpmodinfo=0x25e7560*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0143.441] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.441] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0143.442] CoTaskMemFree (pv=0x698690) [0143.442] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.442] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0143.442] CoTaskMemFree (pv=0x698690) [0143.442] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x25e9708, cb=0x18 | out: lpmodinfo=0x25e9708*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0143.443] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.443] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0143.444] CoTaskMemFree (pv=0x698690) [0143.444] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.444] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0143.444] CoTaskMemFree (pv=0x698690) [0143.444] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x25eb8c0, cb=0x18 | out: lpmodinfo=0x25eb8c0*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0143.445] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.445] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0143.446] CoTaskMemFree (pv=0x698690) [0143.446] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.446] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0143.446] CoTaskMemFree (pv=0x698690) [0143.446] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x25eda78, cb=0x18 | out: lpmodinfo=0x25eda78*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0143.447] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.447] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0143.448] CoTaskMemFree (pv=0x698690) [0143.448] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.448] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0143.449] CoTaskMemFree (pv=0x698690) [0143.449] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x25efc78, cb=0x18 | out: lpmodinfo=0x25efc78*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0143.450] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.450] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0143.450] CoTaskMemFree (pv=0x698690) [0143.450] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.450] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0143.451] CoTaskMemFree (pv=0x698690) [0143.451] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b760000, lpmodinfo=0x25f1e20, cb=0x18 | out: lpmodinfo=0x25f1e20*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0143.452] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.453] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b760000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0143.453] CoTaskMemFree (pv=0x698690) [0143.453] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.453] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b760000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0143.454] CoTaskMemFree (pv=0x698690) [0143.454] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x25f3fd8, cb=0x18 | out: lpmodinfo=0x25f3fd8*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0143.455] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.455] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0143.456] CoTaskMemFree (pv=0x698690) [0143.456] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.456] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0143.457] CoTaskMemFree (pv=0x698690) [0143.457] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x25f6180, cb=0x18 | out: lpmodinfo=0x25f6180*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0143.458] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.458] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0143.459] CoTaskMemFree (pv=0x698690) [0143.459] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.459] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0143.461] CoTaskMemFree (pv=0x698690) [0143.461] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x25f83c0, cb=0x18 | out: lpmodinfo=0x25f83c0*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0143.462] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.462] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0143.463] CoTaskMemFree (pv=0x698690) [0143.463] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.463] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0143.464] CoTaskMemFree (pv=0x698690) [0143.464] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x25fa598, cb=0x18 | out: lpmodinfo=0x25fa598*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0143.465] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.465] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0143.466] CoTaskMemFree (pv=0x698690) [0143.466] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.466] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0143.469] CoTaskMemFree (pv=0x698690) [0143.469] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x25fc760, cb=0x18 | out: lpmodinfo=0x25fc760*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0143.470] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.470] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0143.471] CoTaskMemFree (pv=0x698690) [0143.471] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.471] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0143.473] CoTaskMemFree (pv=0x698690) [0143.473] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x25fe908, cb=0x18 | out: lpmodinfo=0x25fe908*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0143.474] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.474] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0143.475] CoTaskMemFree (pv=0x698690) [0143.475] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.475] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0143.477] CoTaskMemFree (pv=0x698690) [0143.477] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c650000, lpmodinfo=0x2600ab0, cb=0x18 | out: lpmodinfo=0x2600ab0*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0143.478] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.478] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c650000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0143.480] CoTaskMemFree (pv=0x698690) [0143.480] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.480] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c650000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0143.481] CoTaskMemFree (pv=0x698690) [0143.481] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x2602c58, cb=0x18 | out: lpmodinfo=0x2602c58*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0143.483] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.483] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0143.484] CoTaskMemFree (pv=0x698690) [0143.484] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.484] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0143.486] CoTaskMemFree (pv=0x698690) [0143.486] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x2604e10, cb=0x18 | out: lpmodinfo=0x2604e10*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0143.488] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.488] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0143.489] CoTaskMemFree (pv=0x698690) [0143.489] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.489] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0143.491] CoTaskMemFree (pv=0x698690) [0143.491] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878f20000, lpmodinfo=0x2606fb8, cb=0x18 | out: lpmodinfo=0x2606fb8*(lpBaseOfDll=0x7ff878f20000, SizeOfImage=0x79000, EntryPoint=0x7ff878f37800)) returned 1 [0143.499] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.499] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878f20000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="Geolocation.dll") returned 0xf [0143.501] CoTaskMemFree (pv=0x698690) [0143.501] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.501] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878f20000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Geolocation.dll" (normalized: "c:\\windows\\system32\\geolocation.dll")) returned 0x23 [0143.503] CoTaskMemFree (pv=0x698690) [0143.503] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x2609288, cb=0x18 | out: lpmodinfo=0x2609288*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0143.505] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.505] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0143.506] CoTaskMemFree (pv=0x698690) [0143.506] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.506] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0143.508] CoTaskMemFree (pv=0x698690) [0143.508] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878e80000, lpmodinfo=0x260b440, cb=0x18 | out: lpmodinfo=0x260b440*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0143.510] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.510] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878e80000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0143.512] CoTaskMemFree (pv=0x698690) [0143.512] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.512] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878e80000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0143.514] CoTaskMemFree (pv=0x698690) [0143.514] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878e40000, lpmodinfo=0x260d608, cb=0x18 | out: lpmodinfo=0x260d608*(lpBaseOfDll=0x7ff878e40000, SizeOfImage=0x33000, EntryPoint=0x7ff878e4d5a0)) returned 1 [0143.516] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.516] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878e40000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="BiWinrt.dll") returned 0xb [0143.518] CoTaskMemFree (pv=0x698690) [0143.518] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.518] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878e40000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\BiWinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll")) returned 0x1f [0143.520] CoTaskMemFree (pv=0x698690) [0143.520] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpmodinfo=0x260f7b0, cb=0x18 | out: lpmodinfo=0x260f7b0*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0143.522] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.522] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0143.524] CoTaskMemFree (pv=0x698690) [0143.524] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.524] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0143.526] CoTaskMemFree (pv=0x698690) [0143.526] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bd20000, lpmodinfo=0x2611978, cb=0x18 | out: lpmodinfo=0x2611978*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0143.528] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.528] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0143.530] CoTaskMemFree (pv=0x698690) [0143.530] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.531] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0143.533] CoTaskMemFree (pv=0x698690) [0143.533] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x2613b20, cb=0x18 | out: lpmodinfo=0x2613b20*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0143.535] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.535] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0143.537] CoTaskMemFree (pv=0x698690) [0143.537] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.537] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0143.540] CoTaskMemFree (pv=0x698690) [0143.540] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x2615cc8, cb=0x18 | out: lpmodinfo=0x2615cc8*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0143.543] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.543] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0143.545] CoTaskMemFree (pv=0x698690) [0143.545] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.545] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0143.548] CoTaskMemFree (pv=0x698690) [0143.548] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878df0000, lpmodinfo=0x2617e70, cb=0x18 | out: lpmodinfo=0x2617e70*(lpBaseOfDll=0x7ff878df0000, SizeOfImage=0x4a000, EntryPoint=0x7ff878dfac30)) returned 1 [0143.550] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.550] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878df0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="deviceaccess.dll") returned 0x10 [0143.553] CoTaskMemFree (pv=0x698690) [0143.553] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.553] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878df0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")) returned 0x24 [0143.555] CoTaskMemFree (pv=0x698690) [0143.555] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878820000, lpmodinfo=0x261a038, cb=0x18 | out: lpmodinfo=0x261a038*(lpBaseOfDll=0x7ff878820000, SizeOfImage=0xc000, EntryPoint=0x7ff8788214d0)) returned 1 [0143.557] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.557] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878820000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="LocationFrameworkPS.dll") returned 0x17 [0143.560] CoTaskMemFree (pv=0x698690) [0143.560] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.560] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878820000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")) returned 0x2b [0143.562] CoTaskMemFree (pv=0x698690) [0143.562] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878580000, lpmodinfo=0x261c210, cb=0x18 | out: lpmodinfo=0x261c210*(lpBaseOfDll=0x7ff878580000, SizeOfImage=0x7a000, EntryPoint=0x7ff8785a7630)) returned 1 [0143.565] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.565] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878580000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="es.dll") returned 0x6 [0143.567] CoTaskMemFree (pv=0x698690) [0143.567] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.567] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878580000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")) returned 0x1a [0143.570] CoTaskMemFree (pv=0x698690) [0143.570] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff877ee0000, lpmodinfo=0x261e3a8, cb=0x18 | out: lpmodinfo=0x261e3a8*(lpBaseOfDll=0x7ff877ee0000, SizeOfImage=0x1a2000, EntryPoint=0x7ff877f2c2d0)) returned 1 [0143.572] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.572] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff877ee0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="fntcache.dll") returned 0xc [0143.575] CoTaskMemFree (pv=0x698690) [0143.575] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.575] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff877ee0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\fntcache.dll" (normalized: "c:\\windows\\system32\\fntcache.dll")) returned 0x20 [0143.577] CoTaskMemFree (pv=0x698690) [0143.577] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff877eb0000, lpmodinfo=0x2620560, cb=0x18 | out: lpmodinfo=0x2620560*(lpBaseOfDll=0x7ff877eb0000, SizeOfImage=0x29000, EntryPoint=0x7ff877ec24d0)) returned 1 [0143.580] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.580] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff877eb0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="FontProvider.dll") returned 0x10 [0143.583] CoTaskMemFree (pv=0x698690) [0143.583] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.583] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff877eb0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\FontProvider.dll" (normalized: "c:\\windows\\system32\\fontprovider.dll")) returned 0x24 [0143.586] CoTaskMemFree (pv=0x698690) [0143.586] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875e90000, lpmodinfo=0x2622728, cb=0x18 | out: lpmodinfo=0x2622728*(lpBaseOfDll=0x7ff875e90000, SizeOfImage=0xd000, EntryPoint=0x7ff875e92650)) returned 1 [0143.589] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.589] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875e90000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="nsisvc.dll") returned 0xa [0143.591] CoTaskMemFree (pv=0x698690) [0143.592] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.592] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875e90000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nsisvc.dll" (normalized: "c:\\windows\\system32\\nsisvc.dll")) returned 0x1e [0143.594] CoTaskMemFree (pv=0x698690) [0143.594] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87efa0000, lpmodinfo=0x26248d0, cb=0x18 | out: lpmodinfo=0x26248d0*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0143.597] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.597] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0143.600] CoTaskMemFree (pv=0x698690) [0143.600] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.600] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0143.603] CoTaskMemFree (pv=0x698690) [0143.603] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874b70000, lpmodinfo=0x2626a68, cb=0x18 | out: lpmodinfo=0x2626a68*(lpBaseOfDll=0x7ff874b70000, SizeOfImage=0x8b000, EntryPoint=0x7ff874b8d2a0)) returned 1 [0143.605] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.605] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874b70000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="netprofmsvc.dll") returned 0xf [0143.608] CoTaskMemFree (pv=0x698690) [0143.608] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.608] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874b70000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\netprofmsvc.dll" (normalized: "c:\\windows\\system32\\netprofmsvc.dll")) returned 0x23 [0143.611] CoTaskMemFree (pv=0x698690) [0143.611] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8786b0000, lpmodinfo=0x2628c20, cb=0x18 | out: lpmodinfo=0x2628c20*(lpBaseOfDll=0x7ff8786b0000, SizeOfImage=0x18000, EntryPoint=0x7ff8786b5910)) returned 1 [0143.614] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.614] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8786b0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="nlaapi.dll") returned 0xa [0143.618] CoTaskMemFree (pv=0x698690) [0143.618] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.618] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8786b0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0143.621] CoTaskMemFree (pv=0x698690) [0143.621] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874a90000, lpmodinfo=0x262afe0, cb=0x18 | out: lpmodinfo=0x262afe0*(lpBaseOfDll=0x7ff874a90000, SizeOfImage=0xe000, EntryPoint=0x7ff874a91460)) returned 1 [0143.624] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.624] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874a90000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0143.627] CoTaskMemFree (pv=0x698690) [0143.627] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.627] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874a90000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0143.631] CoTaskMemFree (pv=0x698690) [0143.631] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpmodinfo=0x262d198, cb=0x18 | out: lpmodinfo=0x262d198*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0143.633] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.634] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0143.637] CoTaskMemFree (pv=0x698690) [0143.637] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.637] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0143.641] CoTaskMemFree (pv=0x698690) [0143.641] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878b20000, lpmodinfo=0x262f340, cb=0x18 | out: lpmodinfo=0x262f340*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0143.644] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.644] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878b20000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0143.647] CoTaskMemFree (pv=0x698690) [0143.647] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.647] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878b20000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0143.651] CoTaskMemFree (pv=0x698690) [0143.651] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87eed0000, lpmodinfo=0x26314e8, cb=0x18 | out: lpmodinfo=0x26314e8*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0143.655] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.655] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0143.659] CoTaskMemFree (pv=0x698690) [0143.659] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.659] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0143.662] CoTaskMemFree (pv=0x698690) [0143.662] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87be90000, lpmodinfo=0x2633690, cb=0x18 | out: lpmodinfo=0x2633690*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0143.665] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.665] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87be90000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0143.669] CoTaskMemFree (pv=0x698690) [0143.669] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.669] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87be90000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0143.672] CoTaskMemFree (pv=0x698690) [0143.672] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875480000, lpmodinfo=0x2635838, cb=0x18 | out: lpmodinfo=0x2635838*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0143.677] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.677] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875480000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0143.680] CoTaskMemFree (pv=0x698690) [0143.680] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.680] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875480000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0143.683] CoTaskMemFree (pv=0x698690) [0143.683] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8750d0000, lpmodinfo=0x26379f0, cb=0x18 | out: lpmodinfo=0x26379f0*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0143.687] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.687] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0143.699] CoTaskMemFree (pv=0x698690) [0143.699] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.699] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0143.703] CoTaskMemFree (pv=0x698690) [0143.703] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x2639b98, cb=0x18 | out: lpmodinfo=0x2639b98*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0143.706] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.706] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0143.710] CoTaskMemFree (pv=0x698690) [0143.710] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.710] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0143.714] CoTaskMemFree (pv=0x698690) [0143.714] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875270000, lpmodinfo=0x263bd50, cb=0x18 | out: lpmodinfo=0x263bd50*(lpBaseOfDll=0x7ff875270000, SizeOfImage=0x16000, EntryPoint=0x7ff8752719f0)) returned 1 [0143.717] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.717] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875270000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0143.721] CoTaskMemFree (pv=0x698690) [0143.721] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.721] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875270000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0143.725] CoTaskMemFree (pv=0x698690) [0143.725] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875250000, lpmodinfo=0x263df08, cb=0x18 | out: lpmodinfo=0x263df08*(lpBaseOfDll=0x7ff875250000, SizeOfImage=0x1a000, EntryPoint=0x7ff875252430)) returned 1 [0143.729] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.729] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875250000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0143.736] CoTaskMemFree (pv=0x698690) [0143.736] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.736] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875250000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0143.741] CoTaskMemFree (pv=0x698690) [0143.741] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b030000, lpmodinfo=0x26400c0, cb=0x18 | out: lpmodinfo=0x26400c0*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0143.745] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.745] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b030000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0143.749] CoTaskMemFree (pv=0x698690) [0143.749] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.749] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b030000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0143.753] CoTaskMemFree (pv=0x698690) [0143.753] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874880000, lpmodinfo=0x2642268, cb=0x18 | out: lpmodinfo=0x2642268*(lpBaseOfDll=0x7ff874880000, SizeOfImage=0x14000, EntryPoint=0x7ff874881a50)) returned 1 [0143.757] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.757] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874880000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="WlanRadioManager.dll") returned 0x14 [0143.760] CoTaskMemFree (pv=0x698690) [0143.760] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.760] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874880000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WlanRadioManager.dll" (normalized: "c:\\windows\\system32\\wlanradiomanager.dll")) returned 0x28 [0143.764] CoTaskMemFree (pv=0x698690) [0143.764] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878bf0000, lpmodinfo=0x2644440, cb=0x18 | out: lpmodinfo=0x2644440*(lpBaseOfDll=0x7ff878bf0000, SizeOfImage=0x61000, EntryPoint=0x7ff878bf4b50)) returned 1 [0143.768] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.768] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878bf0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="wlanapi.dll") returned 0xb [0143.774] CoTaskMemFree (pv=0x698690) [0143.774] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.774] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878bf0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")) returned 0x1f [0143.778] CoTaskMemFree (pv=0x698690) [0143.778] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874860000, lpmodinfo=0x26465e8, cb=0x18 | out: lpmodinfo=0x26465e8*(lpBaseOfDll=0x7ff874860000, SizeOfImage=0x19000, EntryPoint=0x7ff874862180)) returned 1 [0143.783] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.783] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874860000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="BthRadioMedia.dll") returned 0x11 [0143.786] CoTaskMemFree (pv=0x698690) [0143.786] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.786] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874860000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\BthRadioMedia.dll" (normalized: "c:\\windows\\system32\\bthradiomedia.dll")) returned 0x25 [0143.791] CoTaskMemFree (pv=0x698690) [0143.791] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x26487b0, cb=0x18 | out: lpmodinfo=0x26487b0*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0143.795] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.795] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0143.799] CoTaskMemFree (pv=0x698690) [0143.799] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.799] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0143.803] CoTaskMemFree (pv=0x698690) [0143.803] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87afe0000, lpmodinfo=0x264a968, cb=0x18 | out: lpmodinfo=0x264a968*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0143.807] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.807] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87afe0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0143.811] CoTaskMemFree (pv=0x698690) [0143.811] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.811] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87afe0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0143.815] CoTaskMemFree (pv=0x698690) [0143.816] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874840000, lpmodinfo=0x264cb10, cb=0x18 | out: lpmodinfo=0x264cb10*(lpBaseOfDll=0x7ff874840000, SizeOfImage=0x1e000, EntryPoint=0x7ff874841690)) returned 1 [0143.820] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.820] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874840000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="bluetoothapis.dll") returned 0x11 [0143.824] CoTaskMemFree (pv=0x698690) [0143.824] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.824] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874840000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bluetoothapis.dll" (normalized: "c:\\windows\\system32\\bluetoothapis.dll")) returned 0x25 [0143.828] CoTaskMemFree (pv=0x698690) [0143.828] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874830000, lpmodinfo=0x264ecd8, cb=0x18 | out: lpmodinfo=0x264ecd8*(lpBaseOfDll=0x7ff874830000, SizeOfImage=0xa000, EntryPoint=0x7ff8748314c0)) returned 1 [0143.833] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.833] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874830000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0143.837] CoTaskMemFree (pv=0x698690) [0143.837] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.837] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874830000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0143.843] CoTaskMemFree (pv=0x698690) [0143.843] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpmodinfo=0x2650e90, cb=0x18 | out: lpmodinfo=0x2650e90*(lpBaseOfDll=0x7ff87b5c0000, SizeOfImage=0x24000, EntryPoint=0x7ff87b5c3260)) returned 1 [0143.848] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.848] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="gpapi.dll") returned 0x9 [0143.852] CoTaskMemFree (pv=0x698690) [0143.853] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.853] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0143.857] CoTaskMemFree (pv=0x698690) [0143.857] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873ad0000, lpmodinfo=0x2653038, cb=0x18 | out: lpmodinfo=0x2653038*(lpBaseOfDll=0x7ff873ad0000, SizeOfImage=0xb000, EntryPoint=0x7ff873ad1a20)) returned 1 [0143.861] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.861] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873ad0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="licensemanagersvc.dll") returned 0x15 [0143.866] CoTaskMemFree (pv=0x698690) [0143.866] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.866] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873ad0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\licensemanagersvc.dll" (normalized: "c:\\windows\\system32\\licensemanagersvc.dll")) returned 0x29 [0143.870] CoTaskMemFree (pv=0x698690) [0143.870] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873990000, lpmodinfo=0x2655210, cb=0x18 | out: lpmodinfo=0x2655210*(lpBaseOfDll=0x7ff873990000, SizeOfImage=0x13d000, EntryPoint=0x7ff8739aa6a0)) returned 1 [0143.875] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.875] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873990000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="LicenseManager.dll") returned 0x12 [0143.881] CoTaskMemFree (pv=0x698690) [0143.882] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.882] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873990000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\LicenseManager.dll" (normalized: "c:\\windows\\system32\\licensemanager.dll")) returned 0x26 [0143.886] CoTaskMemFree (pv=0x698690) [0143.886] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873970000, lpmodinfo=0x26573d8, cb=0x18 | out: lpmodinfo=0x26573d8*(lpBaseOfDll=0x7ff873970000, SizeOfImage=0x16000, EntryPoint=0x7ff87397b550)) returned 1 [0143.890] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.890] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873970000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="CLIPC.dll") returned 0x9 [0143.895] CoTaskMemFree (pv=0x698690) [0143.895] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.895] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873970000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\CLIPC.dll" (normalized: "c:\\windows\\system32\\clipc.dll")) returned 0x1d [0143.900] CoTaskMemFree (pv=0x698690) [0143.900] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8736c0000, lpmodinfo=0x2659580, cb=0x18 | out: lpmodinfo=0x2659580*(lpBaseOfDll=0x7ff8736c0000, SizeOfImage=0x2a3000, EntryPoint=0x7ff8736e6190)) returned 1 [0143.904] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.904] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8736c0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="Windows.StateRepository.dll") returned 0x1b [0143.909] CoTaskMemFree (pv=0x698690) [0143.909] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.909] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8736c0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")) returned 0x2f [0143.930] CoTaskMemFree (pv=0x698690) [0143.930] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873620000, lpmodinfo=0x265b768, cb=0x18 | out: lpmodinfo=0x265b768*(lpBaseOfDll=0x7ff873620000, SizeOfImage=0x94000, EntryPoint=0x7ff873659210)) returned 1 [0143.935] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.935] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873620000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="StateRepository.Core.dll") returned 0x18 [0143.940] CoTaskMemFree (pv=0x698690) [0143.940] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.940] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873620000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")) returned 0x2c [0143.945] CoTaskMemFree (pv=0x698690) [0143.945] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bf40000, lpmodinfo=0x265d950, cb=0x18 | out: lpmodinfo=0x265d950*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0143.950] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.950] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0143.955] CoTaskMemFree (pv=0x698690) [0143.955] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.955] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0143.960] CoTaskMemFree (pv=0x698690) [0143.960] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpmodinfo=0x265faf8, cb=0x18 | out: lpmodinfo=0x265faf8*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0143.965] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.965] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0143.970] CoTaskMemFree (pv=0x698690) [0143.970] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.970] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0143.975] CoTaskMemFree (pv=0x698690) [0143.975] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c060000, lpmodinfo=0x2661ca0, cb=0x18 | out: lpmodinfo=0x2661ca0*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0143.980] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.980] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c060000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0143.985] CoTaskMemFree (pv=0x698690) [0143.985] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.985] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c060000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0143.990] CoTaskMemFree (pv=0x698690) [0143.990] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873560000, lpmodinfo=0x2663e58, cb=0x18 | out: lpmodinfo=0x2663e58*(lpBaseOfDll=0x7ff873560000, SizeOfImage=0xb2000, EntryPoint=0x7ff87357f750)) returned 1 [0143.996] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0143.996] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873560000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="Windows.Security.Authentication.OnlineId.dll") returned 0x2c [0144.002] CoTaskMemFree (pv=0x698690) [0144.002] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.002] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873560000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll" (normalized: "c:\\windows\\system32\\windows.security.authentication.onlineid.dll")) returned 0x40 [0144.007] CoTaskMemFree (pv=0x698690) [0144.007] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873480000, lpmodinfo=0x2666090, cb=0x18 | out: lpmodinfo=0x2666090*(lpBaseOfDll=0x7ff873480000, SizeOfImage=0xd5000, EntryPoint=0x7ff87349cf80)) returned 1 [0144.013] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.013] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873480000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="wuapi.dll") returned 0x9 [0144.018] CoTaskMemFree (pv=0x698690) [0144.018] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.018] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873480000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")) returned 0x1d [0144.024] CoTaskMemFree (pv=0x698690) [0144.024] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d170000, lpmodinfo=0x2668238, cb=0x18 | out: lpmodinfo=0x2668238*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0144.029] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.029] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d170000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0144.034] CoTaskMemFree (pv=0x698690) [0144.034] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.034] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d170000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0144.041] CoTaskMemFree (pv=0x698690) [0144.041] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpmodinfo=0x266a3e0, cb=0x18 | out: lpmodinfo=0x266a3e0*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0144.046] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.046] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0144.052] CoTaskMemFree (pv=0x698690) [0144.052] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.052] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0144.057] CoTaskMemFree (pv=0x698690) [0144.057] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d340000, lpmodinfo=0x266c588, cb=0x18 | out: lpmodinfo=0x266c588*(lpBaseOfDll=0x7ff87d340000, SizeOfImage=0x55000, EntryPoint=0x7ff87d357970)) returned 1 [0144.063] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.063] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d340000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0144.068] CoTaskMemFree (pv=0x698690) [0144.068] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.068] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d340000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0144.075] CoTaskMemFree (pv=0x698690) [0144.075] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873450000, lpmodinfo=0x266eb58, cb=0x18 | out: lpmodinfo=0x266eb58*(lpBaseOfDll=0x7ff873450000, SizeOfImage=0x22000, EntryPoint=0x7ff873462540)) returned 1 [0144.080] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.080] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873450000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="UpdatePolicy.dll") returned 0x10 [0144.086] CoTaskMemFree (pv=0x698690) [0144.086] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.086] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873450000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\UpdatePolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll")) returned 0x24 [0144.091] CoTaskMemFree (pv=0x698690) [0144.091] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872a10000, lpmodinfo=0x2670d20, cb=0x18 | out: lpmodinfo=0x2670d20*(lpBaseOfDll=0x7ff872a10000, SizeOfImage=0x10000, EntryPoint=0x7ff872a11690)) returned 1 [0144.096] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.096] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872a10000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="wups.dll") returned 0x8 [0144.102] CoTaskMemFree (pv=0x698690) [0144.103] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.103] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872a10000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll")) returned 0x1c [0144.108] CoTaskMemFree (pv=0x698690) [0144.108] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870b40000, lpmodinfo=0x2672ec8, cb=0x18 | out: lpmodinfo=0x2672ec8*(lpBaseOfDll=0x7ff870b40000, SizeOfImage=0x1d000, EntryPoint=0x7ff870b46190)) returned 1 [0144.114] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.114] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870b40000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="wdi.dll") returned 0x7 [0144.119] CoTaskMemFree (pv=0x698690) [0144.120] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.120] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870b40000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll")) returned 0x1b [0144.125] CoTaskMemFree (pv=0x698690) [0144.125] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c480000, lpmodinfo=0x2675060, cb=0x18 | out: lpmodinfo=0x2675060*(lpBaseOfDll=0x7ff87c480000, SizeOfImage=0x99000, EntryPoint=0x7ff87c4af4e0)) returned 1 [0144.131] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.131] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c480000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="sxs.dll") returned 0x7 [0144.137] CoTaskMemFree (pv=0x698690) [0144.137] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.137] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c480000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0144.144] CoTaskMemFree (pv=0x698690) [0144.144] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f440000, lpmodinfo=0x26771f8, cb=0x18 | out: lpmodinfo=0x26771f8*(lpBaseOfDll=0x7ff86f440000, SizeOfImage=0x18000, EntryPoint=0x7ff86f444a20)) returned 1 [0144.150] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.150] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f440000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="perftrack.dll") returned 0xd [0144.156] CoTaskMemFree (pv=0x698690) [0144.156] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.156] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f440000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\perftrack.dll" (normalized: "c:\\windows\\system32\\perftrack.dll")) returned 0x21 [0144.161] CoTaskMemFree (pv=0x698690) [0144.161] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff876870000, lpmodinfo=0x26793b0, cb=0x18 | out: lpmodinfo=0x26793b0*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0144.167] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.167] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff876870000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="WinTypes.dll") returned 0xc [0144.173] CoTaskMemFree (pv=0x698690) [0144.173] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.173] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff876870000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0144.179] CoTaskMemFree (pv=0x698690) [0144.179] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872540000, lpmodinfo=0x267b568, cb=0x18 | out: lpmodinfo=0x267b568*(lpBaseOfDll=0x7ff872540000, SizeOfImage=0x27a000, EntryPoint=0x7ff87255a7a0)) returned 1 [0144.184] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.184] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872540000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="msxml6.dll") returned 0xa [0144.190] CoTaskMemFree (pv=0x698690) [0144.190] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.190] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872540000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")) returned 0x1e [0144.197] CoTaskMemFree (pv=0x698690) [0144.197] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86b0b0000, lpmodinfo=0x267d710, cb=0x18 | out: lpmodinfo=0x267d710*(lpBaseOfDll=0x7ff86b0b0000, SizeOfImage=0xc5000, EntryPoint=0x7ff86b0be740)) returned 1 [0144.203] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.203] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86b0b0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="Windows.Web.dll") returned 0xf [0144.208] CoTaskMemFree (pv=0x698690) [0144.208] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.208] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86b0b0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Web.dll" (normalized: "c:\\windows\\system32\\windows.web.dll")) returned 0x23 [0144.215] CoTaskMemFree (pv=0x698690) [0144.215] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8764e0000, lpmodinfo=0x267f8c8, cb=0x18 | out: lpmodinfo=0x267f8c8*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0144.232] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.232] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0144.238] CoTaskMemFree (pv=0x698690) [0144.238] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.238] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0144.245] CoTaskMemFree (pv=0x698690) [0144.245] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c760000, lpmodinfo=0x2681a80, cb=0x18 | out: lpmodinfo=0x2681a80*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0144.252] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.252] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c760000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0144.258] CoTaskMemFree (pv=0x698690) [0144.258] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.258] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c760000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0144.264] CoTaskMemFree (pv=0x698690) [0144.264] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fb50000, lpmodinfo=0x2683c48, cb=0x18 | out: lpmodinfo=0x2683c48*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0144.270] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.270] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0144.277] CoTaskMemFree (pv=0x698690) [0144.277] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.277] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0144.283] CoTaskMemFree (pv=0x698690) [0144.283] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bc10000, lpmodinfo=0x2685df0, cb=0x18 | out: lpmodinfo=0x2685df0*(lpBaseOfDll=0x7ff87bc10000, SizeOfImage=0xa000, EntryPoint=0x7ff87bc11830)) returned 1 [0144.290] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.290] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bc10000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="DPAPI.DLL") returned 0x9 [0144.297] CoTaskMemFree (pv=0x698690) [0144.297] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.297] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bc10000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DPAPI.DLL" (normalized: "c:\\windows\\system32\\dpapi.dll")) returned 0x1d [0144.303] CoTaskMemFree (pv=0x698690) [0144.303] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879c90000, lpmodinfo=0x2687f98, cb=0x18 | out: lpmodinfo=0x2687f98*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0144.310] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.310] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879c90000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0144.317] CoTaskMemFree (pv=0x698690) [0144.317] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.317] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879c90000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0144.323] CoTaskMemFree (pv=0x698690) [0144.323] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86ad40000, lpmodinfo=0x268a150, cb=0x18 | out: lpmodinfo=0x268a150*(lpBaseOfDll=0x7ff86ad40000, SizeOfImage=0xb1000, EntryPoint=0x7ff86adb1ca0)) returned 1 [0144.331] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.331] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86ad40000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="Windows.Security.Authentication.Web.Core.dll") returned 0x2c [0144.337] CoTaskMemFree (pv=0x698690) [0144.337] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.337] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86ad40000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Security.Authentication.Web.Core.dll" (normalized: "c:\\windows\\system32\\windows.security.authentication.web.core.dll")) returned 0x40 [0144.345] CoTaskMemFree (pv=0x698690) [0144.345] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f220000, lpmodinfo=0x268c388, cb=0x18 | out: lpmodinfo=0x268c388*(lpBaseOfDll=0x7ff86f220000, SizeOfImage=0x17000, EntryPoint=0x7ff86f226620)) returned 1 [0144.351] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.351] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f220000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="msauserext.dll") returned 0xe [0144.357] CoTaskMemFree (pv=0x698690) [0144.357] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.357] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f220000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msauserext.dll" (normalized: "c:\\windows\\system32\\msauserext.dll")) returned 0x22 [0144.365] CoTaskMemFree (pv=0x698690) [0144.365] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ae40000, lpmodinfo=0x268e540, cb=0x18 | out: lpmodinfo=0x268e540*(lpBaseOfDll=0x7ff87ae40000, SizeOfImage=0x2c000, EntryPoint=0x7ff87ae41d20)) returned 1 [0144.372] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.372] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ae40000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="AuthBroker.dll") returned 0xe [0144.378] CoTaskMemFree (pv=0x698690) [0144.378] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.378] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ae40000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\AuthBroker.dll" (normalized: "c:\\windows\\system32\\authbroker.dll")) returned 0x22 [0144.385] CoTaskMemFree (pv=0x698690) [0144.385] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875230000, lpmodinfo=0x26906f8, cb=0x18 | out: lpmodinfo=0x26906f8*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff875231b60)) returned 1 [0144.392] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.392] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875230000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0144.399] CoTaskMemFree (pv=0x698690) [0144.400] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.400] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875230000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0144.407] CoTaskMemFree (pv=0x698690) [0144.407] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpmodinfo=0x26928a0, cb=0x18 | out: lpmodinfo=0x26928a0*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0144.413] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.413] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0144.420] CoTaskMemFree (pv=0x698690) [0144.420] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.420] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0144.427] CoTaskMemFree (pv=0x698690) [0144.427] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff863f10000, lpmodinfo=0x2694a58, cb=0x18 | out: lpmodinfo=0x2694a58*(lpBaseOfDll=0x7ff863f10000, SizeOfImage=0x12000, EntryPoint=0x7ff863f11a80)) returned 1 [0144.435] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.435] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff863f10000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="BitsProxy.dll") returned 0xd [0144.443] CoTaskMemFree (pv=0x698690) [0144.443] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.443] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff863f10000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll")) returned 0x21 [0144.450] CoTaskMemFree (pv=0x698690) [0144.450] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878ff0000, lpmodinfo=0x2696c10, cb=0x18 | out: lpmodinfo=0x2696c10*(lpBaseOfDll=0x7ff878ff0000, SizeOfImage=0x36000, EntryPoint=0x7ff879000070)) returned 1 [0144.456] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.456] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878ff0000, lpBaseName=0x698690, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0144.464] CoTaskMemFree (pv=0x698690) [0144.464] CoTaskMemAlloc (cb=0x804) returned 0x698690 [0144.464] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878ff0000, lpFilename=0x698690, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0144.472] CoTaskMemFree (pv=0x698690) [0144.472] CloseHandle (hObject=0x260) returned 1 [0144.472] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0144.472] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x868) returned 0x260 [0144.472] EnumProcessModules (in: hProcess=0x260, lphModule=0x269ae40, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x269ae40, lpcbNeeded=0x14ef68) returned 1 [0144.475] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff7531e0000, lpmodinfo=0x269b0b0, cb=0x18 | out: lpmodinfo=0x269b0b0*(lpBaseOfDll=0x7ff7531e0000, SizeOfImage=0x80000, EntryPoint=0x7ff7531f5f50)) returned 1 [0144.475] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.475] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff7531e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wmiprvse.exe") returned 0xc [0144.476] CoTaskMemFree (pv=0x698010) [0144.476] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.476] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff7531e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiprvse.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")) returned 0x25 [0144.476] CoTaskMemFree (pv=0x698010) [0144.476] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x269d2a8, cb=0x18 | out: lpmodinfo=0x269d2a8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0144.477] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.477] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0144.477] CoTaskMemFree (pv=0x698010) [0144.477] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.477] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0144.478] CoTaskMemFree (pv=0x698010) [0144.478] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x269f450, cb=0x18 | out: lpmodinfo=0x269f450*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0144.478] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.478] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0144.479] CoTaskMemFree (pv=0x698010) [0144.479] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.479] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0144.480] CoTaskMemFree (pv=0x698010) [0144.480] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x26a1608, cb=0x18 | out: lpmodinfo=0x26a1608*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0144.480] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.480] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0144.481] CoTaskMemFree (pv=0x698010) [0144.481] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.481] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0144.482] CoTaskMemFree (pv=0x698010) [0144.482] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x26a37c0, cb=0x18 | out: lpmodinfo=0x26a37c0*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0144.483] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.483] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0144.483] CoTaskMemFree (pv=0x698010) [0144.484] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.484] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0144.484] CoTaskMemFree (pv=0x698010) [0144.484] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e990000, lpmodinfo=0x26a59c0, cb=0x18 | out: lpmodinfo=0x26a59c0*(lpBaseOfDll=0x7ff86e990000, SizeOfImage=0xf6000, EntryPoint=0x7ff86e9c9590)) returned 1 [0144.485] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.485] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e990000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="FastProx.dll") returned 0xc [0144.486] CoTaskMemFree (pv=0x698010) [0144.486] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.486] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e990000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\FastProx.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0144.487] CoTaskMemFree (pv=0x698010) [0144.487] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x26a7b80, cb=0x18 | out: lpmodinfo=0x26a7b80*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0144.488] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.488] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0144.488] CoTaskMemFree (pv=0x698010) [0144.488] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.488] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0144.489] CoTaskMemFree (pv=0x698010) [0144.489] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x26a9d28, cb=0x18 | out: lpmodinfo=0x26a9d28*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0144.490] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.490] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0144.491] CoTaskMemFree (pv=0x698010) [0144.491] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.491] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0144.499] CoTaskMemFree (pv=0x698010) [0144.499] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x26abed0, cb=0x18 | out: lpmodinfo=0x26abed0*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0144.500] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.500] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0144.501] CoTaskMemFree (pv=0x698010) [0144.502] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.502] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0144.503] CoTaskMemFree (pv=0x698010) [0144.503] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e590000, lpmodinfo=0x26ae140, cb=0x18 | out: lpmodinfo=0x26ae140*(lpBaseOfDll=0x7ff86e590000, SizeOfImage=0x16000, EntryPoint=0x7ff86e5955e0)) returned 1 [0144.504] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.504] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e590000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="NCObjAPI.DLL") returned 0xc [0144.505] CoTaskMemFree (pv=0x698010) [0144.505] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.505] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e590000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NCObjAPI.DLL" (normalized: "c:\\windows\\system32\\ncobjapi.dll")) returned 0x20 [0144.506] CoTaskMemFree (pv=0x698010) [0144.506] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870c70000, lpmodinfo=0x26b02f8, cb=0x18 | out: lpmodinfo=0x26b02f8*(lpBaseOfDll=0x7ff870c70000, SizeOfImage=0x7f000, EntryPoint=0x7ff870c87110)) returned 1 [0144.507] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.507] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870c70000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wbemcomn.dll") returned 0xc [0144.508] CoTaskMemFree (pv=0x698010) [0144.508] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.508] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870c70000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")) returned 0x20 [0144.511] CoTaskMemFree (pv=0x698010) [0144.511] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87eed0000, lpmodinfo=0x26b24b0, cb=0x18 | out: lpmodinfo=0x26b24b0*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0144.512] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.512] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0144.514] CoTaskMemFree (pv=0x698010) [0144.514] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.514] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0144.515] CoTaskMemFree (pv=0x698010) [0144.515] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x26b4658, cb=0x18 | out: lpmodinfo=0x26b4658*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0144.516] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.516] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0144.517] CoTaskMemFree (pv=0x698010) [0144.518] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.518] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0144.519] CoTaskMemFree (pv=0x698010) [0144.519] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x26b6800, cb=0x18 | out: lpmodinfo=0x26b6800*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0144.520] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.521] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0144.523] CoTaskMemFree (pv=0x698010) [0144.523] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.523] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0144.524] CoTaskMemFree (pv=0x698010) [0144.524] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x26b89a8, cb=0x18 | out: lpmodinfo=0x26b89a8*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0144.526] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.526] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0144.527] CoTaskMemFree (pv=0x698010) [0144.527] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.527] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0144.529] CoTaskMemFree (pv=0x698010) [0144.529] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x26bab60, cb=0x18 | out: lpmodinfo=0x26bab60*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0144.531] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.531] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0144.533] CoTaskMemFree (pv=0x698010) [0144.533] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.533] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0144.535] CoTaskMemFree (pv=0x698010) [0144.535] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x26bcd08, cb=0x18 | out: lpmodinfo=0x26bcd08*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0144.536] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.536] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0144.538] CoTaskMemFree (pv=0x698010) [0144.538] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.538] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0144.541] CoTaskMemFree (pv=0x698010) [0144.541] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x26befc8, cb=0x18 | out: lpmodinfo=0x26befc8*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0144.543] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.543] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0144.544] CoTaskMemFree (pv=0x698010) [0144.545] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.545] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0144.546] CoTaskMemFree (pv=0x698010) [0144.546] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x26c1190, cb=0x18 | out: lpmodinfo=0x26c1190*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0144.548] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.548] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0144.551] CoTaskMemFree (pv=0x698010) [0144.551] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.551] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0144.553] CoTaskMemFree (pv=0x698010) [0144.553] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86efa0000, lpmodinfo=0x26c3338, cb=0x18 | out: lpmodinfo=0x26c3338*(lpBaseOfDll=0x7ff86efa0000, SizeOfImage=0x11000, EntryPoint=0x7ff86efa2fc0)) returned 1 [0144.555] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.555] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86efa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0144.557] CoTaskMemFree (pv=0x698010) [0144.557] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.557] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86efa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0144.558] CoTaskMemFree (pv=0x698010) [0144.558] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x26c54f8, cb=0x18 | out: lpmodinfo=0x26c54f8*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0144.560] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.560] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0144.562] CoTaskMemFree (pv=0x698010) [0144.562] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.563] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0144.564] CoTaskMemFree (pv=0x698010) [0144.564] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e970000, lpmodinfo=0x26c76b0, cb=0x18 | out: lpmodinfo=0x26c76b0*(lpBaseOfDll=0x7ff86e970000, SizeOfImage=0x14000, EntryPoint=0x7ff86e971800)) returned 1 [0144.566] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.566] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e970000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0144.568] CoTaskMemFree (pv=0x698010) [0144.568] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.568] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e970000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0144.571] CoTaskMemFree (pv=0x698010) [0144.571] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e940000, lpmodinfo=0x26c9868, cb=0x18 | out: lpmodinfo=0x26c9868*(lpBaseOfDll=0x7ff86e940000, SizeOfImage=0x25000, EntryPoint=0x7ff86e949900)) returned 1 [0144.573] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.573] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e940000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wmiutils.dll") returned 0xc [0144.575] CoTaskMemFree (pv=0x698010) [0144.575] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.575] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e940000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")) returned 0x25 [0144.577] CoTaskMemFree (pv=0x698010) [0144.577] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff865cb0000, lpmodinfo=0x26cba28, cb=0x18 | out: lpmodinfo=0x26cba28*(lpBaseOfDll=0x7ff865cb0000, SizeOfImage=0x3d000, EntryPoint=0x7ff865cbb760)) returned 1 [0144.580] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.580] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff865cb0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wmiprov.dll") returned 0xb [0144.582] CoTaskMemFree (pv=0x698010) [0144.582] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.583] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff865cb0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiprov.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprov.dll")) returned 0x24 [0144.585] CoTaskMemFree (pv=0x698010) [0144.585] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bab0000, lpmodinfo=0x26cdbe0, cb=0x18 | out: lpmodinfo=0x26cdbe0*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0144.587] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.587] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0144.590] CoTaskMemFree (pv=0x698010) [0144.590] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.590] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0144.592] CoTaskMemFree (pv=0x698010) [0144.592] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875d20000, lpmodinfo=0x26cfd88, cb=0x18 | out: lpmodinfo=0x26cfd88*(lpBaseOfDll=0x7ff875d20000, SizeOfImage=0x11000, EntryPoint=0x7ff875d23320)) returned 1 [0144.595] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.595] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875d20000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WMICLNT.dll") returned 0xb [0144.597] CoTaskMemFree (pv=0x698010) [0144.597] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.597] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875d20000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WMICLNT.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")) returned 0x1f [0144.599] CoTaskMemFree (pv=0x698010) [0144.599] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff861780000, lpmodinfo=0x26d1f30, cb=0x18 | out: lpmodinfo=0x26d1f30*(lpBaseOfDll=0x7ff861780000, SizeOfImage=0x25000, EntryPoint=0x7ff861795dc0)) returned 1 [0144.602] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.602] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff861780000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WmiPerfClass.dll") returned 0x10 [0144.605] CoTaskMemFree (pv=0x698010) [0144.605] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.605] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff861780000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wbem\\WmiPerfClass.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiperfclass.dll")) returned 0x29 [0144.607] CoTaskMemFree (pv=0x698010) [0144.607] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff861730000, lpmodinfo=0x26d4100, cb=0x18 | out: lpmodinfo=0x26d4100*(lpBaseOfDll=0x7ff861730000, SizeOfImage=0x4d000, EntryPoint=0x7ff86173b470)) returned 1 [0144.610] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.610] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff861730000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="pdh.dll") returned 0x7 [0144.613] CoTaskMemFree (pv=0x698010) [0144.613] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.613] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff861730000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\pdh.dll" (normalized: "c:\\windows\\system32\\pdh.dll")) returned 0x1b [0144.615] CoTaskMemFree (pv=0x698010) [0144.615] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8788f0000, lpmodinfo=0x26d6298, cb=0x18 | out: lpmodinfo=0x26d6298*(lpBaseOfDll=0x7ff8788f0000, SizeOfImage=0x64000, EntryPoint=0x7ff878905ae0)) returned 1 [0144.618] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.618] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8788f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0144.621] CoTaskMemFree (pv=0x698010) [0144.621] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0144.621] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8788f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0144.624] CoTaskMemFree (pv=0x698010) [0144.624] CloseHandle (hObject=0x260) returned 1 [0144.624] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0144.624] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x618) returned 0x260 [0144.624] EnumProcessModules (in: hProcess=0x260, lphModule=0x26d9188, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26d9188, lpcbNeeded=0x14ef68) returned 1 [0144.628] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff6a3140000, lpmodinfo=0x26d93f8, cb=0x18 | out: lpmodinfo=0x26d93f8*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0144.628] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.628] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0144.628] CoTaskMemFree (pv=0x698b40) [0144.629] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.629] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0144.629] CoTaskMemFree (pv=0x698b40) [0144.629] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x26db5d8, cb=0x18 | out: lpmodinfo=0x26db5d8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0144.629] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.630] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0144.630] CoTaskMemFree (pv=0x698b40) [0144.630] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.630] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0144.631] CoTaskMemFree (pv=0x698b40) [0144.631] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x26dd780, cb=0x18 | out: lpmodinfo=0x26dd780*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0144.631] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.631] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0144.632] CoTaskMemFree (pv=0x698b40) [0144.632] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.632] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0144.632] CoTaskMemFree (pv=0x698b40) [0144.632] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x26df938, cb=0x18 | out: lpmodinfo=0x26df938*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0144.633] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.633] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0144.634] CoTaskMemFree (pv=0x698b40) [0144.634] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.634] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0144.634] CoTaskMemFree (pv=0x698b40) [0144.634] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x26e1af0, cb=0x18 | out: lpmodinfo=0x26e1af0*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0144.636] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.636] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0144.636] CoTaskMemFree (pv=0x698b40) [0144.636] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.636] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0144.637] CoTaskMemFree (pv=0x698b40) [0144.637] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x26e3cf0, cb=0x18 | out: lpmodinfo=0x26e3cf0*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0144.638] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.638] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0144.639] CoTaskMemFree (pv=0x698b40) [0144.639] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.639] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0144.641] CoTaskMemFree (pv=0x698b40) [0144.641] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b760000, lpmodinfo=0x26e5e98, cb=0x18 | out: lpmodinfo=0x26e5e98*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0144.642] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.642] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b760000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0144.642] CoTaskMemFree (pv=0x698b40) [0144.643] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.643] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b760000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0144.643] CoTaskMemFree (pv=0x698b40) [0144.643] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x26e8050, cb=0x18 | out: lpmodinfo=0x26e8050*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0144.645] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.645] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0144.646] CoTaskMemFree (pv=0x698b40) [0144.646] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.646] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0144.647] CoTaskMemFree (pv=0x698b40) [0144.647] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x26ea1f8, cb=0x18 | out: lpmodinfo=0x26ea1f8*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0144.648] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.648] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0144.649] CoTaskMemFree (pv=0x698b40) [0144.649] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.649] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0144.650] CoTaskMemFree (pv=0x698b40) [0144.650] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x26ec438, cb=0x18 | out: lpmodinfo=0x26ec438*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0144.651] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.651] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0144.652] CoTaskMemFree (pv=0x698b40) [0144.652] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.652] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0144.655] CoTaskMemFree (pv=0x698b40) [0144.655] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x26ee610, cb=0x18 | out: lpmodinfo=0x26ee610*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0144.656] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.656] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0144.657] CoTaskMemFree (pv=0x698b40) [0144.657] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.657] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0144.658] CoTaskMemFree (pv=0x698b40) [0144.658] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x26f07d8, cb=0x18 | out: lpmodinfo=0x26f07d8*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0144.660] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.660] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0144.661] CoTaskMemFree (pv=0x698b40) [0144.661] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.661] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0144.663] CoTaskMemFree (pv=0x698b40) [0144.663] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x26f2980, cb=0x18 | out: lpmodinfo=0x26f2980*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0144.664] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.664] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0144.665] CoTaskMemFree (pv=0x698b40) [0144.665] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.665] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0144.667] CoTaskMemFree (pv=0x698b40) [0144.667] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8736c0000, lpmodinfo=0x26f4b28, cb=0x18 | out: lpmodinfo=0x26f4b28*(lpBaseOfDll=0x7ff8736c0000, SizeOfImage=0x2a3000, EntryPoint=0x7ff8736e6190)) returned 1 [0144.668] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.668] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8736c0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="windows.staterepository.dll") returned 0x1b [0144.670] CoTaskMemFree (pv=0x698b40) [0144.670] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.670] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8736c0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\windows.staterepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")) returned 0x2f [0144.671] CoTaskMemFree (pv=0x698b40) [0144.671] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873620000, lpmodinfo=0x26f6d10, cb=0x18 | out: lpmodinfo=0x26f6d10*(lpBaseOfDll=0x7ff873620000, SizeOfImage=0x94000, EntryPoint=0x7ff873659210)) returned 1 [0144.673] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.673] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873620000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="StateRepository.Core.dll") returned 0x18 [0144.674] CoTaskMemFree (pv=0x698b40) [0144.674] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.674] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873620000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")) returned 0x2c [0144.676] CoTaskMemFree (pv=0x698b40) [0144.676] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x26f8ef8, cb=0x18 | out: lpmodinfo=0x26f8ef8*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0144.677] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.677] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0144.679] CoTaskMemFree (pv=0x698b40) [0144.679] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.679] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0144.681] CoTaskMemFree (pv=0x698b40) [0144.681] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870a00000, lpmodinfo=0x26fb0a0, cb=0x18 | out: lpmodinfo=0x26fb0a0*(lpBaseOfDll=0x7ff870a00000, SizeOfImage=0x7c000, EntryPoint=0x7ff870a2a970)) returned 1 [0144.682] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.682] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870a00000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="tileobjserver.dll") returned 0x11 [0144.684] CoTaskMemFree (pv=0x698b40) [0144.684] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.684] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870a00000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\tileobjserver.dll" (normalized: "c:\\windows\\system32\\tileobjserver.dll")) returned 0x25 [0144.686] CoTaskMemFree (pv=0x698b40) [0144.686] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c650000, lpmodinfo=0x26fd380, cb=0x18 | out: lpmodinfo=0x26fd380*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0144.687] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.687] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c650000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0144.690] CoTaskMemFree (pv=0x698b40) [0144.690] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.690] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c650000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0144.692] CoTaskMemFree (pv=0x698b40) [0144.692] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878e80000, lpmodinfo=0x26ff528, cb=0x18 | out: lpmodinfo=0x26ff528*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0144.693] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.693] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878e80000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0144.695] CoTaskMemFree (pv=0x698b40) [0144.695] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.695] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878e80000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0144.697] CoTaskMemFree (pv=0x698b40) [0144.697] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872f10000, lpmodinfo=0x27016f0, cb=0x18 | out: lpmodinfo=0x27016f0*(lpBaseOfDll=0x7ff872f10000, SizeOfImage=0x2f9000, EntryPoint=0x7ff872fd7280)) returned 1 [0144.704] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.704] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872f10000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="ESENT.dll") returned 0x9 [0144.706] CoTaskMemFree (pv=0x698b40) [0144.706] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.706] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872f10000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ESENT.dll" (normalized: "c:\\windows\\system32\\esent.dll")) returned 0x1d [0144.708] CoTaskMemFree (pv=0x698b40) [0144.708] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870840000, lpmodinfo=0x253b650, cb=0x18 | out: lpmodinfo=0x253b650*(lpBaseOfDll=0x7ff870840000, SizeOfImage=0x1b8000, EntryPoint=0x7ff8708ae630)) returned 1 [0144.710] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.710] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870840000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="urlmon.dll") returned 0xa [0144.712] CoTaskMemFree (pv=0x698b40) [0144.712] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.712] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870840000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")) returned 0x1e [0144.714] CoTaskMemFree (pv=0x698b40) [0144.714] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x253d7f8, cb=0x18 | out: lpmodinfo=0x253d7f8*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0144.716] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.716] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0144.718] CoTaskMemFree (pv=0x698b40) [0144.718] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.718] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0144.721] CoTaskMemFree (pv=0x698b40) [0144.721] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fb50000, lpmodinfo=0x253f9b0, cb=0x18 | out: lpmodinfo=0x253f9b0*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0144.723] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.723] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0144.726] CoTaskMemFree (pv=0x698b40) [0144.726] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.726] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0144.728] CoTaskMemFree (pv=0x698b40) [0144.728] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8764e0000, lpmodinfo=0x2541b58, cb=0x18 | out: lpmodinfo=0x2541b58*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0144.730] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.730] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0144.732] CoTaskMemFree (pv=0x698b40) [0144.732] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.732] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0144.735] CoTaskMemFree (pv=0x698b40) [0144.735] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c760000, lpmodinfo=0x2543d10, cb=0x18 | out: lpmodinfo=0x2543d10*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0144.737] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.737] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c760000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0144.739] CoTaskMemFree (pv=0x698b40) [0144.739] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.739] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c760000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0144.742] CoTaskMemFree (pv=0x698b40) [0144.742] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x2545ed8, cb=0x18 | out: lpmodinfo=0x2545ed8*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0144.745] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.745] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0144.747] CoTaskMemFree (pv=0x698b40) [0144.747] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.747] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0144.749] CoTaskMemFree (pv=0x698b40) [0144.750] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x2548090, cb=0x18 | out: lpmodinfo=0x2548090*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0144.752] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.752] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0144.754] CoTaskMemFree (pv=0x698b40) [0144.754] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.754] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0144.757] CoTaskMemFree (pv=0x698b40) [0144.757] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x254a248, cb=0x18 | out: lpmodinfo=0x254a248*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0144.759] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.759] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0144.762] CoTaskMemFree (pv=0x698b40) [0144.762] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.762] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0144.765] CoTaskMemFree (pv=0x698b40) [0144.765] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff876870000, lpmodinfo=0x254c3f0, cb=0x18 | out: lpmodinfo=0x254c3f0*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0144.767] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.767] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff876870000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="WinTypes.dll") returned 0xc [0144.770] CoTaskMemFree (pv=0x698b40) [0144.770] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.770] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff876870000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0144.773] CoTaskMemFree (pv=0x698b40) [0144.773] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bf40000, lpmodinfo=0x254e5a8, cb=0x18 | out: lpmodinfo=0x254e5a8*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0144.775] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.775] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0144.778] CoTaskMemFree (pv=0x698b40) [0144.778] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.778] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0144.781] CoTaskMemFree (pv=0x698b40) [0144.781] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpmodinfo=0x2550750, cb=0x18 | out: lpmodinfo=0x2550750*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0144.784] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.784] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0144.786] CoTaskMemFree (pv=0x698b40) [0144.786] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.787] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0144.789] CoTaskMemFree (pv=0x698b40) [0144.789] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x25528f8, cb=0x18 | out: lpmodinfo=0x25528f8*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0144.792] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.792] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0144.796] CoTaskMemFree (pv=0x698b40) [0144.796] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.796] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0144.799] CoTaskMemFree (pv=0x698b40) [0144.799] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c060000, lpmodinfo=0x2554aa0, cb=0x18 | out: lpmodinfo=0x2554aa0*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0144.802] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.802] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c060000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0144.805] CoTaskMemFree (pv=0x698b40) [0144.805] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.805] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c060000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0144.808] CoTaskMemFree (pv=0x698b40) [0144.808] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ad00000, lpmodinfo=0x2556e70, cb=0x18 | out: lpmodinfo=0x2556e70*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0144.811] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.811] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0144.814] CoTaskMemFree (pv=0x698b40) [0144.814] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.814] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0144.817] CoTaskMemFree (pv=0x698b40) [0144.817] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpmodinfo=0x2559028, cb=0x18 | out: lpmodinfo=0x2559028*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0144.820] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.820] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0144.823] CoTaskMemFree (pv=0x698b40) [0144.823] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.823] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0144.826] CoTaskMemFree (pv=0x698b40) [0144.826] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bd20000, lpmodinfo=0x255b1d0, cb=0x18 | out: lpmodinfo=0x255b1d0*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0144.829] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.829] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0144.833] CoTaskMemFree (pv=0x698b40) [0144.833] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.833] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0144.836] CoTaskMemFree (pv=0x698b40) [0144.836] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x255d378, cb=0x18 | out: lpmodinfo=0x255d378*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0144.839] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.839] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0144.843] CoTaskMemFree (pv=0x698b40) [0144.843] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.843] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0144.846] CoTaskMemFree (pv=0x698b40) [0144.846] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879c90000, lpmodinfo=0x255f520, cb=0x18 | out: lpmodinfo=0x255f520*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0144.849] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.850] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879c90000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0144.853] CoTaskMemFree (pv=0x698b40) [0144.853] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.853] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879c90000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0144.856] CoTaskMemFree (pv=0x698b40) [0144.856] CloseHandle (hObject=0x260) returned 1 [0144.857] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0144.857] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1018) returned 0x260 [0144.857] EnumProcessModules (in: hProcess=0x260, lphModule=0x2562738, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2562738, lpcbNeeded=0x14ef68) returned 1 [0144.857] GetModuleInformation (in: hProcess=0x260, hModule=0xda0000, lpmodinfo=0x25629a8, cb=0x18 | out: lpmodinfo=0x25629a8*(lpBaseOfDll=0xda0000, SizeOfImage=0x17000, EntryPoint=0xda14a1)) returned 1 [0144.858] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.858] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xda0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="fling.exe") returned 0x9 [0144.858] CoTaskMemFree (pv=0x698b40) [0144.858] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.858] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xda0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Multimedia Platform\\fling.exe" (normalized: "c:\\program files\\windows multimedia platform\\fling.exe")) returned 0x36 [0144.859] CoTaskMemFree (pv=0x698b40) [0144.859] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2564bb8, cb=0x18 | out: lpmodinfo=0x2564bb8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0144.859] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.859] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0144.860] CoTaskMemFree (pv=0x698b40) [0144.860] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.860] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0144.860] CoTaskMemFree (pv=0x698b40) [0144.860] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x2566d60, cb=0x18 | out: lpmodinfo=0x2566d60*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0144.861] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.861] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0144.861] CoTaskMemFree (pv=0x698b40) [0144.861] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.861] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0144.862] CoTaskMemFree (pv=0x698b40) [0144.862] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x2568f08, cb=0x18 | out: lpmodinfo=0x2568f08*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0144.863] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.863] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0144.863] CoTaskMemFree (pv=0x698b40) [0144.863] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.863] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0144.864] CoTaskMemFree (pv=0x698b40) [0144.864] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x256b0c0, cb=0x18 | out: lpmodinfo=0x256b0c0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0144.865] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.865] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0144.866] CoTaskMemFree (pv=0x698b40) [0144.866] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.866] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0144.867] CoTaskMemFree (pv=0x698b40) [0144.867] CloseHandle (hObject=0x260) returned 1 [0144.867] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0144.867] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10dc) returned 0x260 [0144.867] EnumProcessModules (in: hProcess=0x260, lphModule=0x256d7d8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x256d7d8, lpcbNeeded=0x14ef68) returned 1 [0144.868] GetModuleInformation (in: hProcess=0x260, hModule=0x930000, lpmodinfo=0x256da48, cb=0x18 | out: lpmodinfo=0x256da48*(lpBaseOfDll=0x930000, SizeOfImage=0x17000, EntryPoint=0x9314a1)) returned 1 [0144.868] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.868] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x930000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="whatsapp.exe") returned 0xc [0144.869] CoTaskMemFree (pv=0x698b40) [0144.869] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.869] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x930000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft.NET\\whatsapp.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\whatsapp.exe")) returned 0x31 [0144.870] CoTaskMemFree (pv=0x698b40) [0144.870] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x256fc58, cb=0x18 | out: lpmodinfo=0x256fc58*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0144.870] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.870] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0144.870] CoTaskMemFree (pv=0x698b40) [0144.870] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.870] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0144.871] CoTaskMemFree (pv=0x698b40) [0144.871] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x2571e00, cb=0x18 | out: lpmodinfo=0x2571e00*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0144.872] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.872] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0144.872] CoTaskMemFree (pv=0x698b40) [0144.872] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.872] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0144.873] CoTaskMemFree (pv=0x698b40) [0144.873] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x2573fa8, cb=0x18 | out: lpmodinfo=0x2573fa8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0144.873] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.873] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0144.874] CoTaskMemFree (pv=0x698b40) [0144.874] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.874] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0144.875] CoTaskMemFree (pv=0x698b40) [0144.875] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x2576160, cb=0x18 | out: lpmodinfo=0x2576160*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0144.875] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.875] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0144.876] CoTaskMemFree (pv=0x698b40) [0144.876] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.876] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0144.877] CoTaskMemFree (pv=0x698b40) [0144.877] CloseHandle (hObject=0x260) returned 1 [0144.877] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0144.877] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11a0) returned 0x260 [0144.877] EnumProcessModules (in: hProcess=0x260, lphModule=0x2578878, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2578878, lpcbNeeded=0x14ef68) returned 1 [0144.878] GetModuleInformation (in: hProcess=0x260, hModule=0x12d0000, lpmodinfo=0x2578ae8, cb=0x18 | out: lpmodinfo=0x2578ae8*(lpBaseOfDll=0x12d0000, SizeOfImage=0x17000, EntryPoint=0x12d14a1)) returned 1 [0144.878] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.878] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x12d0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="spgagentservice.exe") returned 0x13 [0144.879] CoTaskMemFree (pv=0x698b40) [0144.879] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.879] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x12d0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\spgagentservice.exe" (normalized: "c:\\program files (x86)\\windows media player\\spgagentservice.exe")) returned 0x3f [0144.879] CoTaskMemFree (pv=0x698b40) [0144.879] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x257ad18, cb=0x18 | out: lpmodinfo=0x257ad18*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0144.880] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.880] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0144.880] CoTaskMemFree (pv=0x698b40) [0144.880] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.880] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0144.881] CoTaskMemFree (pv=0x698b40) [0144.881] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x257cec0, cb=0x18 | out: lpmodinfo=0x257cec0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0144.881] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.881] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0144.882] CoTaskMemFree (pv=0x698b40) [0144.882] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.882] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0144.883] CoTaskMemFree (pv=0x698b40) [0144.883] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x257f068, cb=0x18 | out: lpmodinfo=0x257f068*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0144.883] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.883] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0144.884] CoTaskMemFree (pv=0x698b40) [0144.884] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.884] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0144.885] CoTaskMemFree (pv=0x698b40) [0144.885] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x2581220, cb=0x18 | out: lpmodinfo=0x2581220*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0144.885] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.885] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0144.886] CoTaskMemFree (pv=0x698b40) [0144.886] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.886] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0144.887] CoTaskMemFree (pv=0x698b40) [0144.887] CloseHandle (hObject=0x260) returned 1 [0144.887] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0144.887] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x174) returned 0x0 [0144.887] EnumProcesses (in: lpidProcess=0x2583938, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x2583938, lpcbNeeded=0x14ee58) returned 1 [0144.893] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x14eab0, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0144.895] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc38) returned 0x260 [0144.895] EnumProcessModules (in: hProcess=0x260, lphModule=0x2584640, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2584640, lpcbNeeded=0x14ef68) returned 1 [0144.902] EnumProcessModules (in: hProcess=0x260, lphModule=0x2584858, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x2584858, lpcbNeeded=0x14ef68) returned 1 [0144.908] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff6a3140000, lpmodinfo=0x2584cc8, cb=0x18 | out: lpmodinfo=0x2584cc8*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0144.909] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.909] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0144.909] CoTaskMemFree (pv=0x698b40) [0144.909] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.909] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0144.910] CoTaskMemFree (pv=0x698b40) [0144.910] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2586ea8, cb=0x18 | out: lpmodinfo=0x2586ea8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0144.910] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.910] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0144.911] CoTaskMemFree (pv=0x698b40) [0144.911] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.911] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0144.911] CoTaskMemFree (pv=0x698b40) [0144.911] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x2589050, cb=0x18 | out: lpmodinfo=0x2589050*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0144.912] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.912] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0144.912] CoTaskMemFree (pv=0x698b40) [0144.912] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.912] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0144.913] CoTaskMemFree (pv=0x698b40) [0144.913] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x258b208, cb=0x18 | out: lpmodinfo=0x258b208*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0144.914] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.914] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0144.914] CoTaskMemFree (pv=0x698b40) [0144.914] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.914] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0144.915] CoTaskMemFree (pv=0x698b40) [0144.915] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x258d3c0, cb=0x18 | out: lpmodinfo=0x258d3c0*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0144.916] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.916] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0144.916] CoTaskMemFree (pv=0x698b40) [0144.916] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.916] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0144.917] CoTaskMemFree (pv=0x698b40) [0144.917] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x258f5c0, cb=0x18 | out: lpmodinfo=0x258f5c0*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0144.918] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.918] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0144.919] CoTaskMemFree (pv=0x698b40) [0144.919] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.919] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0144.919] CoTaskMemFree (pv=0x698b40) [0144.919] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b760000, lpmodinfo=0x2591768, cb=0x18 | out: lpmodinfo=0x2591768*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0144.920] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.920] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b760000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0144.921] CoTaskMemFree (pv=0x698b40) [0144.921] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.921] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b760000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0144.922] CoTaskMemFree (pv=0x698b40) [0144.922] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x2593920, cb=0x18 | out: lpmodinfo=0x2593920*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0144.923] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.923] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0144.924] CoTaskMemFree (pv=0x698b40) [0144.924] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.924] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0144.925] CoTaskMemFree (pv=0x698b40) [0144.925] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x2595ac8, cb=0x18 | out: lpmodinfo=0x2595ac8*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0144.926] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.926] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0144.927] CoTaskMemFree (pv=0x698b40) [0144.927] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.927] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0144.928] CoTaskMemFree (pv=0x698b40) [0144.928] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x2597d08, cb=0x18 | out: lpmodinfo=0x2597d08*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0144.929] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.929] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0144.931] CoTaskMemFree (pv=0x698b40) [0144.931] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.931] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0144.932] CoTaskMemFree (pv=0x698b40) [0144.932] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x2599ee0, cb=0x18 | out: lpmodinfo=0x2599ee0*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0144.933] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.933] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0144.934] CoTaskMemFree (pv=0x698b40) [0144.934] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.934] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0144.936] CoTaskMemFree (pv=0x698b40) [0144.936] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x259c0a8, cb=0x18 | out: lpmodinfo=0x259c0a8*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0144.937] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.937] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0144.939] CoTaskMemFree (pv=0x698b40) [0144.939] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.939] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0144.941] CoTaskMemFree (pv=0x698b40) [0144.941] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x259e250, cb=0x18 | out: lpmodinfo=0x259e250*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0144.942] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.942] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0144.944] CoTaskMemFree (pv=0x698b40) [0144.944] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.944] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0144.945] CoTaskMemFree (pv=0x698b40) [0144.945] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpmodinfo=0x25a03f8, cb=0x18 | out: lpmodinfo=0x25a03f8*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0144.946] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.946] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0144.948] CoTaskMemFree (pv=0x698b40) [0144.948] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.948] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0144.949] CoTaskMemFree (pv=0x698b40) [0144.949] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8668a0000, lpmodinfo=0x25a25a0, cb=0x18 | out: lpmodinfo=0x25a25a0*(lpBaseOfDll=0x7ff8668a0000, SizeOfImage=0x12f000, EntryPoint=0x7ff8668e1f50)) returned 1 [0144.951] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.951] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8668a0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="unistore.dll") returned 0xc [0144.952] CoTaskMemFree (pv=0x698b40) [0144.952] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.952] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8668a0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\unistore.dll" (normalized: "c:\\windows\\system32\\unistore.dll")) returned 0x20 [0144.954] CoTaskMemFree (pv=0x698b40) [0144.954] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872f10000, lpmodinfo=0x25a4758, cb=0x18 | out: lpmodinfo=0x25a4758*(lpBaseOfDll=0x7ff872f10000, SizeOfImage=0x2f9000, EntryPoint=0x7ff872fd7280)) returned 1 [0144.955] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.955] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872f10000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="ESENT.dll") returned 0x9 [0144.957] CoTaskMemFree (pv=0x698b40) [0144.957] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.957] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872f10000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ESENT.dll" (normalized: "c:\\windows\\system32\\esent.dll")) returned 0x1d [0144.958] CoTaskMemFree (pv=0x698b40) [0144.958] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875770000, lpmodinfo=0x25a6900, cb=0x18 | out: lpmodinfo=0x25a6900*(lpBaseOfDll=0x7ff875770000, SizeOfImage=0x16000, EntryPoint=0x7ff875779f30)) returned 1 [0144.960] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.960] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875770000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="UserDataPlatformHelperUtil.dll") returned 0x1e [0144.962] CoTaskMemFree (pv=0x698b40) [0144.962] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.962] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875770000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\UserDataPlatformHelperUtil.dll" (normalized: "c:\\windows\\system32\\userdataplatformhelperutil.dll")) returned 0x32 [0144.963] CoTaskMemFree (pv=0x698b40) [0144.963] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x25a8c10, cb=0x18 | out: lpmodinfo=0x25a8c10*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0144.965] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.965] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="sspicli.dll") returned 0xb [0144.967] CoTaskMemFree (pv=0x698b40) [0144.967] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.967] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0144.969] CoTaskMemFree (pv=0x698b40) [0144.969] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87be30000, lpmodinfo=0x25aadb8, cb=0x18 | out: lpmodinfo=0x25aadb8*(lpBaseOfDll=0x7ff87be30000, SizeOfImage=0x5d000, EntryPoint=0x7ff87be45100)) returned 1 [0144.971] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.971] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87be30000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="msv1_0.DLL") returned 0xa [0144.973] CoTaskMemFree (pv=0x698b40) [0144.973] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.973] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87be30000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msv1_0.DLL" (normalized: "c:\\windows\\system32\\msv1_0.dll")) returned 0x1e [0144.974] CoTaskMemFree (pv=0x698b40) [0144.974] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x25acf60, cb=0x18 | out: lpmodinfo=0x25acf60*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0144.976] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.976] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0144.978] CoTaskMemFree (pv=0x698b40) [0144.978] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.978] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0144.980] CoTaskMemFree (pv=0x698b40) [0144.980] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87be20000, lpmodinfo=0x25af108, cb=0x18 | out: lpmodinfo=0x25af108*(lpBaseOfDll=0x7ff87be20000, SizeOfImage=0xc000, EntryPoint=0x7ff87be245f0)) returned 1 [0144.982] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.982] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87be20000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="NtlmShared.dll") returned 0xe [0144.984] CoTaskMemFree (pv=0x698b40) [0144.984] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.984] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87be20000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NtlmShared.dll" (normalized: "c:\\windows\\system32\\ntlmshared.dll")) returned 0x22 [0144.986] CoTaskMemFree (pv=0x698b40) [0144.986] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bef0000, lpmodinfo=0x25b12c0, cb=0x18 | out: lpmodinfo=0x25b12c0*(lpBaseOfDll=0x7ff87bef0000, SizeOfImage=0x15000, EntryPoint=0x7ff87bef3f50)) returned 1 [0144.988] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.988] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bef0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="cryptdll.dll") returned 0xc [0144.990] CoTaskMemFree (pv=0x698b40) [0144.990] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.990] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bef0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll")) returned 0x20 [0144.992] CoTaskMemFree (pv=0x698b40) [0144.992] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff866720000, lpmodinfo=0x25b3478, cb=0x18 | out: lpmodinfo=0x25b3478*(lpBaseOfDll=0x7ff866720000, SizeOfImage=0x172000, EntryPoint=0x7ff866765b80)) returned 1 [0144.994] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.994] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff866720000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="userdataservice.dll") returned 0x13 [0144.996] CoTaskMemFree (pv=0x698b40) [0144.996] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0144.996] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff866720000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\userdataservice.dll" (normalized: "c:\\windows\\system32\\userdataservice.dll")) returned 0x27 [0144.999] CoTaskMemFree (pv=0x698b40) [0144.999] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f460000, lpmodinfo=0x25b5640, cb=0x18 | out: lpmodinfo=0x25b5640*(lpBaseOfDll=0x7ff86f460000, SizeOfImage=0xb000, EntryPoint=0x7ff86f461e70)) returned 1 [0145.001] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.001] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f460000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="SystemEventsBrokerClient.dll") returned 0x1c [0145.003] CoTaskMemFree (pv=0x698b40) [0145.003] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.003] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f460000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\systemeventsbrokerclient.dll")) returned 0x30 [0145.006] CoTaskMemFree (pv=0x698b40) [0145.006] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8665b0000, lpmodinfo=0x25b7838, cb=0x18 | out: lpmodinfo=0x25b7838*(lpBaseOfDll=0x7ff8665b0000, SizeOfImage=0x16c000, EntryPoint=0x7ff8665ddd00)) returned 1 [0145.008] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.008] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8665b0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="PIMSTORE.dll") returned 0xc [0145.011] CoTaskMemFree (pv=0x698b40) [0145.011] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.011] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8665b0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\PIMSTORE.dll" (normalized: "c:\\windows\\system32\\pimstore.dll")) returned 0x20 [0145.014] CoTaskMemFree (pv=0x698b40) [0145.014] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875720000, lpmodinfo=0x25b99f0, cb=0x18 | out: lpmodinfo=0x25b99f0*(lpBaseOfDll=0x7ff875720000, SizeOfImage=0x4c000, EntryPoint=0x7ff8757540d0)) returned 1 [0145.016] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.016] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875720000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="PhoneUtil.dll") returned 0xd [0145.018] CoTaskMemFree (pv=0x698b40) [0145.018] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.019] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875720000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\PhoneUtil.dll" (normalized: "c:\\windows\\system32\\phoneutil.dll")) returned 0x21 [0145.021] CoTaskMemFree (pv=0x698b40) [0145.021] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x25bbba8, cb=0x18 | out: lpmodinfo=0x25bbba8*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0145.023] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.023] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0145.026] CoTaskMemFree (pv=0x698b40) [0145.026] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.026] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0145.028] CoTaskMemFree (pv=0x698b40) [0145.028] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff866510000, lpmodinfo=0x25bdd60, cb=0x18 | out: lpmodinfo=0x25bdd60*(lpBaseOfDll=0x7ff866510000, SizeOfImage=0x9e000, EntryPoint=0x7ff866586bf0)) returned 1 [0145.031] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.031] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff866510000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="MessagingDataModel2.DLL") returned 0x17 [0145.034] CoTaskMemFree (pv=0x698b40) [0145.034] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.034] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff866510000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\MessagingDataModel2.DLL" (normalized: "c:\\windows\\system32\\messagingdatamodel2.dll")) returned 0x2b [0145.036] CoTaskMemFree (pv=0x698b40) [0145.036] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c650000, lpmodinfo=0x25bff38, cb=0x18 | out: lpmodinfo=0x25bff38*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0145.039] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.039] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c650000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="SHCORE.dll") returned 0xa [0145.042] CoTaskMemFree (pv=0x698b40) [0145.042] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.042] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c650000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHCORE.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0145.045] CoTaskMemFree (pv=0x698b40) [0145.045] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ae30000, lpmodinfo=0x25c20e0, cb=0x18 | out: lpmodinfo=0x25c20e0*(lpBaseOfDll=0x7ff87ae30000, SizeOfImage=0xc000, EntryPoint=0x7ff87ae31470)) returned 1 [0145.047] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.047] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ae30000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="dsclient.dll") returned 0xc [0145.050] CoTaskMemFree (pv=0x698b40) [0145.050] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.050] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ae30000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dsclient.dll" (normalized: "c:\\windows\\system32\\dsclient.dll")) returned 0x20 [0145.053] CoTaskMemFree (pv=0x698b40) [0145.053] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875700000, lpmodinfo=0x25c4298, cb=0x18 | out: lpmodinfo=0x25c4298*(lpBaseOfDll=0x7ff875700000, SizeOfImage=0x14000, EntryPoint=0x7ff875708b30)) returned 1 [0145.056] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.056] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875700000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="PimIndexMaintenanceClient.DLL") returned 0x1d [0145.058] CoTaskMemFree (pv=0x698b40) [0145.058] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.058] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875700000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\PimIndexMaintenanceClient.DLL" (normalized: "c:\\windows\\system32\\pimindexmaintenanceclient.dll")) returned 0x31 [0145.061] CoTaskMemFree (pv=0x698b40) [0145.061] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878ff0000, lpmodinfo=0x25c6490, cb=0x18 | out: lpmodinfo=0x25c6490*(lpBaseOfDll=0x7ff878ff0000, SizeOfImage=0x36000, EntryPoint=0x7ff879000070)) returned 1 [0145.064] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.064] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878ff0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0145.067] CoTaskMemFree (pv=0x698b40) [0145.067] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.067] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878ff0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0145.070] CoTaskMemFree (pv=0x698b40) [0145.070] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bf40000, lpmodinfo=0x25c8638, cb=0x18 | out: lpmodinfo=0x25c8638*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0145.073] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.073] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="cryptsp.dll") returned 0xb [0145.076] CoTaskMemFree (pv=0x698b40) [0145.076] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.076] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0145.080] CoTaskMemFree (pv=0x698b40) [0145.080] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875410000, lpmodinfo=0x25ca9f8, cb=0x18 | out: lpmodinfo=0x25ca9f8*(lpBaseOfDll=0x7ff875410000, SizeOfImage=0x40000, EntryPoint=0x7ff87543b3d0)) returned 1 [0145.083] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.083] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875410000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="CEMAPI.dll") returned 0xa [0145.086] CoTaskMemFree (pv=0x698b40) [0145.086] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.086] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875410000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\CEMAPI.dll" (normalized: "c:\\windows\\system32\\cemapi.dll")) returned 0x1e [0145.089] CoTaskMemFree (pv=0x698b40) [0145.089] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875590000, lpmodinfo=0x25ccba0, cb=0x18 | out: lpmodinfo=0x25ccba0*(lpBaseOfDll=0x7ff875590000, SizeOfImage=0x11000, EntryPoint=0x7ff8755973f0)) returned 1 [0145.092] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.092] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875590000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="UserDataTypeHelperUtil.dll") returned 0x1a [0145.095] CoTaskMemFree (pv=0x698b40) [0145.095] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.095] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875590000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\UserDataTypeHelperUtil.dll" (normalized: "c:\\windows\\system32\\userdatatypehelperutil.dll")) returned 0x2e [0145.098] CoTaskMemFree (pv=0x698b40) [0145.098] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x25ced88, cb=0x18 | out: lpmodinfo=0x25ced88*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0145.101] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.101] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0145.104] CoTaskMemFree (pv=0x698b40) [0145.104] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.104] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0145.107] CoTaskMemFree (pv=0x698b40) [0145.107] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c760000, lpmodinfo=0x25d0f30, cb=0x18 | out: lpmodinfo=0x25d0f30*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0145.111] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.111] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c760000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0145.114] CoTaskMemFree (pv=0x698b40) [0145.114] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.114] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c760000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0145.117] CoTaskMemFree (pv=0x698b40) [0145.117] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x25d30f8, cb=0x18 | out: lpmodinfo=0x25d30f8*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0145.121] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.121] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0145.124] CoTaskMemFree (pv=0x698b40) [0145.124] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.124] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0145.127] CoTaskMemFree (pv=0x698b40) [0145.127] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x25d52b0, cb=0x18 | out: lpmodinfo=0x25d52b0*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0145.131] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.131] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0145.134] CoTaskMemFree (pv=0x698b40) [0145.134] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.134] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0145.137] CoTaskMemFree (pv=0x698b40) [0145.137] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fb50000, lpmodinfo=0x25d7468, cb=0x18 | out: lpmodinfo=0x25d7468*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0145.142] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.142] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0145.145] CoTaskMemFree (pv=0x698b40) [0145.145] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.145] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0145.150] CoTaskMemFree (pv=0x698b40) [0145.150] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x25d9610, cb=0x18 | out: lpmodinfo=0x25d9610*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0145.153] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.153] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0145.157] CoTaskMemFree (pv=0x698b40) [0145.157] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.157] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0145.160] CoTaskMemFree (pv=0x698b40) [0145.160] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x25db7c8, cb=0x18 | out: lpmodinfo=0x25db7c8*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0145.164] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.164] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0145.167] CoTaskMemFree (pv=0x698b40) [0145.167] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.167] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0145.171] CoTaskMemFree (pv=0x698b40) [0145.171] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c060000, lpmodinfo=0x25dd970, cb=0x18 | out: lpmodinfo=0x25dd970*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0145.175] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.175] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c060000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="CRYPTBASE.DLL") returned 0xd [0145.178] CoTaskMemFree (pv=0x698b40) [0145.178] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.178] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c060000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTBASE.DLL" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0145.183] CoTaskMemFree (pv=0x698b40) [0145.183] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8736c0000, lpmodinfo=0x25dfb28, cb=0x18 | out: lpmodinfo=0x25dfb28*(lpBaseOfDll=0x7ff8736c0000, SizeOfImage=0x2a3000, EntryPoint=0x7ff8736e6190)) returned 1 [0145.186] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.186] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8736c0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="Windows.StateRepository.dll") returned 0x1b [0145.190] CoTaskMemFree (pv=0x698b40) [0145.190] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.190] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8736c0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")) returned 0x2f [0145.194] CoTaskMemFree (pv=0x698b40) [0145.194] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873620000, lpmodinfo=0x25e1d10, cb=0x18 | out: lpmodinfo=0x25e1d10*(lpBaseOfDll=0x7ff873620000, SizeOfImage=0x94000, EntryPoint=0x7ff873659210)) returned 1 [0145.197] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.198] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873620000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="StateRepository.Core.dll") returned 0x18 [0145.201] CoTaskMemFree (pv=0x698b40) [0145.201] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.201] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873620000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")) returned 0x2c [0145.205] CoTaskMemFree (pv=0x698b40) [0145.205] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878df0000, lpmodinfo=0x25e3ef8, cb=0x18 | out: lpmodinfo=0x25e3ef8*(lpBaseOfDll=0x7ff878df0000, SizeOfImage=0x4a000, EntryPoint=0x7ff878dfac30)) returned 1 [0145.209] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.209] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878df0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="deviceaccess.dll") returned 0x10 [0145.213] CoTaskMemFree (pv=0x698b40) [0145.213] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.213] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878df0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")) returned 0x24 [0145.227] CoTaskMemFree (pv=0x698b40) [0145.227] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff865eb0000, lpmodinfo=0x25e60c0, cb=0x18 | out: lpmodinfo=0x25e60c0*(lpBaseOfDll=0x7ff865eb0000, SizeOfImage=0x42000, EntryPoint=0x7ff865edd4f0)) returned 1 [0145.231] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.231] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff865eb0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="pimindexmaintenance.dll") returned 0x17 [0145.235] CoTaskMemFree (pv=0x698b40) [0145.235] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.235] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff865eb0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\pimindexmaintenance.dll" (normalized: "c:\\windows\\system32\\pimindexmaintenance.dll")) returned 0x2b [0145.239] CoTaskMemFree (pv=0x698b40) [0145.239] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86ab10000, lpmodinfo=0x25e8298, cb=0x18 | out: lpmodinfo=0x25e8298*(lpBaseOfDll=0x7ff86ab10000, SizeOfImage=0x21000, EntryPoint=0x7ff86ab162d0)) returned 1 [0145.244] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.244] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86ab10000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="UserDataTimeUtil.dll") returned 0x14 [0145.248] CoTaskMemFree (pv=0x698b40) [0145.248] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.248] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86ab10000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\UserDataTimeUtil.dll" (normalized: "c:\\windows\\system32\\userdatatimeutil.dll")) returned 0x28 [0145.253] CoTaskMemFree (pv=0x698b40) [0145.253] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86bdb0000, lpmodinfo=0x25ea470, cb=0x18 | out: lpmodinfo=0x25ea470*(lpBaseOfDll=0x7ff86bdb0000, SizeOfImage=0x16000, EntryPoint=0x7ff86bdbc500)) returned 1 [0145.257] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.257] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86bdb0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="POSyncServices.dll") returned 0x12 [0145.261] CoTaskMemFree (pv=0x698b40) [0145.261] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.261] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86bdb0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\POSyncServices.dll" (normalized: "c:\\windows\\system32\\posyncservices.dll")) returned 0x26 [0145.265] CoTaskMemFree (pv=0x698b40) [0145.265] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff865dc0000, lpmodinfo=0x25ec638, cb=0x18 | out: lpmodinfo=0x25ec638*(lpBaseOfDll=0x7ff865dc0000, SizeOfImage=0xe1000, EntryPoint=0x7ff865dc22c0)) returned 1 [0145.269] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.269] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff865dc0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="MbaeApiPublic.dll") returned 0x11 [0145.273] CoTaskMemFree (pv=0x698b40) [0145.274] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.274] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff865dc0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MbaeApiPublic.dll" (normalized: "c:\\windows\\system32\\mbaeapipublic.dll")) returned 0x25 [0145.278] CoTaskMemFree (pv=0x698b40) [0145.278] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff877e30000, lpmodinfo=0x25ee800, cb=0x18 | out: lpmodinfo=0x25ee800*(lpBaseOfDll=0x7ff877e30000, SizeOfImage=0x74000, EntryPoint=0x7ff877e38f30)) returned 1 [0145.282] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.282] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff877e30000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="Windows.Devices.Enumeration.dll") returned 0x1f [0145.286] CoTaskMemFree (pv=0x698b40) [0145.287] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.287] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff877e30000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Devices.Enumeration.dll" (normalized: "c:\\windows\\system32\\windows.devices.enumeration.dll")) returned 0x33 [0145.291] CoTaskMemFree (pv=0x698b40) [0145.291] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878e40000, lpmodinfo=0x25f09f8, cb=0x18 | out: lpmodinfo=0x25f09f8*(lpBaseOfDll=0x7ff878e40000, SizeOfImage=0x33000, EntryPoint=0x7ff878e4d5a0)) returned 1 [0145.295] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.295] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878e40000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="BiWinrt.dll") returned 0xb [0145.300] CoTaskMemFree (pv=0x698b40) [0145.300] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.300] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878e40000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\BiWinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll")) returned 0x1f [0145.305] CoTaskMemFree (pv=0x698b40) [0145.305] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879c30000, lpmodinfo=0x25f2ba0, cb=0x18 | out: lpmodinfo=0x25f2ba0*(lpBaseOfDll=0x7ff879c30000, SizeOfImage=0x11000, EntryPoint=0x7ff879c35040)) returned 1 [0145.309] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.309] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879c30000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="deviceassociation.dll") returned 0x15 [0145.314] CoTaskMemFree (pv=0x698b40) [0145.314] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.314] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879c30000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\deviceassociation.dll" (normalized: "c:\\windows\\system32\\deviceassociation.dll")) returned 0x29 [0145.319] CoTaskMemFree (pv=0x698b40) [0145.319] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ab10000, lpmodinfo=0x25f4d78, cb=0x18 | out: lpmodinfo=0x25f4d78*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0145.323] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.323] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ab10000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0145.328] CoTaskMemFree (pv=0x698b40) [0145.328] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.328] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ab10000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0145.333] CoTaskMemFree (pv=0x698b40) [0145.333] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875600000, lpmodinfo=0x25f6f20, cb=0x18 | out: lpmodinfo=0x25f6f20*(lpBaseOfDll=0x7ff875600000, SizeOfImage=0xaa000, EntryPoint=0x7ff875637c30)) returned 1 [0145.338] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.338] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875600000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="StructuredQuery.dll") returned 0x13 [0145.343] CoTaskMemFree (pv=0x698b40) [0145.343] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.343] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875600000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StructuredQuery.dll" (normalized: "c:\\windows\\system32\\structuredquery.dll")) returned 0x27 [0145.348] CoTaskMemFree (pv=0x698b40) [0145.348] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875790000, lpmodinfo=0x25f90e8, cb=0x18 | out: lpmodinfo=0x25f90e8*(lpBaseOfDll=0x7ff875790000, SizeOfImage=0x48000, EntryPoint=0x7ff87579c0e0)) returned 1 [0145.353] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.353] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875790000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="MSWB7.dll") returned 0x9 [0145.357] CoTaskMemFree (pv=0x698b40) [0145.357] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.357] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875790000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MSWB7.dll" (normalized: "c:\\windows\\system32\\mswb7.dll")) returned 0x1d [0145.362] CoTaskMemFree (pv=0x698b40) [0145.362] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87adf0000, lpmodinfo=0x25fb290, cb=0x18 | out: lpmodinfo=0x25fb290*(lpBaseOfDll=0x7ff87adf0000, SizeOfImage=0x1f000, EntryPoint=0x7ff87ae054a0)) returned 1 [0145.367] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.368] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87adf0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="DevDispItemProvider.dll") returned 0x17 [0145.372] CoTaskMemFree (pv=0x698b40) [0145.372] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.372] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87adf0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DevDispItemProvider.dll" (normalized: "c:\\windows\\system32\\devdispitemprovider.dll")) returned 0x2b [0145.377] CoTaskMemFree (pv=0x698b40) [0145.377] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c500000, lpmodinfo=0x25fd468, cb=0x18 | out: lpmodinfo=0x25fd468*(lpBaseOfDll=0x7ff86c500000, SizeOfImage=0x97000, EntryPoint=0x7ff86c50ddc0)) returned 1 [0145.382] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.382] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c500000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="wlidprov.dll") returned 0xc [0145.387] CoTaskMemFree (pv=0x698b40) [0145.387] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.387] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c500000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wlidprov.dll" (normalized: "c:\\windows\\system32\\wlidprov.dll")) returned 0x20 [0145.392] CoTaskMemFree (pv=0x698b40) [0145.392] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff865cf0000, lpmodinfo=0x25ff620, cb=0x18 | out: lpmodinfo=0x25ff620*(lpBaseOfDll=0x7ff865cf0000, SizeOfImage=0xcc000, EntryPoint=0x7ff865d19fd0)) returned 1 [0145.397] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.397] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff865cf0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="WinSync.dll") returned 0xb [0145.401] CoTaskMemFree (pv=0x698b40) [0145.402] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.402] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff865cf0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WinSync.dll" (normalized: "c:\\windows\\system32\\winsync.dll")) returned 0x1f [0145.407] CoTaskMemFree (pv=0x698b40) [0145.407] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff867d20000, lpmodinfo=0x26017c8, cb=0x18 | out: lpmodinfo=0x26017c8*(lpBaseOfDll=0x7ff867d20000, SizeOfImage=0x5a000, EntryPoint=0x7ff867d30330)) returned 1 [0145.412] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.412] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff867d20000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="aphostservice.dll") returned 0x11 [0145.417] CoTaskMemFree (pv=0x698b40) [0145.417] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.417] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff867d20000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\aphostservice.dll" (normalized: "c:\\windows\\system32\\aphostservice.dll")) returned 0x25 [0145.422] CoTaskMemFree (pv=0x698b40) [0145.422] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86ae00000, lpmodinfo=0x2603990, cb=0x18 | out: lpmodinfo=0x2603990*(lpBaseOfDll=0x7ff86ae00000, SizeOfImage=0x1f000, EntryPoint=0x7ff86ae11020)) returned 1 [0145.427] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.427] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86ae00000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="NetworkHelper.dll") returned 0x11 [0145.432] CoTaskMemFree (pv=0x698b40) [0145.432] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.432] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86ae00000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\NetworkHelper.dll" (normalized: "c:\\windows\\system32\\networkhelper.dll")) returned 0x25 [0145.438] CoTaskMemFree (pv=0x698b40) [0145.438] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875900000, lpmodinfo=0x2605b58, cb=0x18 | out: lpmodinfo=0x2605b58*(lpBaseOfDll=0x7ff875900000, SizeOfImage=0xb000, EntryPoint=0x7ff875901ea0)) returned 1 [0145.444] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.444] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875900000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="MCCSPal.dll") returned 0xb [0145.449] CoTaskMemFree (pv=0x698b40) [0145.449] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.449] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875900000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\MCCSPal.dll" (normalized: "c:\\windows\\system32\\mccspal.dll")) returned 0x1f [0145.455] CoTaskMemFree (pv=0x698b40) [0145.455] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8672b0000, lpmodinfo=0x2607d00, cb=0x18 | out: lpmodinfo=0x2607d00*(lpBaseOfDll=0x7ff8672b0000, SizeOfImage=0x63000, EntryPoint=0x7ff8672f3150)) returned 1 [0145.460] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.460] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8672b0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="SYNCUTIL.dll") returned 0xc [0145.465] CoTaskMemFree (pv=0x698b40) [0145.465] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.465] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8672b0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SYNCUTIL.dll" (normalized: "c:\\windows\\system32\\syncutil.dll")) returned 0x20 [0145.470] CoTaskMemFree (pv=0x698b40) [0145.470] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff867260000, lpmodinfo=0x2609eb8, cb=0x18 | out: lpmodinfo=0x2609eb8*(lpBaseOfDll=0x7ff867260000, SizeOfImage=0x4b000, EntryPoint=0x7ff867271590)) returned 1 [0145.476] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.476] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff867260000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="VAULTCLI.dll") returned 0xc [0145.481] CoTaskMemFree (pv=0x698b40) [0145.481] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.481] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff867260000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\VAULTCLI.dll" (normalized: "c:\\windows\\system32\\vaultcli.dll")) returned 0x20 [0145.486] CoTaskMemFree (pv=0x698b40) [0145.486] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff876870000, lpmodinfo=0x260c070, cb=0x18 | out: lpmodinfo=0x260c070*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0145.492] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.498] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff876870000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0145.504] CoTaskMemFree (pv=0x698b40) [0145.504] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.504] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff876870000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0145.509] CoTaskMemFree (pv=0x698b40) [0145.510] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff865f40000, lpmodinfo=0x260e640, cb=0x18 | out: lpmodinfo=0x260e640*(lpBaseOfDll=0x7ff865f40000, SizeOfImage=0x11000, EntryPoint=0x7ff865f474c0)) returned 1 [0145.516] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.516] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff865f40000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="InprocLogger.dll") returned 0x10 [0145.522] CoTaskMemFree (pv=0x698b40) [0145.522] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.522] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff865f40000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\InprocLogger.dll" (normalized: "c:\\windows\\system32\\inproclogger.dll")) returned 0x24 [0145.527] CoTaskMemFree (pv=0x698b40) [0145.527] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff865f00000, lpmodinfo=0x2610808, cb=0x18 | out: lpmodinfo=0x2610808*(lpBaseOfDll=0x7ff865f00000, SizeOfImage=0x3f000, EntryPoint=0x7ff865f23320)) returned 1 [0145.533] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.533] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff865f00000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="FlightSettings.dll") returned 0x12 [0145.539] CoTaskMemFree (pv=0x698b40) [0145.539] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.539] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff865f00000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\FlightSettings.dll" (normalized: "c:\\windows\\system32\\flightsettings.dll")) returned 0x26 [0145.545] CoTaskMemFree (pv=0x698b40) [0145.545] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d170000, lpmodinfo=0x26129d0, cb=0x18 | out: lpmodinfo=0x26129d0*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0145.551] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.551] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d170000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0145.557] CoTaskMemFree (pv=0x698b40) [0145.557] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.557] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d170000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0145.563] CoTaskMemFree (pv=0x698b40) [0145.563] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpmodinfo=0x2614b78, cb=0x18 | out: lpmodinfo=0x2614b78*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0145.568] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.568] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0145.574] CoTaskMemFree (pv=0x698b40) [0145.574] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.574] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0145.580] CoTaskMemFree (pv=0x698b40) [0145.580] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8622d0000, lpmodinfo=0x2616d20, cb=0x18 | out: lpmodinfo=0x2616d20*(lpBaseOfDll=0x7ff8622d0000, SizeOfImage=0x8d000, EntryPoint=0x7ff8623307a0)) returned 1 [0145.587] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.587] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8622d0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="SyncController.dll") returned 0x12 [0145.593] CoTaskMemFree (pv=0x698b40) [0145.593] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.593] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8622d0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SyncController.dll" (normalized: "c:\\windows\\system32\\synccontroller.dll")) returned 0x26 [0145.599] CoTaskMemFree (pv=0x698b40) [0145.599] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff864110000, lpmodinfo=0x2618ee8, cb=0x18 | out: lpmodinfo=0x2618ee8*(lpBaseOfDll=0x7ff864110000, SizeOfImage=0x13000, EntryPoint=0x7ff864115720)) returned 1 [0145.604] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.605] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff864110000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="APHostClient.dll") returned 0x10 [0145.610] CoTaskMemFree (pv=0x698b40) [0145.610] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.610] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff864110000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\APHostClient.dll" (normalized: "c:\\windows\\system32\\aphostclient.dll")) returned 0x24 [0145.616] CoTaskMemFree (pv=0x698b40) [0145.616] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8640f0000, lpmodinfo=0x261b0b0, cb=0x18 | out: lpmodinfo=0x261b0b0*(lpBaseOfDll=0x7ff8640f0000, SizeOfImage=0x11000, EntryPoint=0x7ff8640f7400)) returned 1 [0145.622] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.622] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8640f0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="UserDataLanguageUtil.dll") returned 0x18 [0145.628] CoTaskMemFree (pv=0x698b40) [0145.628] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.628] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8640f0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\UserDataLanguageUtil.dll" (normalized: "c:\\windows\\system32\\userdatalanguageutil.dll")) returned 0x2c [0145.634] CoTaskMemFree (pv=0x698b40) [0145.634] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff862280000, lpmodinfo=0x261d298, cb=0x18 | out: lpmodinfo=0x261d298*(lpBaseOfDll=0x7ff862280000, SizeOfImage=0x43000, EntryPoint=0x7ff8622ab150)) returned 1 [0145.640] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.640] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff862280000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="AccountAccessor.dll") returned 0x13 [0145.646] CoTaskMemFree (pv=0x698b40) [0145.646] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.646] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff862280000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\AccountAccessor.dll" (normalized: "c:\\windows\\system32\\accountaccessor.dll")) returned 0x27 [0145.653] CoTaskMemFree (pv=0x698b40) [0145.653] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff862250000, lpmodinfo=0x261f460, cb=0x18 | out: lpmodinfo=0x261f460*(lpBaseOfDll=0x7ff862250000, SizeOfImage=0x30000, EntryPoint=0x7ff86226eca0)) returned 1 [0145.660] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.660] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff862250000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="MCCSEngineShared.dll") returned 0x14 [0145.666] CoTaskMemFree (pv=0x698b40) [0145.666] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.667] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff862250000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MCCSEngineShared.dll" (normalized: "c:\\windows\\system32\\mccsengineshared.dll")) returned 0x28 [0145.673] CoTaskMemFree (pv=0x698b40) [0145.673] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878830000, lpmodinfo=0x2621638, cb=0x18 | out: lpmodinfo=0x2621638*(lpBaseOfDll=0x7ff878830000, SizeOfImage=0x55000, EntryPoint=0x7ff878833fb0)) returned 1 [0145.679] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.679] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878830000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="policymanager.dll") returned 0x11 [0145.685] CoTaskMemFree (pv=0x698b40) [0145.685] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.685] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878830000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")) returned 0x25 [0145.691] CoTaskMemFree (pv=0x698b40) [0145.691] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878e80000, lpmodinfo=0x2623800, cb=0x18 | out: lpmodinfo=0x2623800*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0145.698] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.698] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878e80000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0145.704] CoTaskMemFree (pv=0x698b40) [0145.704] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.704] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878e80000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0145.710] CoTaskMemFree (pv=0x698b40) [0145.710] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e6e0000, lpmodinfo=0x26259c8, cb=0x18 | out: lpmodinfo=0x26259c8*(lpBaseOfDll=0x7ff86e6e0000, SizeOfImage=0xce000, EntryPoint=0x7ff86e7114c0)) returned 1 [0145.716] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.716] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e6e0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="TokenBroker.dll") returned 0xf [0145.723] CoTaskMemFree (pv=0x698b40) [0145.723] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.723] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e6e0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll")) returned 0x23 [0145.731] CoTaskMemFree (pv=0x698b40) [0145.731] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879c90000, lpmodinfo=0x2627b80, cb=0x18 | out: lpmodinfo=0x2627b80*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0145.737] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.737] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879c90000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0145.743] CoTaskMemFree (pv=0x698b40) [0145.743] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.743] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879c90000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0145.751] CoTaskMemFree (pv=0x698b40) [0145.751] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ad00000, lpmodinfo=0x2629d38, cb=0x18 | out: lpmodinfo=0x2629d38*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0145.757] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.757] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0145.764] CoTaskMemFree (pv=0x698b40) [0145.764] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.764] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0145.770] CoTaskMemFree (pv=0x698b40) [0145.770] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875450000, lpmodinfo=0x262bef0, cb=0x18 | out: lpmodinfo=0x262bef0*(lpBaseOfDll=0x7ff875450000, SizeOfImage=0x28000, EntryPoint=0x7ff875458c10)) returned 1 [0145.777] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.777] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875450000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="IDStore.dll") returned 0xb [0145.784] CoTaskMemFree (pv=0x698b40) [0145.784] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.784] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875450000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll")) returned 0x1f [0145.790] CoTaskMemFree (pv=0x698b40) [0145.790] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87aca0000, lpmodinfo=0x262e098, cb=0x18 | out: lpmodinfo=0x262e098*(lpBaseOfDll=0x7ff87aca0000, SizeOfImage=0x1c000, EntryPoint=0x7ff87aca37a0)) returned 1 [0145.798] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.798] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87aca0000, lpBaseName=0x698b40, nSize=0x800 | out: lpBaseName="SAMLIB.dll") returned 0xa [0145.804] CoTaskMemFree (pv=0x698b40) [0145.804] CoTaskMemAlloc (cb=0x804) returned 0x698b40 [0145.804] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87aca0000, lpFilename=0x698b40, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SAMLIB.dll" (normalized: "c:\\windows\\system32\\samlib.dll")) returned 0x1e [0145.811] CoTaskMemFree (pv=0x698b40) [0145.811] CloseHandle (hObject=0x260) returned 1 [0145.812] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0145.812] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x484) returned 0x260 [0145.812] EnumProcessModules (in: hProcess=0x260, lphModule=0x2632168, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2632168, lpcbNeeded=0x14ef68) returned 1 [0145.818] EnumProcessModules (in: hProcess=0x260, lphModule=0x2632380, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x2632380, lpcbNeeded=0x14ef68) returned 1 [0145.824] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff6ee8d0000, lpmodinfo=0x26327f0, cb=0x18 | out: lpmodinfo=0x26327f0*(lpBaseOfDll=0x7ff6ee8d0000, SizeOfImage=0xbe000, EntryPoint=0x7ff6ee8f2340)) returned 1 [0145.825] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.825] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff6ee8d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="spoolsv.exe") returned 0xb [0145.825] CoTaskMemFree (pv=0x698010) [0145.825] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.825] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff6ee8d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\spoolsv.exe" (normalized: "c:\\windows\\system32\\spoolsv.exe")) returned 0x1f [0145.826] CoTaskMemFree (pv=0x698010) [0145.826] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x26349d0, cb=0x18 | out: lpmodinfo=0x26349d0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0145.826] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.826] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0145.827] CoTaskMemFree (pv=0x698010) [0145.827] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.827] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0145.827] CoTaskMemFree (pv=0x698010) [0145.827] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x2636b78, cb=0x18 | out: lpmodinfo=0x2636b78*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0145.828] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.828] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0145.828] CoTaskMemFree (pv=0x698010) [0145.828] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.829] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0145.829] CoTaskMemFree (pv=0x698010) [0145.829] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x2638d30, cb=0x18 | out: lpmodinfo=0x2638d30*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0145.830] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.830] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0145.830] CoTaskMemFree (pv=0x698010) [0145.830] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.830] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0145.831] CoTaskMemFree (pv=0x698010) [0145.831] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x263aee8, cb=0x18 | out: lpmodinfo=0x263aee8*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0145.832] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.832] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0145.833] CoTaskMemFree (pv=0x698010) [0145.833] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.833] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0145.833] CoTaskMemFree (pv=0x698010) [0145.833] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x263d0e8, cb=0x18 | out: lpmodinfo=0x263d0e8*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0145.834] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.834] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0145.835] CoTaskMemFree (pv=0x698010) [0145.835] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.835] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0145.836] CoTaskMemFree (pv=0x698010) [0145.836] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x263f290, cb=0x18 | out: lpmodinfo=0x263f290*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0145.837] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.837] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0145.837] CoTaskMemFree (pv=0x698010) [0145.837] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.838] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0145.838] CoTaskMemFree (pv=0x698010) [0145.838] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x2641438, cb=0x18 | out: lpmodinfo=0x2641438*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0145.839] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.839] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0145.840] CoTaskMemFree (pv=0x698010) [0145.840] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.840] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0145.841] CoTaskMemFree (pv=0x698010) [0145.841] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x26435e0, cb=0x18 | out: lpmodinfo=0x26435e0*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0145.842] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.842] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0145.843] CoTaskMemFree (pv=0x698010) [0145.843] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.843] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0145.844] CoTaskMemFree (pv=0x698010) [0145.845] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b030000, lpmodinfo=0x2645820, cb=0x18 | out: lpmodinfo=0x2645820*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0145.845] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.846] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b030000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0145.848] CoTaskMemFree (pv=0x698010) [0145.848] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.848] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b030000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0145.849] CoTaskMemFree (pv=0x698010) [0145.849] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87eed0000, lpmodinfo=0x26479c8, cb=0x18 | out: lpmodinfo=0x26479c8*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0145.850] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.850] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0145.851] CoTaskMemFree (pv=0x698010) [0145.851] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.851] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0145.852] CoTaskMemFree (pv=0x698010) [0145.852] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87efa0000, lpmodinfo=0x2649b70, cb=0x18 | out: lpmodinfo=0x2649b70*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0145.853] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.854] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0145.855] CoTaskMemFree (pv=0x698010) [0145.855] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.855] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0145.856] CoTaskMemFree (pv=0x698010) [0145.856] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x264bd08, cb=0x18 | out: lpmodinfo=0x264bd08*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0145.857] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.857] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0145.859] CoTaskMemFree (pv=0x698010) [0145.859] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.859] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0145.860] CoTaskMemFree (pv=0x698010) [0145.860] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x264deb0, cb=0x18 | out: lpmodinfo=0x264deb0*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0145.862] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.862] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0145.863] CoTaskMemFree (pv=0x698010) [0145.863] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.863] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0145.864] CoTaskMemFree (pv=0x698010) [0145.864] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x2650058, cb=0x18 | out: lpmodinfo=0x2650058*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0145.867] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.867] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0145.869] CoTaskMemFree (pv=0x698010) [0145.869] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.869] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0145.870] CoTaskMemFree (pv=0x698010) [0145.870] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x2652230, cb=0x18 | out: lpmodinfo=0x2652230*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0145.872] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.872] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0145.873] CoTaskMemFree (pv=0x698010) [0145.873] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.873] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0145.875] CoTaskMemFree (pv=0x698010) [0145.875] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x26543f8, cb=0x18 | out: lpmodinfo=0x26543f8*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0145.877] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.877] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0145.879] CoTaskMemFree (pv=0x698010) [0145.879] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.879] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0145.881] CoTaskMemFree (pv=0x698010) [0145.881] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x26566b8, cb=0x18 | out: lpmodinfo=0x26566b8*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0145.882] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.882] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0145.884] CoTaskMemFree (pv=0x698010) [0145.884] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.884] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0145.886] CoTaskMemFree (pv=0x698010) [0145.886] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87be90000, lpmodinfo=0x2658870, cb=0x18 | out: lpmodinfo=0x2658870*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0145.887] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.887] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87be90000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0145.889] CoTaskMemFree (pv=0x698010) [0145.889] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.889] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87be90000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0145.891] CoTaskMemFree (pv=0x698010) [0145.891] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ad00000, lpmodinfo=0x265aa18, cb=0x18 | out: lpmodinfo=0x265aa18*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0145.893] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.893] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0145.895] CoTaskMemFree (pv=0x698010) [0145.895] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.895] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0145.897] CoTaskMemFree (pv=0x698010) [0145.897] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpmodinfo=0x265cbd0, cb=0x18 | out: lpmodinfo=0x265cbd0*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0145.899] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.899] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0145.900] CoTaskMemFree (pv=0x698010) [0145.900] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.901] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0145.903] CoTaskMemFree (pv=0x698010) [0145.903] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875480000, lpmodinfo=0x265ed78, cb=0x18 | out: lpmodinfo=0x265ed78*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0145.905] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.905] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875480000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0145.907] CoTaskMemFree (pv=0x698010) [0145.907] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.907] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875480000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0145.909] CoTaskMemFree (pv=0x698010) [0145.909] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8750d0000, lpmodinfo=0x2660f30, cb=0x18 | out: lpmodinfo=0x2660f30*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0145.911] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.911] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0145.913] CoTaskMemFree (pv=0x698010) [0145.913] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.913] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0145.915] CoTaskMemFree (pv=0x698010) [0145.915] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874830000, lpmodinfo=0x26630d8, cb=0x18 | out: lpmodinfo=0x26630d8*(lpBaseOfDll=0x7ff874830000, SizeOfImage=0xa000, EntryPoint=0x7ff8748314c0)) returned 1 [0145.917] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.917] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874830000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0145.920] CoTaskMemFree (pv=0x698010) [0145.920] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.920] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874830000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0145.922] CoTaskMemFree (pv=0x698010) [0145.922] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874fc0000, lpmodinfo=0x2665290, cb=0x18 | out: lpmodinfo=0x2665290*(lpBaseOfDll=0x7ff874fc0000, SizeOfImage=0x67000, EntryPoint=0x7ff874fc63e0)) returned 1 [0145.924] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.924] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874fc0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0145.926] CoTaskMemFree (pv=0x698010) [0145.926] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.926] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874fc0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0145.929] CoTaskMemFree (pv=0x698010) [0145.929] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86af40000, lpmodinfo=0x2667448, cb=0x18 | out: lpmodinfo=0x2667448*(lpBaseOfDll=0x7ff86af40000, SizeOfImage=0x117000, EntryPoint=0x7ff86af955b0)) returned 1 [0145.931] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.931] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86af40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="localspl.dll") returned 0xc [0145.933] CoTaskMemFree (pv=0x698010) [0145.933] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.933] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86af40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\localspl.dll" (normalized: "c:\\windows\\system32\\localspl.dll")) returned 0x20 [0145.936] CoTaskMemFree (pv=0x698010) [0145.936] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d170000, lpmodinfo=0x2669600, cb=0x18 | out: lpmodinfo=0x2669600*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0145.939] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.939] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d170000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0145.942] CoTaskMemFree (pv=0x698010) [0145.942] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.942] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d170000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0145.944] CoTaskMemFree (pv=0x698010) [0145.944] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpmodinfo=0x266b7a8, cb=0x18 | out: lpmodinfo=0x266b7a8*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0145.947] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.947] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0145.950] CoTaskMemFree (pv=0x698010) [0145.950] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.950] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0145.952] CoTaskMemFree (pv=0x698010) [0145.952] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x266d950, cb=0x18 | out: lpmodinfo=0x266d950*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0145.955] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.955] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0145.958] CoTaskMemFree (pv=0x698010) [0145.958] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.958] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0145.961] CoTaskMemFree (pv=0x698010) [0145.961] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86d070000, lpmodinfo=0x266fb08, cb=0x18 | out: lpmodinfo=0x266fb08*(lpBaseOfDll=0x7ff86d070000, SizeOfImage=0x26000, EntryPoint=0x7ff86d071cf0)) returned 1 [0145.963] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.963] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86d070000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="srvcli.dll") returned 0xa [0145.966] CoTaskMemFree (pv=0x698010) [0145.966] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.966] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86d070000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")) returned 0x1e [0145.969] CoTaskMemFree (pv=0x698010) [0145.969] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x2671cb0, cb=0x18 | out: lpmodinfo=0x2671cb0*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0145.972] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.972] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0145.974] CoTaskMemFree (pv=0x698010) [0145.974] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.974] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0145.977] CoTaskMemFree (pv=0x698010) [0145.977] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87efb0000, lpmodinfo=0x2673e68, cb=0x18 | out: lpmodinfo=0x2673e68*(lpBaseOfDll=0x7ff87efb0000, SizeOfImage=0x429000, EntryPoint=0x7ff87efd8740)) returned 1 [0145.980] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.980] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87efb0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0145.983] CoTaskMemFree (pv=0x698010) [0145.983] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.983] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87efb0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0145.986] CoTaskMemFree (pv=0x698010) [0145.986] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875cd0000, lpmodinfo=0x2676020, cb=0x18 | out: lpmodinfo=0x2676020*(lpBaseOfDll=0x7ff875cd0000, SizeOfImage=0x1c000, EntryPoint=0x7ff875cd3c20)) returned 1 [0145.989] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.989] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875cd0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SPOOLSS.DLL") returned 0xb [0145.991] CoTaskMemFree (pv=0x698010) [0145.991] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.992] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875cd0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SPOOLSS.DLL" (normalized: "c:\\windows\\system32\\spoolss.dll")) returned 0x1f [0145.994] CoTaskMemFree (pv=0x698010) [0145.994] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpmodinfo=0x26783e0, cb=0x18 | out: lpmodinfo=0x26783e0*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0145.998] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0145.998] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0146.001] CoTaskMemFree (pv=0x698010) [0146.001] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.001] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0146.004] CoTaskMemFree (pv=0x698010) [0146.004] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f0a0000, lpmodinfo=0x267a588, cb=0x18 | out: lpmodinfo=0x267a588*(lpBaseOfDll=0x7ff86f0a0000, SizeOfImage=0x11000, EntryPoint=0x7ff86f0a3e10)) returned 1 [0146.007] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.007] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f0a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="sfc_os.dll") returned 0xa [0146.011] CoTaskMemFree (pv=0x698010) [0146.011] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.011] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f0a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\sfc_os.dll" (normalized: "c:\\windows\\system32\\sfc_os.dll")) returned 0x1e [0146.014] CoTaskMemFree (pv=0x698010) [0146.014] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870dc0000, lpmodinfo=0x267c730, cb=0x18 | out: lpmodinfo=0x267c730*(lpBaseOfDll=0x7ff870dc0000, SizeOfImage=0xc000, EntryPoint=0x7ff870dc35c0)) returned 1 [0146.017] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.017] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870dc0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="Secur32.dll") returned 0xb [0146.021] CoTaskMemFree (pv=0x698010) [0146.021] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.021] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870dc0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0146.024] CoTaskMemFree (pv=0x698010) [0146.024] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872e10000, lpmodinfo=0x267e8d8, cb=0x18 | out: lpmodinfo=0x267e8d8*(lpBaseOfDll=0x7ff872e10000, SizeOfImage=0x84000, EntryPoint=0x7ff872e22830)) returned 1 [0146.028] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.028] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872e10000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="winspool.drv") returned 0xc [0146.031] CoTaskMemFree (pv=0x698010) [0146.031] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.031] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872e10000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winspool.drv" (normalized: "c:\\windows\\system32\\winspool.drv")) returned 0x20 [0146.034] CoTaskMemFree (pv=0x698010) [0146.034] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f080000, lpmodinfo=0x2680a90, cb=0x18 | out: lpmodinfo=0x2680a90*(lpBaseOfDll=0x7ff86f080000, SizeOfImage=0x14000, EntryPoint=0x7ff86f083990)) returned 1 [0146.037] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.038] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f080000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="PrintIsolationProxy.dll") returned 0x17 [0146.041] CoTaskMemFree (pv=0x698010) [0146.041] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.041] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f080000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PrintIsolationProxy.dll" (normalized: "c:\\windows\\system32\\printisolationproxy.dll")) returned 0x2b [0146.044] CoTaskMemFree (pv=0x698010) [0146.044] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86d000000, lpmodinfo=0x2682c68, cb=0x18 | out: lpmodinfo=0x2682c68*(lpBaseOfDll=0x7ff86d000000, SizeOfImage=0x11000, EntryPoint=0x7ff86d0015f0)) returned 1 [0146.049] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.049] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86d000000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="FXSMON.DLL") returned 0xa [0146.052] CoTaskMemFree (pv=0x698010) [0146.052] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.052] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86d000000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\FXSMON.DLL" (normalized: "c:\\windows\\system32\\fxsmon.dll")) returned 0x1e [0146.055] CoTaskMemFree (pv=0x698010) [0146.055] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c5b0000, lpmodinfo=0x2684e10, cb=0x18 | out: lpmodinfo=0x2684e10*(lpBaseOfDll=0x7ff86c5b0000, SizeOfImage=0x3a000, EntryPoint=0x7ff86c5b30b0)) returned 1 [0146.059] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.059] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c5b0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="tcpmon.dll") returned 0xa [0146.062] CoTaskMemFree (pv=0x698010) [0146.062] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.062] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c5b0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\tcpmon.dll" (normalized: "c:\\windows\\system32\\tcpmon.dll")) returned 0x1e [0146.066] CoTaskMemFree (pv=0x698010) [0146.066] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ade0000, lpmodinfo=0x2686fb8, cb=0x18 | out: lpmodinfo=0x2686fb8*(lpBaseOfDll=0x7ff87ade0000, SizeOfImage=0xc000, EntryPoint=0x7ff87ade1400)) returned 1 [0146.069] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.069] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ade0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="snmpapi.dll") returned 0xb [0146.073] CoTaskMemFree (pv=0x698010) [0146.073] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.073] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ade0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\snmpapi.dll" (normalized: "c:\\windows\\system32\\snmpapi.dll")) returned 0x1f [0146.076] CoTaskMemFree (pv=0x698010) [0146.076] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86cfe0000, lpmodinfo=0x2689160, cb=0x18 | out: lpmodinfo=0x2689160*(lpBaseOfDll=0x7ff86cfe0000, SizeOfImage=0x14000, EntryPoint=0x7ff86cfe18e0)) returned 1 [0146.081] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.081] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86cfe0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wsnmp32.dll") returned 0xb [0146.085] CoTaskMemFree (pv=0x698010) [0146.085] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.085] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86cfe0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wsnmp32.dll" (normalized: "c:\\windows\\system32\\wsnmp32.dll")) returned 0x1f [0146.089] CoTaskMemFree (pv=0x698010) [0146.089] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86aef0000, lpmodinfo=0x268b308, cb=0x18 | out: lpmodinfo=0x268b308*(lpBaseOfDll=0x7ff86aef0000, SizeOfImage=0x50000, EntryPoint=0x7ff86aef3340)) returned 1 [0146.093] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.093] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86aef0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="usbmon.dll") returned 0xa [0146.096] CoTaskMemFree (pv=0x698010) [0146.096] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.096] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86aef0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\usbmon.dll" (normalized: "c:\\windows\\system32\\usbmon.dll")) returned 0x1e [0146.100] CoTaskMemFree (pv=0x698010) [0146.100] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x268d4b0, cb=0x18 | out: lpmodinfo=0x268d4b0*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0146.104] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.104] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0146.107] CoTaskMemFree (pv=0x698010) [0146.107] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.107] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0146.111] CoTaskMemFree (pv=0x698010) [0146.111] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87afe0000, lpmodinfo=0x268f668, cb=0x18 | out: lpmodinfo=0x268f668*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0146.115] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.115] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87afe0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0146.119] CoTaskMemFree (pv=0x698010) [0146.119] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.119] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87afe0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0146.123] CoTaskMemFree (pv=0x698010) [0146.123] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d340000, lpmodinfo=0x2691810, cb=0x18 | out: lpmodinfo=0x2691810*(lpBaseOfDll=0x7ff87d340000, SizeOfImage=0x55000, EntryPoint=0x7ff87d357970)) returned 1 [0146.127] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.127] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d340000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0146.130] CoTaskMemFree (pv=0x698010) [0146.130] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.130] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d340000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0146.134] CoTaskMemFree (pv=0x698010) [0146.134] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86ae50000, lpmodinfo=0x26939c8, cb=0x18 | out: lpmodinfo=0x26939c8*(lpBaseOfDll=0x7ff86ae50000, SizeOfImage=0x94000, EntryPoint=0x7ff86ae53d40)) returned 1 [0146.138] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.138] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86ae50000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WSDMon.dll") returned 0xa [0146.142] CoTaskMemFree (pv=0x698010) [0146.142] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.142] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86ae50000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WSDMon.dll" (normalized: "c:\\windows\\system32\\wsdmon.dll")) returned 0x1e [0146.146] CoTaskMemFree (pv=0x698010) [0146.146] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fb50000, lpmodinfo=0x2695b70, cb=0x18 | out: lpmodinfo=0x2695b70*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0146.152] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.152] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0146.156] CoTaskMemFree (pv=0x698010) [0146.156] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.156] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0146.160] CoTaskMemFree (pv=0x698010) [0146.160] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff867450000, lpmodinfo=0x2697d18, cb=0x18 | out: lpmodinfo=0x2697d18*(lpBaseOfDll=0x7ff867450000, SizeOfImage=0xac000, EntryPoint=0x7ff867463ea0)) returned 1 [0146.164] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.164] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff867450000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wsdapi.dll") returned 0xa [0146.168] CoTaskMemFree (pv=0x698010) [0146.168] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.168] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff867450000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wsdapi.dll" (normalized: "c:\\windows\\system32\\wsdapi.dll")) returned 0x1e [0146.172] CoTaskMemFree (pv=0x698010) [0146.172] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87cdb0000, lpmodinfo=0x2699ec0, cb=0x18 | out: lpmodinfo=0x2699ec0*(lpBaseOfDll=0x7ff87cdb0000, SizeOfImage=0x86000, EntryPoint=0x7ff87cdbd8f0)) returned 1 [0146.176] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.176] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87cdb0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="FirewallAPI.dll") returned 0xf [0146.181] CoTaskMemFree (pv=0x698010) [0146.181] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.181] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87cdb0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0146.188] CoTaskMemFree (pv=0x698010) [0146.188] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879c30000, lpmodinfo=0x269c078, cb=0x18 | out: lpmodinfo=0x269c078*(lpBaseOfDll=0x7ff879c30000, SizeOfImage=0x11000, EntryPoint=0x7ff879c35040)) returned 1 [0146.192] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.192] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879c30000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="deviceassociation.dll") returned 0x15 [0146.196] CoTaskMemFree (pv=0x698010) [0146.196] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.196] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879c30000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\deviceassociation.dll" (normalized: "c:\\windows\\system32\\deviceassociation.dll")) returned 0x29 [0146.200] CoTaskMemFree (pv=0x698010) [0146.200] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpmodinfo=0x269e250, cb=0x18 | out: lpmodinfo=0x269e250*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0146.205] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.205] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0146.209] CoTaskMemFree (pv=0x698010) [0146.209] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.209] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0146.213] CoTaskMemFree (pv=0x698010) [0146.213] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878b20000, lpmodinfo=0x26a0408, cb=0x18 | out: lpmodinfo=0x26a0408*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0146.226] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.226] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878b20000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WINHTTP.dll") returned 0xb [0146.232] CoTaskMemFree (pv=0x698010) [0146.232] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.232] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878b20000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINHTTP.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0146.236] CoTaskMemFree (pv=0x698010) [0146.236] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872800000, lpmodinfo=0x26a25b0, cb=0x18 | out: lpmodinfo=0x26a25b0*(lpBaseOfDll=0x7ff872800000, SizeOfImage=0x162000, EntryPoint=0x7ff872851b30)) returned 1 [0146.240] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.240] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872800000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="webservices.dll") returned 0xf [0146.245] CoTaskMemFree (pv=0x698010) [0146.245] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.245] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872800000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\webservices.dll" (normalized: "c:\\windows\\system32\\webservices.dll")) returned 0x23 [0146.250] CoTaskMemFree (pv=0x698010) [0146.250] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b340000, lpmodinfo=0x26a4768, cb=0x18 | out: lpmodinfo=0x26a4768*(lpBaseOfDll=0x7ff87b340000, SizeOfImage=0x32000, EntryPoint=0x7ff87b352340)) returned 1 [0146.255] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.255] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b340000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="fwbase.dll") returned 0xa [0146.260] CoTaskMemFree (pv=0x698010) [0146.260] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.260] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b340000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")) returned 0x1e [0146.264] CoTaskMemFree (pv=0x698010) [0146.265] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x26a6910, cb=0x18 | out: lpmodinfo=0x26a6910*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0146.269] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.269] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0146.274] CoTaskMemFree (pv=0x698010) [0146.274] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.274] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0146.279] CoTaskMemFree (pv=0x698010) [0146.279] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872540000, lpmodinfo=0x26a8ab8, cb=0x18 | out: lpmodinfo=0x26a8ab8*(lpBaseOfDll=0x7ff872540000, SizeOfImage=0x27a000, EntryPoint=0x7ff87255a7a0)) returned 1 [0146.284] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.284] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872540000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msxml6.dll") returned 0xa [0146.289] CoTaskMemFree (pv=0x698010) [0146.289] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.289] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872540000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")) returned 0x1e [0146.294] CoTaskMemFree (pv=0x698010) [0146.294] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86ae20000, lpmodinfo=0x26aac60, cb=0x18 | out: lpmodinfo=0x26aac60*(lpBaseOfDll=0x7ff86ae20000, SizeOfImage=0x2a000, EntryPoint=0x7ff86ae26eb0)) returned 1 [0146.298] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.298] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86ae20000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="FunDisc.dll") returned 0xb [0146.305] CoTaskMemFree (pv=0x698010) [0146.305] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.305] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86ae20000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\FunDisc.dll" (normalized: "c:\\windows\\system32\\fundisc.dll")) returned 0x1f [0146.310] CoTaskMemFree (pv=0x698010) [0146.310] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878ff0000, lpmodinfo=0x26ace08, cb=0x18 | out: lpmodinfo=0x26ace08*(lpBaseOfDll=0x7ff878ff0000, SizeOfImage=0x36000, EntryPoint=0x7ff879000070)) returned 1 [0146.314] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.314] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878ff0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0146.319] CoTaskMemFree (pv=0x698010) [0146.319] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.319] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878ff0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0146.324] CoTaskMemFree (pv=0x698010) [0146.324] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c230000, lpmodinfo=0x26aefb0, cb=0x18 | out: lpmodinfo=0x26aefb0*(lpBaseOfDll=0x7ff86c230000, SizeOfImage=0x13000, EntryPoint=0x7ff86c233960)) returned 1 [0146.329] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.329] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c230000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="fdPnp.dll") returned 0x9 [0146.334] CoTaskMemFree (pv=0x698010) [0146.334] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.334] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c230000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fdPnp.dll" (normalized: "c:\\windows\\system32\\fdpnp.dll")) returned 0x1d [0146.339] CoTaskMemFree (pv=0x698010) [0146.339] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86efc0000, lpmodinfo=0x26b1158, cb=0x18 | out: lpmodinfo=0x26b1158*(lpBaseOfDll=0x7ff86efc0000, SizeOfImage=0x1e000, EntryPoint=0x7ff86efc3a40)) returned 1 [0146.345] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.345] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86efc0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ATL.DLL") returned 0x7 [0146.351] CoTaskMemFree (pv=0x698010) [0146.351] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.351] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86efc0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ATL.DLL" (normalized: "c:\\windows\\system32\\atl.dll")) returned 0x1b [0146.356] CoTaskMemFree (pv=0x698010) [0146.356] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff865f60000, lpmodinfo=0x26b32f0, cb=0x18 | out: lpmodinfo=0x26b32f0*(lpBaseOfDll=0x7ff865f60000, SizeOfImage=0xd9000, EntryPoint=0x7ff865f6e550)) returned 1 [0146.361] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.361] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff865f60000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="drvstore.dll") returned 0xc [0146.366] CoTaskMemFree (pv=0x698010) [0146.366] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.366] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff865f60000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\drvstore.dll" (normalized: "c:\\windows\\system32\\drvstore.dll")) returned 0x20 [0146.372] CoTaskMemFree (pv=0x698010) [0146.372] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879c20000, lpmodinfo=0x26b54a8, cb=0x18 | out: lpmodinfo=0x26b54a8*(lpBaseOfDll=0x7ff879c20000, SizeOfImage=0x10000, EntryPoint=0x7ff879c214a0)) returned 1 [0146.377] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.377] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879c20000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="winprint.dll") returned 0xc [0146.383] CoTaskMemFree (pv=0x698010) [0146.383] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.383] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879c20000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\spool\\PRTPROCS\\x64\\winprint.dll" (normalized: "c:\\windows\\system32\\spool\\prtprocs\\x64\\winprint.dll")) returned 0x33 [0146.388] CoTaskMemFree (pv=0x698010) [0146.388] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bd20000, lpmodinfo=0x26b7680, cb=0x18 | out: lpmodinfo=0x26b7680*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0146.393] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.393] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0146.399] CoTaskMemFree (pv=0x698010) [0146.399] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.399] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0146.404] CoTaskMemFree (pv=0x698010) [0146.404] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x26b9828, cb=0x18 | out: lpmodinfo=0x26b9828*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0146.410] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.410] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0146.415] CoTaskMemFree (pv=0x698010) [0146.415] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.415] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0146.421] CoTaskMemFree (pv=0x698010) [0146.421] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpmodinfo=0x26bbde8, cb=0x18 | out: lpmodinfo=0x26bbde8*(lpBaseOfDll=0x7ff87b5c0000, SizeOfImage=0x24000, EntryPoint=0x7ff87b5c3260)) returned 1 [0146.426] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.426] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="gpapi.dll") returned 0x9 [0146.432] CoTaskMemFree (pv=0x698010) [0146.432] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.432] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0146.437] CoTaskMemFree (pv=0x698010) [0146.437] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8786a0000, lpmodinfo=0x26bdf90, cb=0x18 | out: lpmodinfo=0x26bdf90*(lpBaseOfDll=0x7ff8786a0000, SizeOfImage=0xa000, EntryPoint=0x7ff8786a1660)) returned 1 [0146.443] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.443] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8786a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="DSROLE.dll") returned 0xa [0146.450] CoTaskMemFree (pv=0x698010) [0146.450] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.450] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8786a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DSROLE.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")) returned 0x1e [0146.455] CoTaskMemFree (pv=0x698010) [0146.455] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff865bd0000, lpmodinfo=0x26c0138, cb=0x18 | out: lpmodinfo=0x26c0138*(lpBaseOfDll=0x7ff865bd0000, SizeOfImage=0xd2000, EntryPoint=0x7ff865be3380)) returned 1 [0146.461] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.461] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff865bd0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="win32spl.dll") returned 0xc [0146.466] CoTaskMemFree (pv=0x698010) [0146.467] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.467] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff865bd0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\win32spl.dll" (normalized: "c:\\windows\\system32\\win32spl.dll")) returned 0x20 [0146.473] CoTaskMemFree (pv=0x698010) [0146.473] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff867d80000, lpmodinfo=0x26c22f0, cb=0x18 | out: lpmodinfo=0x26c22f0*(lpBaseOfDll=0x7ff867d80000, SizeOfImage=0x2f000, EntryPoint=0x7ff867d81fa0)) returned 1 [0146.479] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.479] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff867d80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="inetpp.dll") returned 0xa [0146.484] CoTaskMemFree (pv=0x698010) [0146.484] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.484] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff867d80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\inetpp.dll" (normalized: "c:\\windows\\system32\\inetpp.dll")) returned 0x1e [0146.490] CoTaskMemFree (pv=0x698010) [0146.490] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bf40000, lpmodinfo=0x26c4498, cb=0x18 | out: lpmodinfo=0x26c4498*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0146.502] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.503] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0146.508] CoTaskMemFree (pv=0x698010) [0146.508] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.508] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0146.514] CoTaskMemFree (pv=0x698010) [0146.514] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpmodinfo=0x26c6640, cb=0x18 | out: lpmodinfo=0x26c6640*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0146.521] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.521] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0146.527] CoTaskMemFree (pv=0x698010) [0146.527] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.527] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0146.534] CoTaskMemFree (pv=0x698010) [0146.534] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c060000, lpmodinfo=0x26c87e8, cb=0x18 | out: lpmodinfo=0x26c87e8*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0146.539] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.540] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c060000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0146.546] CoTaskMemFree (pv=0x698010) [0146.546] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.546] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c060000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0146.553] CoTaskMemFree (pv=0x698010) [0146.553] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8744b0000, lpmodinfo=0x26ca9a0, cb=0x18 | out: lpmodinfo=0x26ca9a0*(lpBaseOfDll=0x7ff8744b0000, SizeOfImage=0x12000, EntryPoint=0x7ff8744b3580)) returned 1 [0146.559] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.559] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8744b0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="cscapi.dll") returned 0xa [0146.566] CoTaskMemFree (pv=0x698010) [0146.566] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.566] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8744b0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")) returned 0x1e [0146.572] CoTaskMemFree (pv=0x698010) [0146.572] CloseHandle (hObject=0x260) returned 1 [0146.572] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0146.572] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xaa8) returned 0x260 [0146.572] EnumProcessModules (in: hProcess=0x260, lphModule=0x26ce7b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26ce7b0, lpcbNeeded=0x14ef68) returned 1 [0146.582] EnumProcessModules (in: hProcess=0x260, lphModule=0x26ce9c8, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x26ce9c8, lpcbNeeded=0x14ef68) returned 1 [0146.592] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff7c35e0000, lpmodinfo=0x26cee38, cb=0x18 | out: lpmodinfo=0x26cee38*(lpBaseOfDll=0x7ff7c35e0000, SizeOfImage=0x8f4000, EntryPoint=0x7ff7c3718d30)) returned 1 [0146.592] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.592] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff7c35e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SearchUI.exe") returned 0xc [0146.593] CoTaskMemFree (pv=0x698010) [0146.593] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.593] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff7c35e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\SearchUI.exe" (normalized: "c:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\searchui.exe")) returned 0x4a [0146.593] CoTaskMemFree (pv=0x698010) [0146.593] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x26d1078, cb=0x18 | out: lpmodinfo=0x26d1078*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0146.594] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.594] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0146.594] CoTaskMemFree (pv=0x698010) [0146.594] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.594] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0146.595] CoTaskMemFree (pv=0x698010) [0146.595] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x26d3220, cb=0x18 | out: lpmodinfo=0x26d3220*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0146.595] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.595] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0146.596] CoTaskMemFree (pv=0x698010) [0146.596] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.596] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0146.596] CoTaskMemFree (pv=0x698010) [0146.596] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x26d53d8, cb=0x18 | out: lpmodinfo=0x26d53d8*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0146.597] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.597] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0146.598] CoTaskMemFree (pv=0x698010) [0146.598] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.598] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0146.598] CoTaskMemFree (pv=0x698010) [0146.598] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87aa90000, lpmodinfo=0x26d7590, cb=0x18 | out: lpmodinfo=0x26d7590*(lpBaseOfDll=0x7ff87aa90000, SizeOfImage=0x79000, EntryPoint=0x7ff87aaafb90)) returned 1 [0146.599] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.599] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87aa90000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0146.600] CoTaskMemFree (pv=0x698010) [0146.600] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.600] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87aa90000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0146.601] CoTaskMemFree (pv=0x698010) [0146.601] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x26d9790, cb=0x18 | out: lpmodinfo=0x26d9790*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0146.601] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.601] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0146.602] CoTaskMemFree (pv=0x698010) [0146.602] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.602] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0146.603] CoTaskMemFree (pv=0x698010) [0146.603] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x26db938, cb=0x18 | out: lpmodinfo=0x26db938*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0146.604] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.604] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0146.605] CoTaskMemFree (pv=0x698010) [0146.605] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.605] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0146.606] CoTaskMemFree (pv=0x698010) [0146.606] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x26ddae0, cb=0x18 | out: lpmodinfo=0x26ddae0*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0146.606] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.606] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0146.607] CoTaskMemFree (pv=0x698010) [0146.607] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.607] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0146.608] CoTaskMemFree (pv=0x698010) [0146.608] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x26dfc88, cb=0x18 | out: lpmodinfo=0x26dfc88*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0146.609] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.609] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0146.610] CoTaskMemFree (pv=0x698010) [0146.610] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.611] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0146.612] CoTaskMemFree (pv=0x698010) [0146.612] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff877bb0000, lpmodinfo=0x26e1ef8, cb=0x18 | out: lpmodinfo=0x26e1ef8*(lpBaseOfDll=0x7ff877bb0000, SizeOfImage=0x6a000, EntryPoint=0x7ff877bb9d60)) returned 1 [0146.613] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.613] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff877bb0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wincorlib.DLL") returned 0xd [0146.614] CoTaskMemFree (pv=0x698010) [0146.614] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.614] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff877bb0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wincorlib.DLL" (normalized: "c:\\windows\\system32\\wincorlib.dll")) returned 0x21 [0146.615] CoTaskMemFree (pv=0x698010) [0146.615] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x26e40b0, cb=0x18 | out: lpmodinfo=0x26e40b0*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0146.616] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.616] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0146.617] CoTaskMemFree (pv=0x698010) [0146.617] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.617] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0146.618] CoTaskMemFree (pv=0x698010) [0146.618] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a130000, lpmodinfo=0x26e6268, cb=0x18 | out: lpmodinfo=0x26e6268*(lpBaseOfDll=0x7ff87a130000, SizeOfImage=0x67000, EntryPoint=0x7ff87a14e710)) returned 1 [0146.620] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.620] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a130000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="Bcp47Langs.dll") returned 0xe [0146.621] CoTaskMemFree (pv=0x698010) [0146.621] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.621] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a130000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Bcp47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")) returned 0x22 [0146.623] CoTaskMemFree (pv=0x698010) [0146.623] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x26e8420, cb=0x18 | out: lpmodinfo=0x26e8420*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0146.624] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.624] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0146.625] CoTaskMemFree (pv=0x698010) [0146.625] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.625] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0146.627] CoTaskMemFree (pv=0x698010) [0146.627] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x26ea5c8, cb=0x18 | out: lpmodinfo=0x26ea5c8*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0146.628] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.628] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0146.630] CoTaskMemFree (pv=0x698010) [0146.630] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.630] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0146.631] CoTaskMemFree (pv=0x698010) [0146.631] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8769b0000, lpmodinfo=0x26ec790, cb=0x18 | out: lpmodinfo=0x26ec790*(lpBaseOfDll=0x7ff8769b0000, SizeOfImage=0x1039000, EntryPoint=0x7ff876dcb6f0)) returned 1 [0146.633] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.633] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8769b0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="Windows.UI.Xaml.dll") returned 0x13 [0146.634] CoTaskMemFree (pv=0x698010) [0146.634] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.634] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8769b0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.Xaml.dll" (normalized: "c:\\windows\\system32\\windows.ui.xaml.dll")) returned 0x27 [0146.636] CoTaskMemFree (pv=0x698010) [0146.636] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x26ee958, cb=0x18 | out: lpmodinfo=0x26ee958*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0146.637] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.637] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0146.639] CoTaskMemFree (pv=0x698010) [0146.639] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.639] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0146.640] CoTaskMemFree (pv=0x698010) [0146.640] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x26f0b00, cb=0x18 | out: lpmodinfo=0x26f0b00*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0146.642] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.642] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0146.644] CoTaskMemFree (pv=0x698010) [0146.644] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.644] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0146.645] CoTaskMemFree (pv=0x698010) [0146.645] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff876870000, lpmodinfo=0x26f2dc0, cb=0x18 | out: lpmodinfo=0x26f2dc0*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0146.647] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.647] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff876870000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0146.649] CoTaskMemFree (pv=0x698010) [0146.650] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.650] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff876870000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0146.652] CoTaskMemFree (pv=0x698010) [0146.652] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpmodinfo=0x26f4f78, cb=0x18 | out: lpmodinfo=0x26f4f78*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0146.653] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.653] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="CoreMessaging.dll") returned 0x11 [0146.655] CoTaskMemFree (pv=0x698010) [0146.655] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.655] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0146.657] CoTaskMemFree (pv=0x698010) [0146.657] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8764e0000, lpmodinfo=0x26f7140, cb=0x18 | out: lpmodinfo=0x26f7140*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0146.659] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.659] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0146.662] CoTaskMemFree (pv=0x698010) [0146.662] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.662] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0146.664] CoTaskMemFree (pv=0x698010) [0146.664] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c650000, lpmodinfo=0x26f92f8, cb=0x18 | out: lpmodinfo=0x26f92f8*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0146.665] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.665] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c650000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0146.667] CoTaskMemFree (pv=0x698010) [0146.667] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.667] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c650000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0146.669] CoTaskMemFree (pv=0x698010) [0146.669] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c760000, lpmodinfo=0x26fb4a0, cb=0x18 | out: lpmodinfo=0x26fb4a0*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0146.671] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.672] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c760000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0146.674] CoTaskMemFree (pv=0x698010) [0146.674] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.674] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c760000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0146.676] CoTaskMemFree (pv=0x698010) [0146.676] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x26fd668, cb=0x18 | out: lpmodinfo=0x26fd668*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0146.678] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.678] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0146.680] CoTaskMemFree (pv=0x698010) [0146.680] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.680] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0146.682] CoTaskMemFree (pv=0x698010) [0146.682] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x26ff820, cb=0x18 | out: lpmodinfo=0x26ff820*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0146.684] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.684] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0146.686] CoTaskMemFree (pv=0x698010) [0146.687] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.687] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0146.689] CoTaskMemFree (pv=0x698010) [0146.689] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fb50000, lpmodinfo=0x27019d8, cb=0x18 | out: lpmodinfo=0x27019d8*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0146.692] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.692] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0146.694] CoTaskMemFree (pv=0x698010) [0146.694] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.694] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0146.696] CoTaskMemFree (pv=0x698010) [0146.696] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x2703b80, cb=0x18 | out: lpmodinfo=0x2703b80*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0146.699] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.699] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0146.701] CoTaskMemFree (pv=0x698010) [0146.701] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.701] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0146.704] CoTaskMemFree (pv=0x698010) [0146.704] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x2705d38, cb=0x18 | out: lpmodinfo=0x2705d38*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0146.706] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.706] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0146.709] CoTaskMemFree (pv=0x698010) [0146.709] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.709] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0146.711] CoTaskMemFree (pv=0x698010) [0146.711] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpmodinfo=0x2707ee0, cb=0x18 | out: lpmodinfo=0x2707ee0*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0146.714] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.714] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0146.716] CoTaskMemFree (pv=0x698010) [0146.717] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.717] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0146.719] CoTaskMemFree (pv=0x698010) [0146.719] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpmodinfo=0x270a088, cb=0x18 | out: lpmodinfo=0x270a088*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0146.722] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.722] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0146.724] CoTaskMemFree (pv=0x698010) [0146.724] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.724] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0146.727] CoTaskMemFree (pv=0x698010) [0146.727] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x270c250, cb=0x18 | out: lpmodinfo=0x270c250*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0146.730] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.730] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0146.733] CoTaskMemFree (pv=0x698010) [0146.733] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.733] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0146.736] CoTaskMemFree (pv=0x698010) [0146.736] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86a360000, lpmodinfo=0x270e3f8, cb=0x18 | out: lpmodinfo=0x270e3f8*(lpBaseOfDll=0x7ff86a360000, SizeOfImage=0x7a7000, EntryPoint=0x7ff86a4622c0)) returned 1 [0146.739] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.739] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86a360000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="CortanaApi.dll") returned 0xe [0146.742] CoTaskMemFree (pv=0x698010) [0146.742] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.742] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86a360000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\CortanaApi.dll" (normalized: "c:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\cortanaapi.dll")) returned 0x4c [0146.745] CoTaskMemFree (pv=0x698010) [0146.745] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c0c0000, lpmodinfo=0x2710608, cb=0x18 | out: lpmodinfo=0x2710608*(lpBaseOfDll=0x7ff86c0c0000, SizeOfImage=0x21000, EntryPoint=0x7ff86c0c8230)) returned 1 [0146.747] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.747] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c0c0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="BingConfigurationClient.dll") returned 0x1b [0146.751] CoTaskMemFree (pv=0x698010) [0146.751] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.751] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c0c0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\BingConfigurationClient.dll" (normalized: "c:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\bingconfigurationclient.dll")) returned 0x59 [0146.754] CoTaskMemFree (pv=0x698010) [0146.754] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878e80000, lpmodinfo=0x2712848, cb=0x18 | out: lpmodinfo=0x2712848*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0146.757] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.757] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878e80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0146.760] CoTaskMemFree (pv=0x698010) [0146.760] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.760] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878e80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0146.763] CoTaskMemFree (pv=0x698010) [0146.763] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c040000, lpmodinfo=0x2714c28, cb=0x18 | out: lpmodinfo=0x2714c28*(lpBaseOfDll=0x7ff86c040000, SizeOfImage=0x14000, EntryPoint=0x7ff86c042b50)) returned 1 [0146.766] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.766] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c040000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="windows.cortana.pal.desktop.dll") returned 0x1f [0146.769] CoTaskMemFree (pv=0x698010) [0146.769] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.769] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c040000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.cortana.pal.desktop.dll" (normalized: "c:\\windows\\system32\\windows.cortana.pal.desktop.dll")) returned 0x33 [0146.772] CoTaskMemFree (pv=0x698010) [0146.772] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c0f0000, lpmodinfo=0x2716e20, cb=0x18 | out: lpmodinfo=0x2716e20*(lpBaseOfDll=0x7ff86c0f0000, SizeOfImage=0x95000, EntryPoint=0x7ff86c11c210)) returned 1 [0146.775] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.776] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c0f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="Cortana.Core.dll") returned 0x10 [0146.779] CoTaskMemFree (pv=0x698010) [0146.779] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.779] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c0f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\Cortana.Core.dll" (normalized: "c:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\cortana.core.dll")) returned 0x4e [0146.782] CoTaskMemFree (pv=0x698010) [0146.782] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870840000, lpmodinfo=0x2719038, cb=0x18 | out: lpmodinfo=0x2719038*(lpBaseOfDll=0x7ff870840000, SizeOfImage=0x1b8000, EntryPoint=0x7ff8708ae630)) returned 1 [0146.785] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.785] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870840000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="urlmon.dll") returned 0xa [0146.788] CoTaskMemFree (pv=0x698010) [0146.788] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.789] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870840000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")) returned 0x1e [0146.792] CoTaskMemFree (pv=0x698010) [0146.792] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c060000, lpmodinfo=0x271b1e0, cb=0x18 | out: lpmodinfo=0x271b1e0*(lpBaseOfDll=0x7ff86c060000, SizeOfImage=0x55000, EntryPoint=0x7ff86c071250)) returned 1 [0146.795] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.795] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c060000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="Windows.Storage.ApplicationData.dll") returned 0x23 [0146.798] CoTaskMemFree (pv=0x698010) [0146.798] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.798] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c060000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll" (normalized: "c:\\windows\\system32\\windows.storage.applicationdata.dll")) returned 0x37 [0146.803] CoTaskMemFree (pv=0x698010) [0146.803] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff877aa0000, lpmodinfo=0x271d3e8, cb=0x18 | out: lpmodinfo=0x271d3e8*(lpBaseOfDll=0x7ff877aa0000, SizeOfImage=0x10e000, EntryPoint=0x7ff877aeeaa0)) returned 1 [0146.806] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.806] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff877aa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="MrmCoreR.dll") returned 0xc [0146.809] CoTaskMemFree (pv=0x698010) [0146.809] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.809] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff877aa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")) returned 0x20 [0146.813] CoTaskMemFree (pv=0x698010) [0146.813] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8779f0000, lpmodinfo=0x271f5a0, cb=0x18 | out: lpmodinfo=0x271f5a0*(lpBaseOfDll=0x7ff8779f0000, SizeOfImage=0xa9000, EntryPoint=0x7ff877a19010)) returned 1 [0146.816] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.816] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8779f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="Windows.UI.dll") returned 0xe [0146.820] CoTaskMemFree (pv=0x698010) [0146.820] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.820] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8779f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll")) returned 0x22 [0146.823] CoTaskMemFree (pv=0x698010) [0146.823] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87af40000, lpmodinfo=0x2721758, cb=0x18 | out: lpmodinfo=0x2721758*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0146.826] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.826] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87af40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0146.830] CoTaskMemFree (pv=0x698010) [0146.830] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.830] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87af40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0146.834] CoTaskMemFree (pv=0x698010) [0146.834] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e570000, lpmodinfo=0x2723900, cb=0x18 | out: lpmodinfo=0x2723900*(lpBaseOfDll=0x7ff86e570000, SizeOfImage=0x1a000, EntryPoint=0x7ff86e573550)) returned 1 [0146.838] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.838] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e570000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="BingIdentityManagerInternal.DLL") returned 0x1f [0146.842] CoTaskMemFree (pv=0x698010) [0146.842] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.842] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e570000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\BingIdentityManagerInternal.DLL" (normalized: "c:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\bingidentitymanagerinternal.dll")) returned 0x5d [0146.845] CoTaskMemFree (pv=0x698010) [0146.845] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8751b0000, lpmodinfo=0x2725b50, cb=0x18 | out: lpmodinfo=0x2725b50*(lpBaseOfDll=0x7ff8751b0000, SizeOfImage=0x15000, EntryPoint=0x7ff8751b6430)) returned 1 [0146.848] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.848] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8751b0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="threadpoolwinrt.dll") returned 0x13 [0146.853] CoTaskMemFree (pv=0x698010) [0146.853] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.853] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8751b0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\threadpoolwinrt.dll" (normalized: "c:\\windows\\system32\\threadpoolwinrt.dll")) returned 0x27 [0146.857] CoTaskMemFree (pv=0x698010) [0146.857] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86a110000, lpmodinfo=0x2727d18, cb=0x18 | out: lpmodinfo=0x2727d18*(lpBaseOfDll=0x7ff86a110000, SizeOfImage=0x15e000, EntryPoint=0x7ff86a15dcb0)) returned 1 [0146.861] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.861] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86a110000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="Windows.Web.Http.dll") returned 0x14 [0146.864] CoTaskMemFree (pv=0x698010) [0146.864] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.864] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86a110000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Web.Http.dll" (normalized: "c:\\windows\\system32\\windows.web.http.dll")) returned 0x28 [0146.868] CoTaskMemFree (pv=0x698010) [0146.868] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86a320000, lpmodinfo=0x2729ef0, cb=0x18 | out: lpmodinfo=0x2729ef0*(lpBaseOfDll=0x7ff86a320000, SizeOfImage=0x34000, EntryPoint=0x7ff86a325d00)) returned 1 [0146.873] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.873] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86a320000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="Windows.ApplicationModel.dll") returned 0x1c [0146.877] CoTaskMemFree (pv=0x698010) [0146.877] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.877] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86a320000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.ApplicationModel.dll" (normalized: "c:\\windows\\system32\\windows.applicationmodel.dll")) returned 0x30 [0146.881] CoTaskMemFree (pv=0x698010) [0146.881] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875f30000, lpmodinfo=0x272c0e8, cb=0x18 | out: lpmodinfo=0x272c0e8*(lpBaseOfDll=0x7ff875f30000, SizeOfImage=0x185000, EntryPoint=0x7ff875f76180)) returned 1 [0146.885] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.885] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875f30000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="Windows.Globalization.dll") returned 0x19 [0146.888] CoTaskMemFree (pv=0x698010) [0146.888] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.888] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875f30000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Globalization.dll" (normalized: "c:\\windows\\system32\\windows.globalization.dll")) returned 0x2d [0146.893] CoTaskMemFree (pv=0x698010) [0146.893] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879c90000, lpmodinfo=0x272e2d0, cb=0x18 | out: lpmodinfo=0x272e2d0*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0146.896] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.896] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879c90000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0146.900] CoTaskMemFree (pv=0x698010) [0146.900] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.900] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879c90000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0146.904] CoTaskMemFree (pv=0x698010) [0146.904] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a590000, lpmodinfo=0x2730488, cb=0x18 | out: lpmodinfo=0x2730488*(lpBaseOfDll=0x7ff87a590000, SizeOfImage=0x22000, EntryPoint=0x7ff87a591a40)) returned 1 [0146.908] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.908] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a590000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0146.913] CoTaskMemFree (pv=0x698010) [0146.913] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.913] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a590000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0146.917] CoTaskMemFree (pv=0x698010) [0146.917] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a230000, lpmodinfo=0x2732630, cb=0x18 | out: lpmodinfo=0x2732630*(lpBaseOfDll=0x7ff87a230000, SizeOfImage=0xa2000, EntryPoint=0x7ff87a250a40)) returned 1 [0146.921] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.921] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a230000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="dxgi.dll") returned 0x8 [0146.925] CoTaskMemFree (pv=0x698010) [0146.925] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.925] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a230000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")) returned 0x1c [0146.929] CoTaskMemFree (pv=0x698010) [0146.929] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86a0d0000, lpmodinfo=0x27347d8, cb=0x18 | out: lpmodinfo=0x27347d8*(lpBaseOfDll=0x7ff86a0d0000, SizeOfImage=0x34000, EntryPoint=0x7ff86a0e94e0)) returned 1 [0146.934] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.934] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86a0d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="PersonaX.dll") returned 0xc [0146.938] CoTaskMemFree (pv=0x698010) [0146.938] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.938] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86a0d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PersonaX.dll" (normalized: "c:\\windows\\system32\\personax.dll")) returned 0x20 [0146.950] CoTaskMemFree (pv=0x698010) [0146.950] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874220000, lpmodinfo=0x2736990, cb=0x18 | out: lpmodinfo=0x2736990*(lpBaseOfDll=0x7ff874220000, SizeOfImage=0x288000, EntryPoint=0x7ff87427f670)) returned 1 [0146.956] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.956] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874220000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="CoreUIComponents.dll") returned 0x14 [0146.960] CoTaskMemFree (pv=0x698010) [0146.960] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.960] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874220000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll")) returned 0x28 [0146.965] CoTaskMemFree (pv=0x698010) [0146.965] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a2e0000, lpmodinfo=0x2738b68, cb=0x18 | out: lpmodinfo=0x2738b68*(lpBaseOfDll=0x7ff87a2e0000, SizeOfImage=0x2a8000, EntryPoint=0x7ff87a373250)) returned 1 [0146.969] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.969] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a2e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="d3d11.dll") returned 0x9 [0146.973] CoTaskMemFree (pv=0x698010) [0146.975] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.976] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a2e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll")) returned 0x1d [0146.980] CoTaskMemFree (pv=0x698010) [0146.980] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879580000, lpmodinfo=0x254b4c8, cb=0x18 | out: lpmodinfo=0x254b4c8*(lpBaseOfDll=0x7ff879580000, SizeOfImage=0x26f000, EntryPoint=0x7ff8796322b0)) returned 1 [0146.984] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.984] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879580000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="d3d10warp.dll") returned 0xd [0146.989] CoTaskMemFree (pv=0x698010) [0146.989] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.989] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879580000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll")) returned 0x21 [0146.993] CoTaskMemFree (pv=0x698010) [0146.994] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879030000, lpmodinfo=0x254d680, cb=0x18 | out: lpmodinfo=0x254d680*(lpBaseOfDll=0x7ff879030000, SizeOfImage=0x545000, EntryPoint=0x7ff8791ca450)) returned 1 [0146.998] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0146.998] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879030000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="d2d1.dll") returned 0x8 [0147.002] CoTaskMemFree (pv=0x698010) [0147.002] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.002] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879030000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll")) returned 0x1c [0147.008] CoTaskMemFree (pv=0x698010) [0147.008] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a6a0000, lpmodinfo=0x254f828, cb=0x18 | out: lpmodinfo=0x254f828*(lpBaseOfDll=0x7ff87a6a0000, SizeOfImage=0xe3000, EntryPoint=0x7ff87a6d7da0)) returned 1 [0147.012] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.012] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a6a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="dcomp.dll") returned 0x9 [0147.019] CoTaskMemFree (pv=0x698010) [0147.019] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.019] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a6a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll")) returned 0x1d [0147.029] CoTaskMemFree (pv=0x698010) [0147.029] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fbb0000, lpmodinfo=0x25519d0, cb=0x18 | out: lpmodinfo=0x25519d0*(lpBaseOfDll=0x7ff87fbb0000, SizeOfImage=0x15a000, EntryPoint=0x7ff87fbf38e0)) returned 1 [0147.034] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.034] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fbb0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0147.038] CoTaskMemFree (pv=0x698010) [0147.038] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.038] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fbb0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0147.043] CoTaskMemFree (pv=0x698010) [0147.043] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c320000, lpmodinfo=0x2553b78, cb=0x18 | out: lpmodinfo=0x2553b78*(lpBaseOfDll=0x7ff86c320000, SizeOfImage=0x1f000, EntryPoint=0x7ff86c321500)) returned 1 [0147.047] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.047] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c320000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="Windows.Cortana.ProxyStub.dll") returned 0x1d [0147.053] CoTaskMemFree (pv=0x698010) [0147.053] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.053] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c320000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Cortana.ProxyStub.dll" (normalized: "c:\\windows\\system32\\windows.cortana.proxystub.dll")) returned 0x31 [0147.058] CoTaskMemFree (pv=0x698010) [0147.058] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e390000, lpmodinfo=0x2555d70, cb=0x18 | out: lpmodinfo=0x2555d70*(lpBaseOfDll=0x7ff86e390000, SizeOfImage=0x4a000, EntryPoint=0x7ff86e395800)) returned 1 [0147.063] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.063] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e390000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="DataExchange.dll") returned 0x10 [0147.067] CoTaskMemFree (pv=0x698010) [0147.067] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.067] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e390000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll")) returned 0x24 [0147.072] CoTaskMemFree (pv=0x698010) [0147.072] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c060000, lpmodinfo=0x2557f38, cb=0x18 | out: lpmodinfo=0x2557f38*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0147.077] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.077] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c060000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0147.082] CoTaskMemFree (pv=0x698010) [0147.082] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.082] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c060000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0147.087] CoTaskMemFree (pv=0x698010) [0147.087] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ab10000, lpmodinfo=0x255a0f0, cb=0x18 | out: lpmodinfo=0x255a0f0*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0147.092] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.092] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ab10000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0147.098] CoTaskMemFree (pv=0x698010) [0147.098] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.098] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ab10000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0147.104] CoTaskMemFree (pv=0x698010) [0147.104] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878ff0000, lpmodinfo=0x255c298, cb=0x18 | out: lpmodinfo=0x255c298*(lpBaseOfDll=0x7ff878ff0000, SizeOfImage=0x36000, EntryPoint=0x7ff879000070)) returned 1 [0147.109] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.109] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878ff0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0147.114] CoTaskMemFree (pv=0x698010) [0147.114] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.114] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878ff0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0147.119] CoTaskMemFree (pv=0x698010) [0147.119] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f290000, lpmodinfo=0x255e440, cb=0x18 | out: lpmodinfo=0x255e440*(lpBaseOfDll=0x7ff86f290000, SizeOfImage=0xb1000, EntryPoint=0x7ff86f2a08f0)) returned 1 [0147.124] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.124] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f290000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="twinapi.dll") returned 0xb [0147.129] CoTaskMemFree (pv=0x698010) [0147.129] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.129] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f290000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll")) returned 0x1f [0147.135] CoTaskMemFree (pv=0x698010) [0147.135] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8760c0000, lpmodinfo=0x25605e8, cb=0x18 | out: lpmodinfo=0x25605e8*(lpBaseOfDll=0x7ff8760c0000, SizeOfImage=0x260000, EntryPoint=0x7ff87616b5b0)) returned 1 [0147.140] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.140] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8760c0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="dwrite.dll") returned 0xa [0147.145] CoTaskMemFree (pv=0x698010) [0147.145] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.145] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8760c0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dwrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll")) returned 0x1e [0147.151] CoTaskMemFree (pv=0x698010) [0147.151] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86a270000, lpmodinfo=0x2562790, cb=0x18 | out: lpmodinfo=0x2562790*(lpBaseOfDll=0x7ff86a270000, SizeOfImage=0x5f000, EntryPoint=0x7ff86a281560)) returned 1 [0147.156] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.156] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86a270000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="Windows.Graphics.dll") returned 0x14 [0147.162] CoTaskMemFree (pv=0x698010) [0147.162] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.162] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86a270000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Graphics.dll" (normalized: "c:\\windows\\system32\\windows.graphics.dll")) returned 0x28 [0147.167] CoTaskMemFree (pv=0x698010) [0147.167] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86bdd0000, lpmodinfo=0x2564968, cb=0x18 | out: lpmodinfo=0x2564968*(lpBaseOfDll=0x7ff86bdd0000, SizeOfImage=0x262000, EntryPoint=0x7ff86be2ad50)) returned 1 [0147.173] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.173] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86bdd0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="Cortana.BackgroundTask.dll") returned 0x1a [0147.179] CoTaskMemFree (pv=0x698010) [0147.179] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.179] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86bdd0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\Cortana.BackgroundTask.dll" (normalized: "c:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\cortana.backgroundtask.dll")) returned 0x58 [0147.184] CoTaskMemFree (pv=0x698010) [0147.184] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86b0b0000, lpmodinfo=0x2566ba8, cb=0x18 | out: lpmodinfo=0x2566ba8*(lpBaseOfDll=0x7ff86b0b0000, SizeOfImage=0xc5000, EntryPoint=0x7ff86b0be740)) returned 1 [0147.190] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.190] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86b0b0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="Windows.Web.dll") returned 0xf [0147.195] CoTaskMemFree (pv=0x698010) [0147.195] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.195] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86b0b0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Web.dll" (normalized: "c:\\windows\\system32\\windows.web.dll")) returned 0x23 [0147.200] CoTaskMemFree (pv=0x698010) [0147.200] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d650000, lpmodinfo=0x2569178, cb=0x18 | out: lpmodinfo=0x2569178*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0147.206] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.206] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d650000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0147.211] CoTaskMemFree (pv=0x698010) [0147.212] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.212] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d650000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0147.226] CoTaskMemFree (pv=0x698010) [0147.226] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875ea0000, lpmodinfo=0x256b320, cb=0x18 | out: lpmodinfo=0x256b320*(lpBaseOfDll=0x7ff875ea0000, SizeOfImage=0x8b000, EntryPoint=0x7ff875ed3660)) returned 1 [0147.232] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.232] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875ea0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="directmanipulation.dll") returned 0x16 [0147.237] CoTaskMemFree (pv=0x698010) [0147.237] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.237] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875ea0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\directmanipulation.dll" (normalized: "c:\\windows\\system32\\directmanipulation.dll")) returned 0x2a [0147.243] CoTaskMemFree (pv=0x698010) [0147.243] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpmodinfo=0x256d4f8, cb=0x18 | out: lpmodinfo=0x256d4f8*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0147.250] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.250] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0147.256] CoTaskMemFree (pv=0x698010) [0147.256] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.256] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0147.261] CoTaskMemFree (pv=0x698010) [0147.262] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff869d30000, lpmodinfo=0x256f6a0, cb=0x18 | out: lpmodinfo=0x256f6a0*(lpBaseOfDll=0x7ff869d30000, SizeOfImage=0x339000, EntryPoint=0x7ff869dfeb30)) returned 1 [0147.267] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.267] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff869d30000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msftedit.dll") returned 0xc [0147.273] CoTaskMemFree (pv=0x698010) [0147.273] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.273] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff869d30000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msftedit.dll" (normalized: "c:\\windows\\system32\\msftedit.dll")) returned 0x20 [0147.279] CoTaskMemFree (pv=0x698010) [0147.279] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879bf0000, lpmodinfo=0x2571858, cb=0x18 | out: lpmodinfo=0x2571858*(lpBaseOfDll=0x7ff879bf0000, SizeOfImage=0x30000, EntryPoint=0x7ff879c09b10)) returned 1 [0147.285] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.285] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879bf0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="globinputhost.dll") returned 0x11 [0147.291] CoTaskMemFree (pv=0x698010) [0147.291] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.291] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879bf0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\globinputhost.dll" (normalized: "c:\\windows\\system32\\globinputhost.dll")) returned 0x25 [0147.297] CoTaskMemFree (pv=0x698010) [0147.297] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c490000, lpmodinfo=0x2573a20, cb=0x18 | out: lpmodinfo=0x2573a20*(lpBaseOfDll=0x7ff86c490000, SizeOfImage=0x5c000, EntryPoint=0x7ff86c4a7190)) returned 1 [0147.303] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.303] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c490000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="NInput.dll") returned 0xa [0147.309] CoTaskMemFree (pv=0x698010) [0147.309] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.309] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c490000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NInput.dll" (normalized: "c:\\windows\\system32\\ninput.dll")) returned 0x1e [0147.315] CoTaskMemFree (pv=0x698010) [0147.315] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff869940000, lpmodinfo=0x2575bc8, cb=0x18 | out: lpmodinfo=0x2575bc8*(lpBaseOfDll=0x7ff869940000, SizeOfImage=0x3ec000, EntryPoint=0x7ff869948780)) returned 1 [0147.322] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.322] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff869940000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="RemindersUI.dll") returned 0xf [0147.328] CoTaskMemFree (pv=0x698010) [0147.328] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.328] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff869940000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\RemindersUI.dll" (normalized: "c:\\windows\\systemapps\\microsoft.windows.cortana_cw5n1h2txyewy\\remindersui.dll")) returned 0x4d [0147.334] CoTaskMemFree (pv=0x698010) [0147.334] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86a2e0000, lpmodinfo=0x2577dd8, cb=0x18 | out: lpmodinfo=0x2577dd8*(lpBaseOfDll=0x7ff86a2e0000, SizeOfImage=0x18000, EntryPoint=0x7ff86a2e3a50)) returned 1 [0147.339] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.340] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86a2e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="Windows.Globalization.Fontgroups.dll") returned 0x24 [0147.346] CoTaskMemFree (pv=0x698010) [0147.346] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.346] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86a2e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Globalization.Fontgroups.dll" (normalized: "c:\\windows\\system32\\windows.globalization.fontgroups.dll")) returned 0x38 [0147.351] CoTaskMemFree (pv=0x698010) [0147.351] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878e40000, lpmodinfo=0x2579ff0, cb=0x18 | out: lpmodinfo=0x2579ff0*(lpBaseOfDll=0x7ff878e40000, SizeOfImage=0x33000, EntryPoint=0x7ff878e4d5a0)) returned 1 [0147.361] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.361] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878e40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="biwinrt.dll") returned 0xb [0147.367] CoTaskMemFree (pv=0x698010) [0147.367] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.367] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878e40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\biwinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll")) returned 0x1f [0147.373] CoTaskMemFree (pv=0x698010) [0147.373] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86a2d0000, lpmodinfo=0x257c198, cb=0x18 | out: lpmodinfo=0x257c198*(lpBaseOfDll=0x7ff86a2d0000, SizeOfImage=0xa000, EntryPoint=0x7ff86a2d1150)) returned 1 [0147.382] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.382] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86a2d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="fontgroupsoverride.dll") returned 0x16 [0147.388] CoTaskMemFree (pv=0x698010) [0147.388] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.388] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86a2d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\fontgroupsoverride.dll" (normalized: "c:\\windows\\system32\\fontgroupsoverride.dll")) returned 0x2a [0147.395] CoTaskMemFree (pv=0x698010) [0147.395] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8683c0000, lpmodinfo=0x257e370, cb=0x18 | out: lpmodinfo=0x257e370*(lpBaseOfDll=0x7ff8683c0000, SizeOfImage=0x157a000, EntryPoint=0x7ff86890a540)) returned 1 [0147.401] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.401] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8683c0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="edgehtml.dll") returned 0xc [0147.410] CoTaskMemFree (pv=0x698010) [0147.410] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.410] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8683c0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\edgehtml.dll" (normalized: "c:\\windows\\system32\\edgehtml.dll")) returned 0x20 [0147.416] CoTaskMemFree (pv=0x698010) [0147.416] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bf40000, lpmodinfo=0x2580528, cb=0x18 | out: lpmodinfo=0x2580528*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0147.422] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.422] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="cryptsp.dll") returned 0xb [0147.428] CoTaskMemFree (pv=0x698010) [0147.428] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.428] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0147.438] CoTaskMemFree (pv=0x698010) [0147.438] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff867500000, lpmodinfo=0x25826d0, cb=0x18 | out: lpmodinfo=0x25826d0*(lpBaseOfDll=0x7ff867500000, SizeOfImage=0x782000, EntryPoint=0x7ff8677753e0)) returned 1 [0147.444] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.444] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff867500000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="chakra.dll") returned 0xa [0147.450] CoTaskMemFree (pv=0x698010) [0147.450] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.450] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff867500000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\chakra.dll" (normalized: "c:\\windows\\system32\\chakra.dll")) returned 0x1e [0147.458] CoTaskMemFree (pv=0x698010) [0147.458] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c2e0000, lpmodinfo=0x2584878, cb=0x18 | out: lpmodinfo=0x2584878*(lpBaseOfDll=0x7ff86c2e0000, SizeOfImage=0x3e000, EntryPoint=0x7ff86c2e9650)) returned 1 [0147.464] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.464] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c2e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="MLANG.dll") returned 0x9 [0147.600] CoTaskMemFree (pv=0x698010) [0147.600] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.600] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c2e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MLANG.dll" (normalized: "c:\\windows\\system32\\mlang.dll")) returned 0x1d [0147.607] CoTaskMemFree (pv=0x698010) [0147.607] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879920000, lpmodinfo=0x2586a20, cb=0x18 | out: lpmodinfo=0x2586a20*(lpBaseOfDll=0x7ff879920000, SizeOfImage=0x1b1000, EntryPoint=0x7ff8799b61a0)) returned 1 [0147.613] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.613] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879920000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="windowscodecs.dll") returned 0x11 [0147.620] CoTaskMemFree (pv=0x698010) [0147.620] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.620] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879920000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windowscodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")) returned 0x25 [0147.626] CoTaskMemFree (pv=0x698010) [0147.626] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c2b0000, lpmodinfo=0x2588be8, cb=0x18 | out: lpmodinfo=0x2588be8*(lpBaseOfDll=0x7ff86c2b0000, SizeOfImage=0x21000, EntryPoint=0x7ff86c2be0a0)) returned 1 [0147.633] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.633] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c2b0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="srpapi.dll") returned 0xa [0147.640] CoTaskMemFree (pv=0x698010) [0147.640] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.640] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c2b0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\srpapi.dll" (normalized: "c:\\windows\\system32\\srpapi.dll")) returned 0x1e [0147.646] CoTaskMemFree (pv=0x698010) [0147.646] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d170000, lpmodinfo=0x258ad90, cb=0x18 | out: lpmodinfo=0x258ad90*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0147.653] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.653] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d170000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0147.659] CoTaskMemFree (pv=0x698010) [0147.660] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.660] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d170000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0147.668] CoTaskMemFree (pv=0x698010) [0147.668] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpmodinfo=0x258cf38, cb=0x18 | out: lpmodinfo=0x258cf38*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0147.675] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.675] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0147.681] CoTaskMemFree (pv=0x698010) [0147.681] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.681] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0147.688] CoTaskMemFree (pv=0x698010) [0147.688] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x258f0e0, cb=0x18 | out: lpmodinfo=0x258f0e0*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0147.695] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.695] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0147.702] CoTaskMemFree (pv=0x698010) [0147.703] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.703] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0147.709] CoTaskMemFree (pv=0x698010) [0147.709] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86ec70000, lpmodinfo=0x2591288, cb=0x18 | out: lpmodinfo=0x2591288*(lpBaseOfDll=0x7ff86ec70000, SizeOfImage=0x10000, EntryPoint=0x7ff86ec72200)) returned 1 [0147.715] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.716] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86ec70000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msimtf.dll") returned 0xa [0147.722] CoTaskMemFree (pv=0x698010) [0147.722] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.722] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86ec70000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msimtf.dll" (normalized: "c:\\windows\\system32\\msimtf.dll")) returned 0x1e [0147.729] CoTaskMemFree (pv=0x698010) [0147.729] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86ec80000, lpmodinfo=0x2593430, cb=0x18 | out: lpmodinfo=0x2593430*(lpBaseOfDll=0x7ff86ec80000, SizeOfImage=0x28e000, EntryPoint=0x7ff86ed50f00)) returned 1 [0147.737] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.737] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86ec80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WININET.dll") returned 0xb [0147.744] CoTaskMemFree (pv=0x698010) [0147.744] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.744] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86ec80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WININET.dll" (normalized: "c:\\windows\\system32\\wininet.dll")) returned 0x1f [0147.751] CoTaskMemFree (pv=0x698010) [0147.751] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c2a0000, lpmodinfo=0x25955d8, cb=0x18 | out: lpmodinfo=0x25955d8*(lpBaseOfDll=0x7ff86c2a0000, SizeOfImage=0xe000, EntryPoint=0x7ff86c2a4c60)) returned 1 [0147.758] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.758] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c2a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="tokenbinding.dll") returned 0x10 [0147.765] CoTaskMemFree (pv=0x698010) [0147.765] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.765] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c2a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\tokenbinding.dll" (normalized: "c:\\windows\\system32\\tokenbinding.dll")) returned 0x24 [0147.773] CoTaskMemFree (pv=0x698010) [0147.773] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87eed0000, lpmodinfo=0x25977a0, cb=0x18 | out: lpmodinfo=0x25977a0*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0147.780] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.780] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0147.787] CoTaskMemFree (pv=0x698010) [0147.787] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.787] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0147.794] CoTaskMemFree (pv=0x698010) [0147.794] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874ab0000, lpmodinfo=0x2599948, cb=0x18 | out: lpmodinfo=0x2599948*(lpBaseOfDll=0x7ff874ab0000, SizeOfImage=0x15000, EntryPoint=0x7ff874ab2dc0)) returned 1 [0147.801] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.801] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874ab0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0147.810] CoTaskMemFree (pv=0x698010) [0147.810] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.810] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874ab0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0147.817] CoTaskMemFree (pv=0x698010) [0147.817] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875480000, lpmodinfo=0x259bb30, cb=0x18 | out: lpmodinfo=0x259bb30*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0147.824] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.824] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875480000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0147.831] CoTaskMemFree (pv=0x698010) [0147.831] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.831] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875480000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0147.839] CoTaskMemFree (pv=0x698010) [0147.839] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878b20000, lpmodinfo=0x259dce8, cb=0x18 | out: lpmodinfo=0x259dce8*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0147.846] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.846] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878b20000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0147.854] CoTaskMemFree (pv=0x698010) [0147.854] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.854] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878b20000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0147.861] CoTaskMemFree (pv=0x698010) [0147.861] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87be90000, lpmodinfo=0x259fe90, cb=0x18 | out: lpmodinfo=0x259fe90*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0147.869] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.869] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87be90000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0147.877] CoTaskMemFree (pv=0x698010) [0147.877] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.877] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87be90000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0147.886] CoTaskMemFree (pv=0x698010) [0147.886] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8750d0000, lpmodinfo=0x25a2038, cb=0x18 | out: lpmodinfo=0x25a2038*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0147.893] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.893] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0147.900] CoTaskMemFree (pv=0x698010) [0147.900] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.901] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0147.908] CoTaskMemFree (pv=0x698010) [0147.908] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87efa0000, lpmodinfo=0x25a41e0, cb=0x18 | out: lpmodinfo=0x25a41e0*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0147.917] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.917] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0147.924] CoTaskMemFree (pv=0x698010) [0147.924] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.924] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0147.932] CoTaskMemFree (pv=0x698010) [0147.932] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b030000, lpmodinfo=0x25a6378, cb=0x18 | out: lpmodinfo=0x25a6378*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0147.939] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.940] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b030000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0147.947] CoTaskMemFree (pv=0x698010) [0147.947] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.947] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b030000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0147.956] CoTaskMemFree (pv=0x698010) [0147.956] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bd20000, lpmodinfo=0x25a8520, cb=0x18 | out: lpmodinfo=0x25a8520*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0147.964] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.964] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="userenv.dll") returned 0xb [0147.972] CoTaskMemFree (pv=0x698010) [0147.972] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.972] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0147.980] CoTaskMemFree (pv=0x698010) [0147.980] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86d200000, lpmodinfo=0x25aa6c8, cb=0x18 | out: lpmodinfo=0x25aa6c8*(lpBaseOfDll=0x7ff86d200000, SizeOfImage=0x15000, EntryPoint=0x7ff86d205740)) returned 1 [0147.989] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.989] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86d200000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="profext.dll") returned 0xb [0147.996] CoTaskMemFree (pv=0x698010) [0147.996] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0147.996] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86d200000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll")) returned 0x1f [0148.004] CoTaskMemFree (pv=0x698010) [0148.004] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bab0000, lpmodinfo=0x25ac870, cb=0x18 | out: lpmodinfo=0x25ac870*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0148.012] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.012] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0148.022] CoTaskMemFree (pv=0x698010) [0148.022] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.022] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0148.030] CoTaskMemFree (pv=0x698010) [0148.030] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c290000, lpmodinfo=0x25aea18, cb=0x18 | out: lpmodinfo=0x25aea18*(lpBaseOfDll=0x7ff86c290000, SizeOfImage=0xc000, EntryPoint=0x7ff86c294040)) returned 1 [0148.038] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.038] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c290000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="Windows.ApplicationModel.Background.TimeBroker.dll") returned 0x32 [0148.046] CoTaskMemFree (pv=0x698010) [0148.046] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.046] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c290000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.ApplicationModel.Background.TimeBroker.dll" (normalized: "c:\\windows\\system32\\windows.applicationmodel.background.timebroker.dll")) returned 0x46 [0148.054] CoTaskMemFree (pv=0x698010) [0148.054] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b380000, lpmodinfo=0x25b0c60, cb=0x18 | out: lpmodinfo=0x25b0c60*(lpBaseOfDll=0x7ff87b380000, SizeOfImage=0x2a000, EntryPoint=0x7ff87b388b90)) returned 1 [0148.062] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.062] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b380000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="rmclient.dll") returned 0xc [0148.070] CoTaskMemFree (pv=0x698010) [0148.070] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.070] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b380000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rmclient.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")) returned 0x20 [0148.079] CoTaskMemFree (pv=0x698010) [0148.079] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c250000, lpmodinfo=0x25b2e18, cb=0x18 | out: lpmodinfo=0x25b2e18*(lpBaseOfDll=0x7ff86c250000, SizeOfImage=0x38000, EntryPoint=0x7ff86c272120)) returned 1 [0148.087] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.087] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c250000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="rometadata.dll") returned 0xe [0148.097] CoTaskMemFree (pv=0x698010) [0148.097] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.097] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c250000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rometadata.dll" (normalized: "c:\\windows\\system32\\rometadata.dll")) returned 0x22 [0148.105] CoTaskMemFree (pv=0x698010) [0148.105] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874830000, lpmodinfo=0x25b4fd0, cb=0x18 | out: lpmodinfo=0x25b4fd0*(lpBaseOfDll=0x7ff874830000, SizeOfImage=0xa000, EntryPoint=0x7ff8748314c0)) returned 1 [0148.113] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.113] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874830000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0148.121] CoTaskMemFree (pv=0x698010) [0148.121] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.121] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874830000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0148.130] CoTaskMemFree (pv=0x698010) [0148.130] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874fc0000, lpmodinfo=0x25b7188, cb=0x18 | out: lpmodinfo=0x25b7188*(lpBaseOfDll=0x7ff874fc0000, SizeOfImage=0x67000, EntryPoint=0x7ff874fc63e0)) returned 1 [0148.138] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.138] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874fc0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0148.146] CoTaskMemFree (pv=0x698010) [0148.146] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.146] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874fc0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0148.154] CoTaskMemFree (pv=0x698010) [0148.154] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bb10000, lpmodinfo=0x25b9340, cb=0x18 | out: lpmodinfo=0x25b9340*(lpBaseOfDll=0x7ff87bb10000, SizeOfImage=0x7a000, EntryPoint=0x7ff87bb31a50)) returned 1 [0148.169] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.169] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bb10000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0148.178] CoTaskMemFree (pv=0x698010) [0148.178] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.178] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bb10000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0148.188] CoTaskMemFree (pv=0x698010) [0148.188] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c8b0000, lpmodinfo=0x25bb4f8, cb=0x18 | out: lpmodinfo=0x25bb4f8*(lpBaseOfDll=0x7ff86c8b0000, SizeOfImage=0x14000, EntryPoint=0x7ff86c8b3710)) returned 1 [0148.196] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.196] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c8b0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0148.205] CoTaskMemFree (pv=0x698010) [0148.205] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.205] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c8b0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0148.213] CoTaskMemFree (pv=0x698010) [0148.213] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c130000, lpmodinfo=0x25bd6c0, cb=0x18 | out: lpmodinfo=0x25bd6c0*(lpBaseOfDll=0x7ff87c130000, SizeOfImage=0x27000, EntryPoint=0x7ff87c140aa0)) returned 1 [0148.236] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.236] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c130000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0148.244] CoTaskMemFree (pv=0x698010) [0148.244] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.244] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c130000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0148.255] CoTaskMemFree (pv=0x698010) [0148.255] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c0f0000, lpmodinfo=0x25bf868, cb=0x18 | out: lpmodinfo=0x25bf868*(lpBaseOfDll=0x7ff87c0f0000, SizeOfImage=0x3a000, EntryPoint=0x7ff87c0f8d20)) returned 1 [0148.263] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.263] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c0f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0148.271] CoTaskMemFree (pv=0x698010) [0148.271] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.271] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c0f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0148.280] CoTaskMemFree (pv=0x698010) [0148.280] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c960000, lpmodinfo=0x25c1a10, cb=0x18 | out: lpmodinfo=0x25c1a10*(lpBaseOfDll=0x7ff86c960000, SizeOfImage=0x1e000, EntryPoint=0x7ff86c96ef80)) returned 1 [0148.290] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.290] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c960000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0148.298] CoTaskMemFree (pv=0x698010) [0148.298] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.299] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c960000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0148.307] CoTaskMemFree (pv=0x698010) [0148.307] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bc10000, lpmodinfo=0x25c3bc8, cb=0x18 | out: lpmodinfo=0x25c3bc8*(lpBaseOfDll=0x7ff87bc10000, SizeOfImage=0xa000, EntryPoint=0x7ff87bc11830)) returned 1 [0148.315] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.315] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bc10000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="DPAPI.DLL") returned 0x9 [0148.326] CoTaskMemFree (pv=0x698010) [0148.326] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.326] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bc10000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DPAPI.DLL" (normalized: "c:\\windows\\system32\\dpapi.dll")) returned 0x1d [0148.335] CoTaskMemFree (pv=0x698010) [0148.335] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d340000, lpmodinfo=0x25c5d70, cb=0x18 | out: lpmodinfo=0x25c5d70*(lpBaseOfDll=0x7ff87d340000, SizeOfImage=0x55000, EntryPoint=0x7ff87d357970)) returned 1 [0148.343] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.343] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d340000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0148.352] CoTaskMemFree (pv=0x698010) [0148.352] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.352] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d340000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0148.361] CoTaskMemFree (pv=0x698010) [0148.361] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpmodinfo=0x25c7f28, cb=0x18 | out: lpmodinfo=0x25c7f28*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0148.370] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.370] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0148.379] CoTaskMemFree (pv=0x698010) [0148.379] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.379] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0148.389] CoTaskMemFree (pv=0x698010) [0148.389] CloseHandle (hObject=0x260) returned 1 [0148.389] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0148.389] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1194) returned 0x260 [0148.389] EnumProcessModules (in: hProcess=0x260, lphModule=0x25cca48, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25cca48, lpcbNeeded=0x14ef68) returned 1 [0148.390] GetModuleInformation (in: hProcess=0x260, hModule=0xd40000, lpmodinfo=0x25cccb8, cb=0x18 | out: lpmodinfo=0x25cccb8*(lpBaseOfDll=0xd40000, SizeOfImage=0x17000, EntryPoint=0xd414a1)) returned 1 [0148.390] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.390] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xd40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="omnipos.exe") returned 0xb [0148.391] CoTaskMemFree (pv=0x698010) [0148.391] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.391] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xd40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\MSBuild\\omnipos.exe" (normalized: "c:\\program files (x86)\\msbuild\\omnipos.exe")) returned 0x2a [0148.391] CoTaskMemFree (pv=0x698010) [0148.391] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25ceeb0, cb=0x18 | out: lpmodinfo=0x25ceeb0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0148.392] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.392] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0148.394] CoTaskMemFree (pv=0x698010) [0148.394] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.394] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0148.394] CoTaskMemFree (pv=0x698010) [0148.394] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x25d1058, cb=0x18 | out: lpmodinfo=0x25d1058*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0148.395] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.395] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0148.395] CoTaskMemFree (pv=0x698010) [0148.396] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.396] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0148.396] CoTaskMemFree (pv=0x698010) [0148.396] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x25d3200, cb=0x18 | out: lpmodinfo=0x25d3200*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0148.397] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.397] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0148.397] CoTaskMemFree (pv=0x698010) [0148.397] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.397] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0148.398] CoTaskMemFree (pv=0x698010) [0148.398] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x25d53b8, cb=0x18 | out: lpmodinfo=0x25d53b8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0148.399] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.399] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0148.399] CoTaskMemFree (pv=0x698010) [0148.399] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.399] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0148.400] CoTaskMemFree (pv=0x698010) [0148.400] CloseHandle (hObject=0x260) returned 1 [0148.400] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0148.401] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x2f4) returned 0x260 [0148.401] EnumProcessModules (in: hProcess=0x260, lphModule=0x25d7ad0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25d7ad0, lpcbNeeded=0x14ef68) returned 1 [0148.404] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff7531e0000, lpmodinfo=0x25d7d40, cb=0x18 | out: lpmodinfo=0x25d7d40*(lpBaseOfDll=0x7ff7531e0000, SizeOfImage=0x80000, EntryPoint=0x7ff7531f5f50)) returned 1 [0148.405] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.405] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff7531e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wmiprvse.exe") returned 0xc [0148.405] CoTaskMemFree (pv=0x698010) [0148.405] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.405] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff7531e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiprvse.exe" (normalized: "c:\\windows\\system32\\wbem\\wmiprvse.exe")) returned 0x25 [0148.406] CoTaskMemFree (pv=0x698010) [0148.406] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25d9f38, cb=0x18 | out: lpmodinfo=0x25d9f38*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0148.406] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.406] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0148.407] CoTaskMemFree (pv=0x698010) [0148.407] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.407] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0148.407] CoTaskMemFree (pv=0x698010) [0148.407] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x25dc0e0, cb=0x18 | out: lpmodinfo=0x25dc0e0*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0148.408] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.408] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0148.408] CoTaskMemFree (pv=0x698010) [0148.408] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.408] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0148.409] CoTaskMemFree (pv=0x698010) [0148.409] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x25de298, cb=0x18 | out: lpmodinfo=0x25de298*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0148.409] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.410] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0148.410] CoTaskMemFree (pv=0x698010) [0148.410] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.410] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0148.411] CoTaskMemFree (pv=0x698010) [0148.411] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x25e0450, cb=0x18 | out: lpmodinfo=0x25e0450*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0148.418] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.418] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0148.419] CoTaskMemFree (pv=0x698010) [0148.419] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.419] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0148.419] CoTaskMemFree (pv=0x698010) [0148.419] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e990000, lpmodinfo=0x25e2650, cb=0x18 | out: lpmodinfo=0x25e2650*(lpBaseOfDll=0x7ff86e990000, SizeOfImage=0xf6000, EntryPoint=0x7ff86e9c9590)) returned 1 [0148.420] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.420] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e990000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="FastProx.dll") returned 0xc [0148.421] CoTaskMemFree (pv=0x698010) [0148.421] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.421] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e990000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\FastProx.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0148.422] CoTaskMemFree (pv=0x698010) [0148.422] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x25e4810, cb=0x18 | out: lpmodinfo=0x25e4810*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0148.423] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.423] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0148.424] CoTaskMemFree (pv=0x698010) [0148.424] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.424] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0148.425] CoTaskMemFree (pv=0x698010) [0148.425] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x25e69b8, cb=0x18 | out: lpmodinfo=0x25e69b8*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0148.426] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.426] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0148.427] CoTaskMemFree (pv=0x698010) [0148.427] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.427] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0148.428] CoTaskMemFree (pv=0x698010) [0148.428] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x25e8b60, cb=0x18 | out: lpmodinfo=0x25e8b60*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0148.429] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.429] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0148.431] CoTaskMemFree (pv=0x698010) [0148.431] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.431] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0148.432] CoTaskMemFree (pv=0x698010) [0148.432] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e590000, lpmodinfo=0x25eadd0, cb=0x18 | out: lpmodinfo=0x25eadd0*(lpBaseOfDll=0x7ff86e590000, SizeOfImage=0x16000, EntryPoint=0x7ff86e5955e0)) returned 1 [0148.433] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.433] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e590000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="NCObjAPI.DLL") returned 0xc [0148.435] CoTaskMemFree (pv=0x698010) [0148.435] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.435] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e590000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NCObjAPI.DLL" (normalized: "c:\\windows\\system32\\ncobjapi.dll")) returned 0x20 [0148.436] CoTaskMemFree (pv=0x698010) [0148.436] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870c70000, lpmodinfo=0x25ecf88, cb=0x18 | out: lpmodinfo=0x25ecf88*(lpBaseOfDll=0x7ff870c70000, SizeOfImage=0x7f000, EntryPoint=0x7ff870c87110)) returned 1 [0148.437] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.437] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870c70000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wbemcomn.dll") returned 0xc [0148.439] CoTaskMemFree (pv=0x698010) [0148.439] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.439] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870c70000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")) returned 0x20 [0148.440] CoTaskMemFree (pv=0x698010) [0148.440] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87eed0000, lpmodinfo=0x25ef140, cb=0x18 | out: lpmodinfo=0x25ef140*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0148.441] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.441] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0148.442] CoTaskMemFree (pv=0x698010) [0148.442] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.443] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0148.444] CoTaskMemFree (pv=0x698010) [0148.444] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x25f12e8, cb=0x18 | out: lpmodinfo=0x25f12e8*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0148.445] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.445] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0148.446] CoTaskMemFree (pv=0x698010) [0148.446] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.446] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0148.448] CoTaskMemFree (pv=0x698010) [0148.448] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x25f3490, cb=0x18 | out: lpmodinfo=0x25f3490*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0148.449] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.449] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0148.451] CoTaskMemFree (pv=0x698010) [0148.451] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.451] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0148.452] CoTaskMemFree (pv=0x698010) [0148.452] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x25f5638, cb=0x18 | out: lpmodinfo=0x25f5638*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0148.454] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.454] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0148.455] CoTaskMemFree (pv=0x698010) [0148.455] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.455] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0148.457] CoTaskMemFree (pv=0x698010) [0148.457] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x25f77f0, cb=0x18 | out: lpmodinfo=0x25f77f0*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0148.458] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.458] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0148.460] CoTaskMemFree (pv=0x698010) [0148.460] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.460] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0148.461] CoTaskMemFree (pv=0x698010) [0148.461] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x25f9998, cb=0x18 | out: lpmodinfo=0x25f9998*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0148.463] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.463] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0148.465] CoTaskMemFree (pv=0x698010) [0148.465] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.465] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0148.466] CoTaskMemFree (pv=0x698010) [0148.466] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x25fbc58, cb=0x18 | out: lpmodinfo=0x25fbc58*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0148.467] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.467] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0148.469] CoTaskMemFree (pv=0x698010) [0148.469] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.469] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0148.473] CoTaskMemFree (pv=0x698010) [0148.473] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x25fde20, cb=0x18 | out: lpmodinfo=0x25fde20*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0148.475] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.475] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0148.477] CoTaskMemFree (pv=0x698010) [0148.477] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.477] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0148.478] CoTaskMemFree (pv=0x698010) [0148.478] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x25fffc8, cb=0x18 | out: lpmodinfo=0x25fffc8*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0148.480] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.480] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0148.482] CoTaskMemFree (pv=0x698010) [0148.482] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.482] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0148.484] CoTaskMemFree (pv=0x698010) [0148.484] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e970000, lpmodinfo=0x2602180, cb=0x18 | out: lpmodinfo=0x2602180*(lpBaseOfDll=0x7ff86e970000, SizeOfImage=0x14000, EntryPoint=0x7ff86e971800)) returned 1 [0148.486] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.486] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e970000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0148.488] CoTaskMemFree (pv=0x698010) [0148.488] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.488] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e970000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0148.490] CoTaskMemFree (pv=0x698010) [0148.490] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e940000, lpmodinfo=0x2604338, cb=0x18 | out: lpmodinfo=0x2604338*(lpBaseOfDll=0x7ff86e940000, SizeOfImage=0x25000, EntryPoint=0x7ff86e949900)) returned 1 [0148.499] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.499] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e940000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wmiutils.dll") returned 0xc [0148.501] CoTaskMemFree (pv=0x698010) [0148.502] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.502] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e940000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")) returned 0x25 [0148.504] CoTaskMemFree (pv=0x698010) [0148.504] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff866340000, lpmodinfo=0x26064f8, cb=0x18 | out: lpmodinfo=0x26064f8*(lpBaseOfDll=0x7ff866340000, SizeOfImage=0x1cf000, EntryPoint=0x7ff866367df0)) returned 1 [0148.506] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.506] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff866340000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="cimwin32.dll") returned 0xc [0148.508] CoTaskMemFree (pv=0x698010) [0148.508] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.508] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff866340000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\cimwin32.dll" (normalized: "c:\\windows\\system32\\wbem\\cimwin32.dll")) returned 0x25 [0148.510] CoTaskMemFree (pv=0x698010) [0148.510] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x26086b8, cb=0x18 | out: lpmodinfo=0x26086b8*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0148.512] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.512] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0148.515] CoTaskMemFree (pv=0x698010) [0148.515] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.515] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0148.517] CoTaskMemFree (pv=0x698010) [0148.517] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8755b0000, lpmodinfo=0x260a870, cb=0x18 | out: lpmodinfo=0x260a870*(lpBaseOfDll=0x7ff8755b0000, SizeOfImage=0x4e000, EntryPoint=0x7ff8755c1ce0)) returned 1 [0148.525] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.525] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8755b0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="framedynos.dll") returned 0xe [0148.528] CoTaskMemFree (pv=0x698010) [0148.528] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.528] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8755b0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")) returned 0x22 [0148.530] CoTaskMemFree (pv=0x698010) [0148.530] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x260ca28, cb=0x18 | out: lpmodinfo=0x260ca28*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0148.532] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.532] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0148.535] CoTaskMemFree (pv=0x698010) [0148.535] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.535] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0148.538] CoTaskMemFree (pv=0x698010) [0148.538] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ad00000, lpmodinfo=0x260ebd0, cb=0x18 | out: lpmodinfo=0x260ebd0*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0148.540] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.540] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0148.543] CoTaskMemFree (pv=0x698010) [0148.543] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.543] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0148.546] CoTaskMemFree (pv=0x698010) [0148.546] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpmodinfo=0x2610d88, cb=0x18 | out: lpmodinfo=0x2610d88*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0148.548] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.548] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0148.551] CoTaskMemFree (pv=0x698010) [0148.551] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.551] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0148.553] CoTaskMemFree (pv=0x698010) [0148.553] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87afe0000, lpmodinfo=0x2612f30, cb=0x18 | out: lpmodinfo=0x2612f30*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0148.557] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.557] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87afe0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0148.559] CoTaskMemFree (pv=0x698010) [0148.559] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.559] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87afe0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0148.562] CoTaskMemFree (pv=0x698010) [0148.562] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x26150d8, cb=0x18 | out: lpmodinfo=0x26150d8*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0148.565] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.565] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0148.567] CoTaskMemFree (pv=0x698010) [0148.567] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.567] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0148.570] CoTaskMemFree (pv=0x698010) [0148.570] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d0a0000, lpmodinfo=0x2617290, cb=0x18 | out: lpmodinfo=0x2617290*(lpBaseOfDll=0x7ff87d0a0000, SizeOfImage=0x17000, EntryPoint=0x7ff87d0a1390)) returned 1 [0148.573] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.573] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d0a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="NETAPI32.DLL") returned 0xc [0148.575] CoTaskMemFree (pv=0x698010) [0148.575] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.575] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d0a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NETAPI32.DLL" (normalized: "c:\\windows\\system32\\netapi32.dll")) returned 0x20 [0148.578] CoTaskMemFree (pv=0x698010) [0148.578] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875a10000, lpmodinfo=0x2619448, cb=0x18 | out: lpmodinfo=0x2619448*(lpBaseOfDll=0x7ff875a10000, SizeOfImage=0x19000, EntryPoint=0x7ff875a14520)) returned 1 [0148.581] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.581] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875a10000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SAMCLI.DLL") returned 0xa [0148.584] CoTaskMemFree (pv=0x698010) [0148.584] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.584] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875a10000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SAMCLI.DLL" (normalized: "c:\\windows\\system32\\samcli.dll")) returned 0x1e [0148.587] CoTaskMemFree (pv=0x698010) [0148.587] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86d070000, lpmodinfo=0x261b5f0, cb=0x18 | out: lpmodinfo=0x261b5f0*(lpBaseOfDll=0x7ff86d070000, SizeOfImage=0x26000, EntryPoint=0x7ff86d071cf0)) returned 1 [0148.590] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.590] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86d070000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SRVCLI.DLL") returned 0xa [0148.593] CoTaskMemFree (pv=0x698010) [0148.593] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.593] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86d070000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SRVCLI.DLL" (normalized: "c:\\windows\\system32\\srvcli.dll")) returned 0x1e [0148.595] CoTaskMemFree (pv=0x698010) [0148.595] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpmodinfo=0x261d9b0, cb=0x18 | out: lpmodinfo=0x261d9b0*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0148.599] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.599] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="NETUTILS.DLL") returned 0xc [0148.602] CoTaskMemFree (pv=0x698010) [0148.602] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.602] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NETUTILS.DLL" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0148.605] CoTaskMemFree (pv=0x698010) [0148.605] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878510000, lpmodinfo=0x261fb68, cb=0x18 | out: lpmodinfo=0x261fb68*(lpBaseOfDll=0x7ff878510000, SizeOfImage=0x3e000, EntryPoint=0x7ff87851a050)) returned 1 [0148.608] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.608] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878510000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="LOGONCLI.DLL") returned 0xc [0148.611] CoTaskMemFree (pv=0x698010) [0148.611] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.611] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878510000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\LOGONCLI.DLL" (normalized: "c:\\windows\\system32\\logoncli.dll")) returned 0x20 [0148.614] CoTaskMemFree (pv=0x698010) [0148.614] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8617b0000, lpmodinfo=0x2621d20, cb=0x18 | out: lpmodinfo=0x2621d20*(lpBaseOfDll=0x7ff8617b0000, SizeOfImage=0x14000, EntryPoint=0x7ff8617b1310)) returned 1 [0148.618] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.618] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8617b0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="BROWCLI.DLL") returned 0xb [0148.621] CoTaskMemFree (pv=0x698010) [0148.621] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.621] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8617b0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\BROWCLI.DLL" (normalized: "c:\\windows\\system32\\browcli.dll")) returned 0x1f [0148.624] CoTaskMemFree (pv=0x698010) [0148.624] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c5a0000, lpmodinfo=0x2623ec8, cb=0x18 | out: lpmodinfo=0x2623ec8*(lpBaseOfDll=0x7ff86c5a0000, SizeOfImage=0xb000, EntryPoint=0x7ff86c5a12b0)) returned 1 [0148.628] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.628] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c5a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SCHEDCLI.DLL") returned 0xc [0148.631] CoTaskMemFree (pv=0x698010) [0148.631] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.631] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c5a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SCHEDCLI.DLL" (normalized: "c:\\windows\\system32\\schedcli.dll")) returned 0x20 [0148.643] CoTaskMemFree (pv=0x698010) [0148.643] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875230000, lpmodinfo=0x2626080, cb=0x18 | out: lpmodinfo=0x2626080*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff875231b60)) returned 1 [0148.649] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.649] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875230000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WKSCLI.DLL") returned 0xa [0148.652] CoTaskMemFree (pv=0x698010) [0148.652] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.652] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875230000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WKSCLI.DLL" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0148.655] CoTaskMemFree (pv=0x698010) [0148.655] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8786a0000, lpmodinfo=0x2628228, cb=0x18 | out: lpmodinfo=0x2628228*(lpBaseOfDll=0x7ff8786a0000, SizeOfImage=0xa000, EntryPoint=0x7ff8786a1660)) returned 1 [0148.659] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.659] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8786a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="DSROLE.DLL") returned 0xa [0148.674] CoTaskMemFree (pv=0x698010) [0148.674] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.674] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8786a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DSROLE.DLL" (normalized: "c:\\windows\\system32\\dsrole.dll")) returned 0x1e [0148.678] CoTaskMemFree (pv=0x698010) [0148.678] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8615e0000, lpmodinfo=0x262a3d0, cb=0x18 | out: lpmodinfo=0x262a3d0*(lpBaseOfDll=0x7ff8615e0000, SizeOfImage=0xe000, EntryPoint=0x7ff8615e1da0)) returned 1 [0148.681] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.682] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8615e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="winbrand.dll") returned 0xc [0148.685] CoTaskMemFree (pv=0x698010) [0148.685] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.685] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8615e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winbrand.dll" (normalized: "c:\\windows\\system32\\winbrand.dll")) returned 0x20 [0148.694] CoTaskMemFree (pv=0x698010) [0148.694] GetModuleInformation (in: hProcess=0x260, hModule=0x180000000, lpmodinfo=0x262c588, cb=0x18 | out: lpmodinfo=0x262c588*(lpBaseOfDll=0x180000000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0148.698] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.698] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x180000000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SECURITY.DLL") returned 0xc [0148.703] CoTaskMemFree (pv=0x698010) [0148.703] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.703] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x180000000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SECURITY.DLL" (normalized: "c:\\windows\\system32\\security.dll")) returned 0x20 [0148.707] CoTaskMemFree (pv=0x698010) [0148.707] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870dc0000, lpmodinfo=0x262e740, cb=0x18 | out: lpmodinfo=0x262e740*(lpBaseOfDll=0x7ff870dc0000, SizeOfImage=0xc000, EntryPoint=0x7ff870dc35c0)) returned 1 [0148.711] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.711] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870dc0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SECUR32.DLL") returned 0xb [0148.716] CoTaskMemFree (pv=0x698010) [0148.716] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.716] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870dc0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SECUR32.DLL" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0148.722] CoTaskMemFree (pv=0x698010) [0148.722] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bb10000, lpmodinfo=0x26308e8, cb=0x18 | out: lpmodinfo=0x26308e8*(lpBaseOfDll=0x7ff87bb10000, SizeOfImage=0x7a000, EntryPoint=0x7ff87bb31a50)) returned 1 [0148.725] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.725] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bb10000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0148.729] CoTaskMemFree (pv=0x698010) [0148.729] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.729] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bb10000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0148.733] CoTaskMemFree (pv=0x698010) [0148.733] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d170000, lpmodinfo=0x2632aa0, cb=0x18 | out: lpmodinfo=0x2632aa0*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0148.736] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.736] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d170000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0148.740] CoTaskMemFree (pv=0x698010) [0148.740] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.740] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d170000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0148.744] CoTaskMemFree (pv=0x698010) [0148.744] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpmodinfo=0x2634c48, cb=0x18 | out: lpmodinfo=0x2634c48*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0148.747] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.747] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0148.751] CoTaskMemFree (pv=0x698010) [0148.751] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.751] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0148.756] CoTaskMemFree (pv=0x698010) [0148.756] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8744b0000, lpmodinfo=0x2636df0, cb=0x18 | out: lpmodinfo=0x2636df0*(lpBaseOfDll=0x7ff8744b0000, SizeOfImage=0x12000, EntryPoint=0x7ff8744b3580)) returned 1 [0148.760] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.760] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8744b0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="cscapi.dll") returned 0xa [0148.764] CoTaskMemFree (pv=0x698010) [0148.764] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.764] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8744b0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")) returned 0x1e [0148.767] CoTaskMemFree (pv=0x698010) [0148.768] CloseHandle (hObject=0x260) returned 1 [0148.768] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0148.768] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9e0) returned 0x260 [0148.768] EnumProcessModules (in: hProcess=0x260, lphModule=0x263a2b8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x263a2b8, lpcbNeeded=0x14ef68) returned 1 [0148.769] GetModuleInformation (in: hProcess=0x260, hModule=0x860000, lpmodinfo=0x263a528, cb=0x18 | out: lpmodinfo=0x263a528*(lpBaseOfDll=0x860000, SizeOfImage=0x17000, EntryPoint=0x8614a1)) returned 1 [0148.769] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.769] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x860000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="material_sing.exe") returned 0x11 [0148.770] CoTaskMemFree (pv=0x698010) [0148.770] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.770] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x860000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Program Files\\Reference Assemblies\\material_sing.exe" (normalized: "c:\\program files\\reference assemblies\\material_sing.exe")) returned 0x37 [0148.770] CoTaskMemFree (pv=0x698010) [0148.770] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x263c748, cb=0x18 | out: lpmodinfo=0x263c748*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0148.771] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.771] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0148.771] CoTaskMemFree (pv=0x698010) [0148.771] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.771] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0148.772] CoTaskMemFree (pv=0x698010) [0148.772] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x263e8f0, cb=0x18 | out: lpmodinfo=0x263e8f0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0148.772] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.772] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0148.773] CoTaskMemFree (pv=0x698010) [0148.773] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.773] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0148.773] CoTaskMemFree (pv=0x698010) [0148.774] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x2640a98, cb=0x18 | out: lpmodinfo=0x2640a98*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0148.774] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.774] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0148.775] CoTaskMemFree (pv=0x698010) [0148.775] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.775] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0148.776] CoTaskMemFree (pv=0x698010) [0148.776] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x2642c50, cb=0x18 | out: lpmodinfo=0x2642c50*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0148.776] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.776] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0148.777] CoTaskMemFree (pv=0x698010) [0148.777] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.777] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0148.778] CoTaskMemFree (pv=0x698010) [0148.778] CloseHandle (hObject=0x260) returned 1 [0148.778] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0148.778] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xdc4) returned 0x260 [0148.778] EnumProcessModules (in: hProcess=0x260, lphModule=0x2645368, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2645368, lpcbNeeded=0x14ef68) returned 1 [0148.780] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff791330000, lpmodinfo=0x26455d8, cb=0x18 | out: lpmodinfo=0x26455d8*(lpBaseOfDll=0x7ff791330000, SizeOfImage=0x2f000, EntryPoint=0x7ff791345d50)) returned 1 [0148.780] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.780] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff791330000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WMIADAP.EXE") returned 0xb [0148.781] CoTaskMemFree (pv=0x698010) [0148.781] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.781] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff791330000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="\\\\?\\C:\\Windows\\system32\\wbem\\WMIADAP.EXE" (normalized: "c:\\windows\\system32\\wbem\\wmiadap.exe")) returned 0x28 [0148.781] CoTaskMemFree (pv=0x698010) [0148.781] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2647838, cb=0x18 | out: lpmodinfo=0x2647838*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0148.782] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.782] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0148.782] CoTaskMemFree (pv=0x698010) [0148.782] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.782] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0148.783] CoTaskMemFree (pv=0x698010) [0148.783] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x26499e0, cb=0x18 | out: lpmodinfo=0x26499e0*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0148.783] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.783] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0148.784] CoTaskMemFree (pv=0x698010) [0148.784] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.784] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0148.785] CoTaskMemFree (pv=0x698010) [0148.785] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x264bb98, cb=0x18 | out: lpmodinfo=0x264bb98*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0148.785] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.785] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0148.786] CoTaskMemFree (pv=0x698010) [0148.786] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.786] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0148.787] CoTaskMemFree (pv=0x698010) [0148.787] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x264dd50, cb=0x18 | out: lpmodinfo=0x264dd50*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0148.787] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.787] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0148.799] CoTaskMemFree (pv=0x698010) [0148.800] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.800] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0148.800] CoTaskMemFree (pv=0x698010) [0148.800] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x264ff50, cb=0x18 | out: lpmodinfo=0x264ff50*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0148.801] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.801] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0148.803] CoTaskMemFree (pv=0x698010) [0148.803] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.803] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0148.804] CoTaskMemFree (pv=0x698010) [0148.804] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x26520f8, cb=0x18 | out: lpmodinfo=0x26520f8*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0148.805] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.805] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0148.806] CoTaskMemFree (pv=0x698010) [0148.806] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.806] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0148.806] CoTaskMemFree (pv=0x698010) [0148.806] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x26542a0, cb=0x18 | out: lpmodinfo=0x26542a0*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0148.807] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.807] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0148.808] CoTaskMemFree (pv=0x698010) [0148.808] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.808] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0148.809] CoTaskMemFree (pv=0x698010) [0148.809] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x2656478, cb=0x18 | out: lpmodinfo=0x2656478*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0148.810] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.810] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0148.811] CoTaskMemFree (pv=0x698010) [0148.811] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.811] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0148.812] CoTaskMemFree (pv=0x698010) [0148.812] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870c70000, lpmodinfo=0x26586b8, cb=0x18 | out: lpmodinfo=0x26586b8*(lpBaseOfDll=0x7ff870c70000, SizeOfImage=0x7f000, EntryPoint=0x7ff870c87110)) returned 1 [0148.813] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.813] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870c70000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wbemcomn.dll") returned 0xc [0148.815] CoTaskMemFree (pv=0x698010) [0148.815] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.815] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870c70000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")) returned 0x20 [0148.816] CoTaskMemFree (pv=0x698010) [0148.816] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87eed0000, lpmodinfo=0x265a870, cb=0x18 | out: lpmodinfo=0x265a870*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0148.817] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.817] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0148.818] CoTaskMemFree (pv=0x698010) [0148.818] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.818] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0148.819] CoTaskMemFree (pv=0x698010) [0148.819] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875cf0000, lpmodinfo=0x265ca18, cb=0x18 | out: lpmodinfo=0x265ca18*(lpBaseOfDll=0x7ff875cf0000, SizeOfImage=0x25000, EntryPoint=0x7ff875cfb320)) returned 1 [0148.820] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.820] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875cf0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="loadperf.dll") returned 0xc [0148.822] CoTaskMemFree (pv=0x698010) [0148.822] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.822] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875cf0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\loadperf.dll" (normalized: "c:\\windows\\system32\\loadperf.dll")) returned 0x20 [0148.823] CoTaskMemFree (pv=0x698010) [0148.823] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x265ebd0, cb=0x18 | out: lpmodinfo=0x265ebd0*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0148.824] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.824] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0148.825] CoTaskMemFree (pv=0x698010) [0148.825] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.825] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0148.827] CoTaskMemFree (pv=0x698010) [0148.827] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x2660d78, cb=0x18 | out: lpmodinfo=0x2660d78*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0148.828] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.828] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0148.830] CoTaskMemFree (pv=0x698010) [0148.830] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.830] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0148.831] CoTaskMemFree (pv=0x698010) [0148.831] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x2662f20, cb=0x18 | out: lpmodinfo=0x2662f20*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0148.833] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.833] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0148.834] CoTaskMemFree (pv=0x698010) [0148.834] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.834] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0148.836] CoTaskMemFree (pv=0x698010) [0148.836] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x26650c8, cb=0x18 | out: lpmodinfo=0x26650c8*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0148.837] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.837] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0148.839] CoTaskMemFree (pv=0x698010) [0148.839] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.839] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0148.840] CoTaskMemFree (pv=0x698010) [0148.840] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x2667290, cb=0x18 | out: lpmodinfo=0x2667290*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0148.842] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.842] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0148.844] CoTaskMemFree (pv=0x698010) [0148.844] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.844] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0148.845] CoTaskMemFree (pv=0x698010) [0148.845] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86efa0000, lpmodinfo=0x2669550, cb=0x18 | out: lpmodinfo=0x2669550*(lpBaseOfDll=0x7ff86efa0000, SizeOfImage=0x11000, EntryPoint=0x7ff86efa2fc0)) returned 1 [0148.847] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.847] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86efa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0148.848] CoTaskMemFree (pv=0x698010) [0148.848] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.848] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86efa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0148.850] CoTaskMemFree (pv=0x698010) [0148.850] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x266b710, cb=0x18 | out: lpmodinfo=0x266b710*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0148.852] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.852] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0148.854] CoTaskMemFree (pv=0x698010) [0148.854] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.854] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0148.856] CoTaskMemFree (pv=0x698010) [0148.856] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e970000, lpmodinfo=0x266d8c8, cb=0x18 | out: lpmodinfo=0x266d8c8*(lpBaseOfDll=0x7ff86e970000, SizeOfImage=0x14000, EntryPoint=0x7ff86e971800)) returned 1 [0148.857] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.857] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e970000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0148.859] CoTaskMemFree (pv=0x698010) [0148.859] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.859] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e970000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0148.861] CoTaskMemFree (pv=0x698010) [0148.861] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e990000, lpmodinfo=0x266fa80, cb=0x18 | out: lpmodinfo=0x266fa80*(lpBaseOfDll=0x7ff86e990000, SizeOfImage=0xf6000, EntryPoint=0x7ff86e9c9590)) returned 1 [0148.863] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.863] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e990000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="fastprox.dll") returned 0xc [0148.865] CoTaskMemFree (pv=0x698010) [0148.865] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.865] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e990000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0148.866] CoTaskMemFree (pv=0x698010) [0148.866] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87eec0000, lpmodinfo=0x2671c40, cb=0x18 | out: lpmodinfo=0x2671c40*(lpBaseOfDll=0x7ff87eec0000, SizeOfImage=0x8000, EntryPoint=0x7ff87eec10b0)) returned 1 [0148.868] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.868] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87eec0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="PSAPI.DLL") returned 0x9 [0148.871] CoTaskMemFree (pv=0x698010) [0148.871] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.871] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87eec0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PSAPI.DLL" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0148.873] CoTaskMemFree (pv=0x698010) [0148.873] CloseHandle (hObject=0x260) returned 1 [0148.874] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0148.874] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1004) returned 0x260 [0148.874] EnumProcessModules (in: hProcess=0x260, lphModule=0x26748c8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26748c8, lpcbNeeded=0x14ef68) returned 1 [0148.875] GetModuleInformation (in: hProcess=0x260, hModule=0x1360000, lpmodinfo=0x2674b38, cb=0x18 | out: lpmodinfo=0x2674b38*(lpBaseOfDll=0x1360000, SizeOfImage=0x17000, EntryPoint=0x13614a1)) returned 1 [0148.875] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.875] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x1360000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="flashfxp.exe") returned 0xc [0148.875] CoTaskMemFree (pv=0x698010) [0148.875] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.875] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x1360000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Common Files\\flashfxp.exe" (normalized: "c:\\program files (x86)\\common files\\flashfxp.exe")) returned 0x30 [0148.876] CoTaskMemFree (pv=0x698010) [0148.876] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2676d48, cb=0x18 | out: lpmodinfo=0x2676d48*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0148.876] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.876] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0148.877] CoTaskMemFree (pv=0x698010) [0148.877] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.877] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0148.877] CoTaskMemFree (pv=0x698010) [0148.877] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x2678ef0, cb=0x18 | out: lpmodinfo=0x2678ef0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0148.878] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.878] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0148.878] CoTaskMemFree (pv=0x698010) [0148.878] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.878] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0148.879] CoTaskMemFree (pv=0x698010) [0148.879] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x267b098, cb=0x18 | out: lpmodinfo=0x267b098*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0148.879] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.880] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0148.880] CoTaskMemFree (pv=0x698010) [0148.880] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.880] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0148.881] CoTaskMemFree (pv=0x698010) [0148.881] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x267d250, cb=0x18 | out: lpmodinfo=0x267d250*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0148.882] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.882] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0148.882] CoTaskMemFree (pv=0x698010) [0148.882] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.883] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0148.883] CoTaskMemFree (pv=0x698010) [0148.883] CloseHandle (hObject=0x260) returned 1 [0148.884] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0148.884] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10d4) returned 0x260 [0148.884] EnumProcessModules (in: hProcess=0x260, lphModule=0x267f968, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x267f968, lpcbNeeded=0x14ef68) returned 1 [0148.884] GetModuleInformation (in: hProcess=0x260, hModule=0x8a0000, lpmodinfo=0x267fbd8, cb=0x18 | out: lpmodinfo=0x267fbd8*(lpBaseOfDll=0x8a0000, SizeOfImage=0x17000, EntryPoint=0x8a14a1)) returned 1 [0148.885] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.885] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x8a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="webdrive.exe") returned 0xc [0148.885] CoTaskMemFree (pv=0x698010) [0148.885] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.885] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x8a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\webdrive.exe" (normalized: "c:\\program files (x86)\\windows media player\\webdrive.exe")) returned 0x38 [0148.886] CoTaskMemFree (pv=0x698010) [0148.886] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2681df8, cb=0x18 | out: lpmodinfo=0x2681df8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0148.886] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.886] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0148.886] CoTaskMemFree (pv=0x698010) [0148.886] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.887] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0148.887] CoTaskMemFree (pv=0x698010) [0148.887] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x2683fa0, cb=0x18 | out: lpmodinfo=0x2683fa0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0148.887] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.888] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0148.888] CoTaskMemFree (pv=0x698010) [0148.888] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.888] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0148.889] CoTaskMemFree (pv=0x698010) [0148.889] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x2686148, cb=0x18 | out: lpmodinfo=0x2686148*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0148.889] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.889] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0148.890] CoTaskMemFree (pv=0x698010) [0148.890] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.890] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0148.891] CoTaskMemFree (pv=0x698010) [0148.891] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x2688300, cb=0x18 | out: lpmodinfo=0x2688300*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0148.891] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.891] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0148.892] CoTaskMemFree (pv=0x698010) [0148.892] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.892] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0148.893] CoTaskMemFree (pv=0x698010) [0148.893] CloseHandle (hObject=0x260) returned 1 [0148.893] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0148.893] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x118c) returned 0x260 [0148.893] EnumProcessModules (in: hProcess=0x260, lphModule=0x268aa18, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x268aa18, lpcbNeeded=0x14ef68) returned 1 [0148.894] GetModuleInformation (in: hProcess=0x260, hModule=0x200000, lpmodinfo=0x268ac88, cb=0x18 | out: lpmodinfo=0x268ac88*(lpBaseOfDll=0x200000, SizeOfImage=0x17000, EntryPoint=0x2014a1)) returned 1 [0148.894] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.894] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x200000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="spcwin.exe") returned 0xa [0148.895] CoTaskMemFree (pv=0x698010) [0148.895] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.895] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x200000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Multimedia Platform\\spcwin.exe" (normalized: "c:\\program files\\windows multimedia platform\\spcwin.exe")) returned 0x37 [0148.895] CoTaskMemFree (pv=0x698010) [0148.895] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x268ce98, cb=0x18 | out: lpmodinfo=0x268ce98*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0148.896] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.896] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0148.896] CoTaskMemFree (pv=0x698010) [0148.896] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.896] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0148.897] CoTaskMemFree (pv=0x698010) [0148.897] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x268f040, cb=0x18 | out: lpmodinfo=0x268f040*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0148.897] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.897] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0148.898] CoTaskMemFree (pv=0x698010) [0148.898] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.898] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0148.898] CoTaskMemFree (pv=0x698010) [0148.898] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x26911e8, cb=0x18 | out: lpmodinfo=0x26911e8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0148.899] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.899] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0148.899] CoTaskMemFree (pv=0x698010) [0148.899] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.900] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0148.900] CoTaskMemFree (pv=0x698010) [0148.900] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x26933a0, cb=0x18 | out: lpmodinfo=0x26933a0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0148.901] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.901] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0148.903] CoTaskMemFree (pv=0x698010) [0148.903] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.903] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0148.904] CoTaskMemFree (pv=0x698010) [0148.904] CloseHandle (hObject=0x260) returned 1 [0148.904] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0148.904] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10c4) returned 0x260 [0148.904] EnumProcessModules (in: hProcess=0x260, lphModule=0x2695ab8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2695ab8, lpcbNeeded=0x14ef68) returned 1 [0148.905] GetModuleInformation (in: hProcess=0x260, hModule=0x860000, lpmodinfo=0x2695d28, cb=0x18 | out: lpmodinfo=0x2695d28*(lpBaseOfDll=0x860000, SizeOfImage=0x17000, EntryPoint=0x8614a1)) returned 1 [0148.905] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.905] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x860000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="trillian.exe") returned 0xc [0148.906] CoTaskMemFree (pv=0x698010) [0148.906] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.906] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x860000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\trillian.exe" (normalized: "c:\\program files (x86)\\internet explorer\\trillian.exe")) returned 0x35 [0148.906] CoTaskMemFree (pv=0x698010) [0148.906] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2697f40, cb=0x18 | out: lpmodinfo=0x2697f40*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0148.907] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.907] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0148.907] CoTaskMemFree (pv=0x698010) [0148.907] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.907] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0148.908] CoTaskMemFree (pv=0x698010) [0148.908] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x269a0e8, cb=0x18 | out: lpmodinfo=0x269a0e8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0148.908] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.908] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0148.909] CoTaskMemFree (pv=0x698010) [0148.909] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.909] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0148.910] CoTaskMemFree (pv=0x698010) [0148.910] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x269c290, cb=0x18 | out: lpmodinfo=0x269c290*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0148.910] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.910] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0148.911] CoTaskMemFree (pv=0x698010) [0148.911] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.911] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0148.912] CoTaskMemFree (pv=0x698010) [0148.912] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x269e448, cb=0x18 | out: lpmodinfo=0x269e448*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0148.912] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.912] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0148.913] CoTaskMemFree (pv=0x698010) [0148.913] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.913] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0148.914] CoTaskMemFree (pv=0x698010) [0148.914] CloseHandle (hObject=0x260) returned 1 [0148.914] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0148.914] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9d0) returned 0x260 [0148.914] EnumProcessModules (in: hProcess=0x260, lphModule=0x26a0b60, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26a0b60, lpcbNeeded=0x14ef68) returned 1 [0148.915] GetModuleInformation (in: hProcess=0x260, hModule=0x800000, lpmodinfo=0x26a0dd0, cb=0x18 | out: lpmodinfo=0x26a0dd0*(lpBaseOfDll=0x800000, SizeOfImage=0x17000, EntryPoint=0x8014a1)) returned 1 [0148.915] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.915] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x800000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="far.exe") returned 0x7 [0148.916] CoTaskMemFree (pv=0x698010) [0148.916] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.916] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x800000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Media Player\\far.exe" (normalized: "c:\\program files\\windows media player\\far.exe")) returned 0x2d [0148.916] CoTaskMemFree (pv=0x698010) [0148.916] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x26a2fc8, cb=0x18 | out: lpmodinfo=0x26a2fc8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0148.916] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.916] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0148.917] CoTaskMemFree (pv=0x698010) [0148.917] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.917] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0148.917] CoTaskMemFree (pv=0x698010) [0148.917] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x26a5170, cb=0x18 | out: lpmodinfo=0x26a5170*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0148.918] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.918] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0148.918] CoTaskMemFree (pv=0x698010) [0148.919] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.919] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0148.919] CoTaskMemFree (pv=0x698010) [0148.919] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x26a7318, cb=0x18 | out: lpmodinfo=0x26a7318*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0148.920] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.920] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0148.920] CoTaskMemFree (pv=0x698010) [0148.920] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.920] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0148.921] CoTaskMemFree (pv=0x698010) [0148.921] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x26a94d0, cb=0x18 | out: lpmodinfo=0x26a94d0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0148.922] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.922] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0148.922] CoTaskMemFree (pv=0x698010) [0148.922] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.922] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0148.923] CoTaskMemFree (pv=0x698010) [0148.923] CloseHandle (hObject=0x260) returned 1 [0148.924] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0148.924] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10bc) returned 0x260 [0148.924] EnumProcessModules (in: hProcess=0x260, lphModule=0x26abbe8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26abbe8, lpcbNeeded=0x14ef68) returned 1 [0148.924] GetModuleInformation (in: hProcess=0x260, hModule=0xf10000, lpmodinfo=0x26abe58, cb=0x18 | out: lpmodinfo=0x26abe58*(lpBaseOfDll=0xf10000, SizeOfImage=0x17000, EntryPoint=0xf114a1)) returned 1 [0148.925] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.925] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xf10000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="thunderbird.exe") returned 0xf [0148.925] CoTaskMemFree (pv=0x698010) [0148.925] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.925] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xf10000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\thunderbird.exe" (normalized: "c:\\program files (x86)\\windows media player\\thunderbird.exe")) returned 0x3b [0148.925] CoTaskMemFree (pv=0x698010) [0148.925] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x26ae078, cb=0x18 | out: lpmodinfo=0x26ae078*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0148.926] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.926] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0148.926] CoTaskMemFree (pv=0x698010) [0148.926] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.926] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0148.927] CoTaskMemFree (pv=0x698010) [0148.927] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x26b0220, cb=0x18 | out: lpmodinfo=0x26b0220*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0148.927] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.927] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0148.928] CoTaskMemFree (pv=0x698010) [0148.928] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.928] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0148.928] CoTaskMemFree (pv=0x698010) [0148.928] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x26b23c8, cb=0x18 | out: lpmodinfo=0x26b23c8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0148.929] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.929] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0148.929] CoTaskMemFree (pv=0x698010) [0148.929] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.929] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0148.930] CoTaskMemFree (pv=0x698010) [0148.930] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x26b4580, cb=0x18 | out: lpmodinfo=0x26b4580*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0148.931] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.931] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0148.931] CoTaskMemFree (pv=0x698010) [0148.931] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.931] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0148.932] CoTaskMemFree (pv=0x698010) [0148.933] CloseHandle (hObject=0x260) returned 1 [0148.933] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0148.933] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x21c) returned 0x260 [0148.933] EnumProcessModules (in: hProcess=0x260, lphModule=0x26b6c98, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26b6c98, lpcbNeeded=0x14ef68) returned 1 [0148.939] EnumProcessModules (in: hProcess=0x260, lphModule=0x26b6eb0, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x26b6eb0, lpcbNeeded=0x14ef68) returned 1 [0148.946] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff6748b0000, lpmodinfo=0x26b7320, cb=0x18 | out: lpmodinfo=0x26b7320*(lpBaseOfDll=0x7ff6748b0000, SizeOfImage=0x11000, EntryPoint=0x7ff6748b4560)) returned 1 [0148.946] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.947] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff6748b0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="lsass.exe") returned 0x9 [0148.947] CoTaskMemFree (pv=0x698010) [0148.947] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.947] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff6748b0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\lsass.exe" (normalized: "c:\\windows\\system32\\lsass.exe")) returned 0x1d [0148.947] CoTaskMemFree (pv=0x698010) [0148.947] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x26b9500, cb=0x18 | out: lpmodinfo=0x26b9500*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0148.948] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.948] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0148.948] CoTaskMemFree (pv=0x698010) [0148.948] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.948] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0148.949] CoTaskMemFree (pv=0x698010) [0148.949] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x26bb6a8, cb=0x18 | out: lpmodinfo=0x26bb6a8*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0148.949] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.949] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0148.950] CoTaskMemFree (pv=0x698010) [0148.950] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.950] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0148.951] CoTaskMemFree (pv=0x698010) [0148.951] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x26bd860, cb=0x18 | out: lpmodinfo=0x26bd860*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0148.951] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.951] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0148.952] CoTaskMemFree (pv=0x698010) [0148.952] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.952] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0148.953] CoTaskMemFree (pv=0x698010) [0148.953] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x26bfa18, cb=0x18 | out: lpmodinfo=0x26bfa18*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0148.953] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.953] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0148.954] CoTaskMemFree (pv=0x698010) [0148.954] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.954] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0148.955] CoTaskMemFree (pv=0x698010) [0148.955] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c270000, lpmodinfo=0x26c1c18, cb=0x18 | out: lpmodinfo=0x26c1c18*(lpBaseOfDll=0x7ff87c270000, SizeOfImage=0x15b000, EntryPoint=0x7ff87c2e7cc0)) returned 1 [0148.956] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.956] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c270000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="lsasrv.dll") returned 0xa [0148.957] CoTaskMemFree (pv=0x698010) [0148.957] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.957] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c270000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\lsasrv.dll" (normalized: "c:\\windows\\system32\\lsasrv.dll")) returned 0x1e [0148.957] CoTaskMemFree (pv=0x698010) [0148.957] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x26c3dc0, cb=0x18 | out: lpmodinfo=0x26c3dc0*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0148.958] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.958] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0148.959] CoTaskMemFree (pv=0x698010) [0148.959] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.959] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0148.960] CoTaskMemFree (pv=0x698010) [0148.960] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x26c5f68, cb=0x18 | out: lpmodinfo=0x26c5f68*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0148.961] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.961] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0148.962] CoTaskMemFree (pv=0x698010) [0148.962] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.962] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0148.963] CoTaskMemFree (pv=0x698010) [0148.963] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpmodinfo=0x26c8110, cb=0x18 | out: lpmodinfo=0x26c8110*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0148.964] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.964] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0148.965] CoTaskMemFree (pv=0x698010) [0148.965] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.965] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0148.966] CoTaskMemFree (pv=0x698010) [0148.966] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x26ca350, cb=0x18 | out: lpmodinfo=0x26ca350*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0148.967] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.967] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0148.968] CoTaskMemFree (pv=0x698010) [0148.968] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.968] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0148.970] CoTaskMemFree (pv=0x698010) [0148.970] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c160000, lpmodinfo=0x26cc4f8, cb=0x18 | out: lpmodinfo=0x26cc4f8*(lpBaseOfDll=0x7ff87c160000, SizeOfImage=0xd7000, EntryPoint=0x7ff87c19f330)) returned 1 [0148.971] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.971] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c160000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="samsrv.dll") returned 0xa [0148.972] CoTaskMemFree (pv=0x698010) [0148.972] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.972] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c160000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\samsrv.dll" (normalized: "c:\\windows\\system32\\samsrv.dll")) returned 0x1e [0148.973] CoTaskMemFree (pv=0x698010) [0148.973] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d170000, lpmodinfo=0x26ce6a0, cb=0x18 | out: lpmodinfo=0x26ce6a0*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0148.974] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.974] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d170000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0148.976] CoTaskMemFree (pv=0x698010) [0148.976] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.976] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d170000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0148.977] CoTaskMemFree (pv=0x698010) [0148.977] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x26d0848, cb=0x18 | out: lpmodinfo=0x26d0848*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0148.979] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.979] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0148.980] CoTaskMemFree (pv=0x698010) [0148.980] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.980] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0148.981] CoTaskMemFree (pv=0x698010) [0148.981] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c130000, lpmodinfo=0x26d29f0, cb=0x18 | out: lpmodinfo=0x26d29f0*(lpBaseOfDll=0x7ff87c130000, SizeOfImage=0x27000, EntryPoint=0x7ff87c140aa0)) returned 1 [0148.983] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.983] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c130000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0148.984] CoTaskMemFree (pv=0x698010) [0148.984] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.984] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c130000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0148.986] CoTaskMemFree (pv=0x698010) [0148.986] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c0f0000, lpmodinfo=0x26d4b98, cb=0x18 | out: lpmodinfo=0x26d4b98*(lpBaseOfDll=0x7ff87c0f0000, SizeOfImage=0x3a000, EntryPoint=0x7ff87c0f8d20)) returned 1 [0148.987] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.987] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c0f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0148.988] CoTaskMemFree (pv=0x698010) [0148.988] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.988] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c0f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0148.990] CoTaskMemFree (pv=0x698010) [0148.990] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x26d6d40, cb=0x18 | out: lpmodinfo=0x26d6d40*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0148.991] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.991] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bcryptprimitives.dll") returned 0x14 [0148.992] CoTaskMemFree (pv=0x698010) [0148.992] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.992] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptprimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0148.994] CoTaskMemFree (pv=0x698010) [0148.994] GetModuleInformation (in: hProcess=0x260, hModule=0x180000000, lpmodinfo=0x26d8f18, cb=0x18 | out: lpmodinfo=0x26d8f18*(lpBaseOfDll=0x180000000, SizeOfImage=0x3000, EntryPoint=0x0)) returned 1 [0148.995] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.995] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x180000000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msprivs.DLL") returned 0xb [0148.997] CoTaskMemFree (pv=0x698010) [0148.997] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0148.997] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x180000000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msprivs.DLL" (normalized: "c:\\windows\\system32\\msprivs.dll")) returned 0x1f [0148.999] CoTaskMemFree (pv=0x698010) [0148.999] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c0d0000, lpmodinfo=0x26db1d8, cb=0x18 | out: lpmodinfo=0x26db1d8*(lpBaseOfDll=0x7ff87c0d0000, SizeOfImage=0x15000, EntryPoint=0x7ff87c0d78c0)) returned 1 [0149.000] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.000] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c0d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="netprovfw.dll") returned 0xd [0149.002] CoTaskMemFree (pv=0x698010) [0149.002] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.002] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c0d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\netprovfw.dll" (normalized: "c:\\windows\\system32\\netprovfw.dll")) returned 0x21 [0149.004] CoTaskMemFree (pv=0x698010) [0149.004] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c0a0000, lpmodinfo=0x26dd390, cb=0x18 | out: lpmodinfo=0x26dd390*(lpBaseOfDll=0x7ff87c0a0000, SizeOfImage=0x21000, EntryPoint=0x7ff87c0b0250)) returned 1 [0149.007] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.007] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c0a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="JOINUTIL.DLL") returned 0xc [0149.008] CoTaskMemFree (pv=0x698010) [0149.008] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.009] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c0a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\JOINUTIL.DLL" (normalized: "c:\\windows\\system32\\joinutil.dll")) returned 0x20 [0149.010] CoTaskMemFree (pv=0x698010) [0149.010] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c070000, lpmodinfo=0x26df548, cb=0x18 | out: lpmodinfo=0x26df548*(lpBaseOfDll=0x7ff87c070000, SizeOfImage=0x25000, EntryPoint=0x7ff87c076760)) returned 1 [0149.013] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.013] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c070000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="negoexts.DLL") returned 0xc [0149.015] CoTaskMemFree (pv=0x698010) [0149.015] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.015] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c070000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\negoexts.DLL" (normalized: "c:\\windows\\system32\\negoexts.dll")) returned 0x20 [0149.017] CoTaskMemFree (pv=0x698010) [0149.017] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c060000, lpmodinfo=0x26e1700, cb=0x18 | out: lpmodinfo=0x26e1700*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0149.019] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.019] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c060000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0149.022] CoTaskMemFree (pv=0x698010) [0149.022] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.022] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c060000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0149.024] CoTaskMemFree (pv=0x698010) [0149.024] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bf60000, lpmodinfo=0x26e38b8, cb=0x18 | out: lpmodinfo=0x26e38b8*(lpBaseOfDll=0x7ff87bf60000, SizeOfImage=0xf8000, EntryPoint=0x7ff87bf93190)) returned 1 [0149.026] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.026] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bf60000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="kerberos.DLL") returned 0xc [0149.028] CoTaskMemFree (pv=0x698010) [0149.028] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.028] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bf60000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kerberos.DLL" (normalized: "c:\\windows\\system32\\kerberos.dll")) returned 0x20 [0149.030] CoTaskMemFree (pv=0x698010) [0149.030] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bf40000, lpmodinfo=0x26e5a70, cb=0x18 | out: lpmodinfo=0x26e5a70*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0149.032] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.032] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0149.034] CoTaskMemFree (pv=0x698010) [0149.035] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.035] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0149.037] CoTaskMemFree (pv=0x698010) [0149.037] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bf10000, lpmodinfo=0x26e7c18, cb=0x18 | out: lpmodinfo=0x26e7c18*(lpBaseOfDll=0x7ff87bf10000, SizeOfImage=0x28000, EntryPoint=0x7ff87bf12e50)) returned 1 [0149.039] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.039] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bf10000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KerbClientShared.dll") returned 0x14 [0149.041] CoTaskMemFree (pv=0x698010) [0149.041] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.041] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bf10000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KerbClientShared.dll" (normalized: "c:\\windows\\system32\\kerbclientshared.dll")) returned 0x28 [0149.043] CoTaskMemFree (pv=0x698010) [0149.043] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87eed0000, lpmodinfo=0x26e9df0, cb=0x18 | out: lpmodinfo=0x26e9df0*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0149.045] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.045] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0149.048] CoTaskMemFree (pv=0x698010) [0149.048] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.048] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0149.050] CoTaskMemFree (pv=0x698010) [0149.050] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bef0000, lpmodinfo=0x26ebf98, cb=0x18 | out: lpmodinfo=0x26ebf98*(lpBaseOfDll=0x7ff87bef0000, SizeOfImage=0x15000, EntryPoint=0x7ff87bef3f50)) returned 1 [0149.052] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.052] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bef0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="cryptdll.dll") returned 0xc [0149.054] CoTaskMemFree (pv=0x698010) [0149.054] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.054] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bef0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cryptdll.dll" (normalized: "c:\\windows\\system32\\cryptdll.dll")) returned 0x20 [0149.056] CoTaskMemFree (pv=0x698010) [0149.056] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87be90000, lpmodinfo=0x26ee150, cb=0x18 | out: lpmodinfo=0x26ee150*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0149.058] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.058] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87be90000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0149.061] CoTaskMemFree (pv=0x698010) [0149.061] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.061] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87be90000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0149.063] CoTaskMemFree (pv=0x698010) [0149.063] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87be30000, lpmodinfo=0x26f02f8, cb=0x18 | out: lpmodinfo=0x26f02f8*(lpBaseOfDll=0x7ff87be30000, SizeOfImage=0x5d000, EntryPoint=0x7ff87be45100)) returned 1 [0149.066] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.066] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87be30000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msv1_0.DLL") returned 0xa [0149.068] CoTaskMemFree (pv=0x698010) [0149.068] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.068] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87be30000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msv1_0.DLL" (normalized: "c:\\windows\\system32\\msv1_0.dll")) returned 0x1e [0149.071] CoTaskMemFree (pv=0x698010) [0149.071] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87be20000, lpmodinfo=0x26f24a0, cb=0x18 | out: lpmodinfo=0x26f24a0*(lpBaseOfDll=0x7ff87be20000, SizeOfImage=0xc000, EntryPoint=0x7ff87be245f0)) returned 1 [0149.073] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.073] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87be20000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="NtlmShared.dll") returned 0xe [0149.075] CoTaskMemFree (pv=0x698010) [0149.075] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.076] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87be20000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NtlmShared.dll" (normalized: "c:\\windows\\system32\\ntlmshared.dll")) returned 0x22 [0149.078] CoTaskMemFree (pv=0x698010) [0149.078] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bd40000, lpmodinfo=0x26f4658, cb=0x18 | out: lpmodinfo=0x26f4658*(lpBaseOfDll=0x7ff87bd40000, SizeOfImage=0xd5000, EntryPoint=0x7ff87bd6e0b0)) returned 1 [0149.081] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.081] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bd40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="netlogon.DLL") returned 0xc [0149.084] CoTaskMemFree (pv=0x698010) [0149.084] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.084] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bd40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netlogon.DLL" (normalized: "c:\\windows\\system32\\netlogon.dll")) returned 0x20 [0149.087] CoTaskMemFree (pv=0x698010) [0149.087] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x26f6810, cb=0x18 | out: lpmodinfo=0x26f6810*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0149.090] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.090] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0149.092] CoTaskMemFree (pv=0x698010) [0149.092] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.092] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0149.095] CoTaskMemFree (pv=0x698010) [0149.095] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x26f89c8, cb=0x18 | out: lpmodinfo=0x26f89c8*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0149.098] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.098] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0149.101] CoTaskMemFree (pv=0x698010) [0149.101] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.101] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0149.104] CoTaskMemFree (pv=0x698010) [0149.104] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bd20000, lpmodinfo=0x26fab80, cb=0x18 | out: lpmodinfo=0x26fab80*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0149.106] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.106] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0149.110] CoTaskMemFree (pv=0x698010) [0149.110] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.110] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0149.113] CoTaskMemFree (pv=0x698010) [0149.113] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x26fcf40, cb=0x18 | out: lpmodinfo=0x26fcf40*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0149.116] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.116] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0149.118] CoTaskMemFree (pv=0x698010) [0149.118] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.118] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0149.121] CoTaskMemFree (pv=0x698010) [0149.121] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bd00000, lpmodinfo=0x26ff0e8, cb=0x18 | out: lpmodinfo=0x26ff0e8*(lpBaseOfDll=0x7ff87bd00000, SizeOfImage=0x1c000, EntryPoint=0x7ff87bd028a0)) returned 1 [0149.125] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.125] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bd00000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="tspkg.DLL") returned 0x9 [0149.128] CoTaskMemFree (pv=0x698010) [0149.128] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.128] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bd00000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\tspkg.DLL" (normalized: "c:\\windows\\system32\\tspkg.dll")) returned 0x1d [0149.131] CoTaskMemFree (pv=0x698010) [0149.131] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bcb0000, lpmodinfo=0x2701290, cb=0x18 | out: lpmodinfo=0x2701290*(lpBaseOfDll=0x7ff87bcb0000, SizeOfImage=0x44000, EntryPoint=0x7ff87bcb4db0)) returned 1 [0149.134] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.134] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bcb0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="pku2u.DLL") returned 0x9 [0149.137] CoTaskMemFree (pv=0x698010) [0149.137] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.137] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bcb0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pku2u.DLL" (normalized: "c:\\windows\\system32\\pku2u.dll")) returned 0x1d [0149.140] CoTaskMemFree (pv=0x698010) [0149.140] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bc70000, lpmodinfo=0x2703438, cb=0x18 | out: lpmodinfo=0x2703438*(lpBaseOfDll=0x7ff87bc70000, SizeOfImage=0x35000, EntryPoint=0x7ff87bc96000)) returned 1 [0149.143] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.143] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bc70000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="cloudAP.DLL") returned 0xb [0149.147] CoTaskMemFree (pv=0x698010) [0149.147] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.147] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bc70000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cloudAP.DLL" (normalized: "c:\\windows\\system32\\cloudap.dll")) returned 0x1f [0149.150] CoTaskMemFree (pv=0x698010) [0149.150] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bc20000, lpmodinfo=0x27055e0, cb=0x18 | out: lpmodinfo=0x27055e0*(lpBaseOfDll=0x7ff87bc20000, SizeOfImage=0x42000, EntryPoint=0x7ff87bc42200)) returned 1 [0149.153] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.153] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bc20000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="MicrosoftAccountCloudAP.dll") returned 0x1b [0149.156] CoTaskMemFree (pv=0x698010) [0149.157] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.158] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bc20000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MicrosoftAccountCloudAP.dll" (normalized: "c:\\windows\\system32\\microsoftaccountcloudap.dll")) returned 0x2f [0149.161] CoTaskMemFree (pv=0x698010) [0149.161] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x27077c8, cb=0x18 | out: lpmodinfo=0x27077c8*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0149.164] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.164] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0149.167] CoTaskMemFree (pv=0x698010) [0149.168] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.168] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0149.171] CoTaskMemFree (pv=0x698010) [0149.171] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bc10000, lpmodinfo=0x2709970, cb=0x18 | out: lpmodinfo=0x2709970*(lpBaseOfDll=0x7ff87bc10000, SizeOfImage=0xa000, EntryPoint=0x7ff87bc11830)) returned 1 [0149.174] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.174] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bc10000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="DPAPI.DLL") returned 0x9 [0149.178] CoTaskMemFree (pv=0x698010) [0149.178] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.178] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bc10000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DPAPI.DLL" (normalized: "c:\\windows\\system32\\dpapi.dll")) returned 0x1d [0149.181] CoTaskMemFree (pv=0x698010) [0149.181] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpmodinfo=0x270bb18, cb=0x18 | out: lpmodinfo=0x270bb18*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0149.188] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.188] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0149.191] CoTaskMemFree (pv=0x698010) [0149.191] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.191] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0149.194] CoTaskMemFree (pv=0x698010) [0149.194] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bb90000, lpmodinfo=0x270dcc0, cb=0x18 | out: lpmodinfo=0x270dcc0*(lpBaseOfDll=0x7ff87bb90000, SizeOfImage=0x3c000, EntryPoint=0x7ff87bb94c60)) returned 1 [0149.198] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.198] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bb90000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wdigest.DLL") returned 0xb [0149.202] CoTaskMemFree (pv=0x698010) [0149.202] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.202] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bb90000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wdigest.DLL" (normalized: "c:\\windows\\system32\\wdigest.dll")) returned 0x1f [0149.205] CoTaskMemFree (pv=0x698010) [0149.206] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bb10000, lpmodinfo=0x270fe68, cb=0x18 | out: lpmodinfo=0x270fe68*(lpBaseOfDll=0x7ff87bb10000, SizeOfImage=0x7a000, EntryPoint=0x7ff87bb31a50)) returned 1 [0149.209] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.209] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bb10000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0149.213] CoTaskMemFree (pv=0x698010) [0149.213] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.213] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bb10000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0149.228] CoTaskMemFree (pv=0x698010) [0149.228] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87baf0000, lpmodinfo=0x2712020, cb=0x18 | out: lpmodinfo=0x2712020*(lpBaseOfDll=0x7ff87baf0000, SizeOfImage=0x1b000, EntryPoint=0x7ff87baf5e30)) returned 1 [0149.232] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.232] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87baf0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="PCPKsp.dll") returned 0xa [0149.236] CoTaskMemFree (pv=0x698010) [0149.236] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.236] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87baf0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PCPKsp.dll" (normalized: "c:\\windows\\system32\\pcpksp.dll")) returned 0x1e [0149.240] CoTaskMemFree (pv=0x698010) [0149.240] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bab0000, lpmodinfo=0x27141c8, cb=0x18 | out: lpmodinfo=0x27141c8*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0149.244] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.244] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0149.248] CoTaskMemFree (pv=0x698010) [0149.248] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.248] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0149.251] CoTaskMemFree (pv=0x698010) [0149.251] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ba20000, lpmodinfo=0x2716370, cb=0x18 | out: lpmodinfo=0x2716370*(lpBaseOfDll=0x7ff87ba20000, SizeOfImage=0x8b000, EntryPoint=0x7ff87ba280b0)) returned 1 [0149.255] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.255] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ba20000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="PCPTPM12.dll") returned 0xc [0149.259] CoTaskMemFree (pv=0x698010) [0149.259] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.259] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ba20000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PCPTPM12.dll" (normalized: "c:\\windows\\system32\\pcptpm12.dll")) returned 0x20 [0149.263] CoTaskMemFree (pv=0x698010) [0149.263] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ba10000, lpmodinfo=0x2718528, cb=0x18 | out: lpmodinfo=0x2718528*(lpBaseOfDll=0x7ff87ba10000, SizeOfImage=0xd000, EntryPoint=0x7ff87ba11fe0)) returned 1 [0149.267] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.267] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ba10000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="tbs.dll") returned 0x7 [0149.271] CoTaskMemFree (pv=0x698010) [0149.271] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.271] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ba10000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll")) returned 0x1b [0149.275] CoTaskMemFree (pv=0x698010) [0149.275] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b9e0000, lpmodinfo=0x271a6c0, cb=0x18 | out: lpmodinfo=0x271a6c0*(lpBaseOfDll=0x7ff87b9e0000, SizeOfImage=0x21000, EntryPoint=0x7ff87b9eef00)) returned 1 [0149.279] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.279] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b9e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="efslsaext.dll") returned 0xd [0149.283] CoTaskMemFree (pv=0x698010) [0149.283] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.283] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b9e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\efslsaext.dll" (normalized: "c:\\windows\\system32\\efslsaext.dll")) returned 0x21 [0149.287] CoTaskMemFree (pv=0x698010) [0149.287] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x271c878, cb=0x18 | out: lpmodinfo=0x271c878*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0149.291] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.291] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0149.295] CoTaskMemFree (pv=0x698010) [0149.295] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.295] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0149.299] CoTaskMemFree (pv=0x698010) [0149.299] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpmodinfo=0x271ea30, cb=0x18 | out: lpmodinfo=0x271ea30*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0149.304] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.304] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0149.308] CoTaskMemFree (pv=0x698010) [0149.308] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.308] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0149.313] CoTaskMemFree (pv=0x698010) [0149.313] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b990000, lpmodinfo=0x2720be8, cb=0x18 | out: lpmodinfo=0x2720be8*(lpBaseOfDll=0x7ff87b990000, SizeOfImage=0x35000, EntryPoint=0x7ff87b99b420)) returned 1 [0149.316] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.316] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b990000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="dpapisrv.dll") returned 0xc [0149.322] CoTaskMemFree (pv=0x698010) [0149.322] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.322] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b990000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dpapisrv.dll" (normalized: "c:\\windows\\system32\\dpapisrv.dll")) returned 0x20 [0149.326] CoTaskMemFree (pv=0x698010) [0149.326] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b980000, lpmodinfo=0x2722da0, cb=0x18 | out: lpmodinfo=0x2722da0*(lpBaseOfDll=0x7ff87b980000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9824f0)) returned 1 [0149.330] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.330] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b980000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SspiSrv.dll") returned 0xb [0149.334] CoTaskMemFree (pv=0x698010) [0149.334] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.334] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b980000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiSrv.dll" (normalized: "c:\\windows\\system32\\sspisrv.dll")) returned 0x1f [0149.339] CoTaskMemFree (pv=0x698010) [0149.339] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpmodinfo=0x2724f48, cb=0x18 | out: lpmodinfo=0x2724f48*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0149.343] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.343] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="winsta.dll") returned 0xa [0149.348] CoTaskMemFree (pv=0x698010) [0149.348] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.348] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0149.352] CoTaskMemFree (pv=0x698010) [0149.352] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b860000, lpmodinfo=0x27270f0, cb=0x18 | out: lpmodinfo=0x27270f0*(lpBaseOfDll=0x7ff87b860000, SizeOfImage=0x43000, EntryPoint=0x7ff87b861960)) returned 1 [0149.357] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.357] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b860000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="scecli.DLL") returned 0xa [0149.362] CoTaskMemFree (pv=0x698010) [0149.362] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.362] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b860000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\scecli.DLL" (normalized: "c:\\windows\\system32\\scecli.dll")) returned 0x1e [0149.366] CoTaskMemFree (pv=0x698010) [0149.366] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b030000, lpmodinfo=0x2729298, cb=0x18 | out: lpmodinfo=0x2729298*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0149.371] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.371] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b030000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0149.375] CoTaskMemFree (pv=0x698010) [0149.375] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.375] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b030000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0149.379] CoTaskMemFree (pv=0x698010) [0149.379] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87efa0000, lpmodinfo=0x272b440, cb=0x18 | out: lpmodinfo=0x272b440*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0149.383] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.383] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0149.389] CoTaskMemFree (pv=0x698010) [0149.389] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.389] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0149.394] CoTaskMemFree (pv=0x698010) [0149.394] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875480000, lpmodinfo=0x272d5d8, cb=0x18 | out: lpmodinfo=0x272d5d8*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0149.399] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.399] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875480000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0149.403] CoTaskMemFree (pv=0x698010) [0149.403] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.403] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875480000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0149.408] CoTaskMemFree (pv=0x698010) [0149.408] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x272f790, cb=0x18 | out: lpmodinfo=0x272f790*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0149.413] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.413] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0149.418] CoTaskMemFree (pv=0x698010) [0149.418] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.418] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0149.424] CoTaskMemFree (pv=0x698010) [0149.424] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874e50000, lpmodinfo=0x2731948, cb=0x18 | out: lpmodinfo=0x2731948*(lpBaseOfDll=0x7ff874e50000, SizeOfImage=0xc0000, EntryPoint=0x7ff874e7fd20)) returned 1 [0149.429] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.429] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874e50000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="fveapi.dll") returned 0xa [0149.433] CoTaskMemFree (pv=0x698010) [0149.433] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.434] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874e50000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\fveapi.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")) returned 0x1e [0149.439] CoTaskMemFree (pv=0x698010) [0149.439] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874ca0000, lpmodinfo=0x2733af0, cb=0x18 | out: lpmodinfo=0x2733af0*(lpBaseOfDll=0x7ff874ca0000, SizeOfImage=0x5d000, EntryPoint=0x7ff874cbd3a0)) returned 1 [0149.443] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.443] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874ca0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="vaultsvc.dll") returned 0xc [0149.448] CoTaskMemFree (pv=0x698010) [0149.448] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.448] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874ca0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\vaultsvc.dll" (normalized: "c:\\windows\\system32\\vaultsvc.dll")) returned 0x20 [0149.453] CoTaskMemFree (pv=0x698010) [0149.453] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8788f0000, lpmodinfo=0x2735ca8, cb=0x18 | out: lpmodinfo=0x2735ca8*(lpBaseOfDll=0x7ff8788f0000, SizeOfImage=0x64000, EntryPoint=0x7ff878905ae0)) returned 1 [0149.459] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.459] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8788f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0149.464] CoTaskMemFree (pv=0x698010) [0149.464] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.464] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8788f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0149.469] CoTaskMemFree (pv=0x698010) [0149.469] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875270000, lpmodinfo=0x2737e50, cb=0x18 | out: lpmodinfo=0x2737e50*(lpBaseOfDll=0x7ff875270000, SizeOfImage=0x16000, EntryPoint=0x7ff8752719f0)) returned 1 [0149.474] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.474] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875270000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0149.479] CoTaskMemFree (pv=0x698010) [0149.479] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.479] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875270000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0149.485] CoTaskMemFree (pv=0x698010) [0149.485] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875250000, lpmodinfo=0x273a008, cb=0x18 | out: lpmodinfo=0x273a008*(lpBaseOfDll=0x7ff875250000, SizeOfImage=0x1a000, EntryPoint=0x7ff875252430)) returned 1 [0149.490] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.490] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875250000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0149.502] CoTaskMemFree (pv=0x698010) [0149.502] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.502] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875250000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0149.507] CoTaskMemFree (pv=0x698010) [0149.507] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f470000, lpmodinfo=0x273c1c0, cb=0x18 | out: lpmodinfo=0x273c1c0*(lpBaseOfDll=0x7ff86f470000, SizeOfImage=0xd000, EntryPoint=0x7ff86f471af0)) returned 1 [0149.512] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.512] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f470000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="DSPARSE.dll") returned 0xb [0149.517] CoTaskMemFree (pv=0x698010) [0149.518] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.518] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f470000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DSPARSE.dll" (normalized: "c:\\windows\\system32\\dsparse.dll")) returned 0x1f [0149.523] CoTaskMemFree (pv=0x698010) [0149.523] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c960000, lpmodinfo=0x273e368, cb=0x18 | out: lpmodinfo=0x273e368*(lpBaseOfDll=0x7ff86c960000, SizeOfImage=0x1e000, EntryPoint=0x7ff86c96ef80)) returned 1 [0149.529] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.529] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c960000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0149.536] CoTaskMemFree (pv=0x698010) [0149.536] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.536] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c960000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0149.541] CoTaskMemFree (pv=0x698010) [0149.541] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c900000, lpmodinfo=0x2740938, cb=0x18 | out: lpmodinfo=0x2740938*(lpBaseOfDll=0x7ff86c900000, SizeOfImage=0x55000, EntryPoint=0x7ff86c91f870)) returned 1 [0149.546] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.547] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c900000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ncryptprov.dll") returned 0xe [0149.552] CoTaskMemFree (pv=0x698010) [0149.552] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.552] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c900000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptprov.dll" (normalized: "c:\\windows\\system32\\ncryptprov.dll")) returned 0x22 [0149.558] CoTaskMemFree (pv=0x698010) [0149.558] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c8d0000, lpmodinfo=0x2742af0, cb=0x18 | out: lpmodinfo=0x2742af0*(lpBaseOfDll=0x7ff86c8d0000, SizeOfImage=0x28000, EntryPoint=0x7ff86c8defc0)) returned 1 [0149.563] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.563] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c8d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="dssenh.dll") returned 0xa [0149.569] CoTaskMemFree (pv=0x698010) [0149.569] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.569] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c8d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll")) returned 0x1e [0149.574] CoTaskMemFree (pv=0x698010) [0149.574] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpmodinfo=0x2744c98, cb=0x18 | out: lpmodinfo=0x2744c98*(lpBaseOfDll=0x7ff87b5c0000, SizeOfImage=0x24000, EntryPoint=0x7ff87b5c3260)) returned 1 [0149.579] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.579] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="gpapi.dll") returned 0x9 [0149.585] CoTaskMemFree (pv=0x698010) [0149.585] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.585] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0149.591] CoTaskMemFree (pv=0x698010) [0149.591] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c8b0000, lpmodinfo=0x2746e40, cb=0x18 | out: lpmodinfo=0x2746e40*(lpBaseOfDll=0x7ff86c8b0000, SizeOfImage=0x14000, EntryPoint=0x7ff86c8b3710)) returned 1 [0149.597] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.597] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c8b0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0149.603] CoTaskMemFree (pv=0x698010) [0149.603] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.603] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c8b0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0149.609] CoTaskMemFree (pv=0x698010) [0149.609] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c760000, lpmodinfo=0x2749008, cb=0x18 | out: lpmodinfo=0x2749008*(lpBaseOfDll=0x7ff86c760000, SizeOfImage=0x23000, EntryPoint=0x7ff86c76a580)) returned 1 [0149.615] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.615] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c760000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SecureTimeAggregator.dll") returned 0x18 [0149.620] CoTaskMemFree (pv=0x698010) [0149.620] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.620] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c760000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SecureTimeAggregator.dll" (normalized: "c:\\windows\\system32\\securetimeaggregator.dll")) returned 0x2c [0149.626] CoTaskMemFree (pv=0x698010) [0149.626] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8786a0000, lpmodinfo=0x274b1f0, cb=0x18 | out: lpmodinfo=0x274b1f0*(lpBaseOfDll=0x7ff8786a0000, SizeOfImage=0xa000, EntryPoint=0x7ff8786a1660)) returned 1 [0149.633] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.633] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8786a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="DSROLE.dll") returned 0xa [0149.648] CoTaskMemFree (pv=0x698010) [0149.648] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.648] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8786a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DSROLE.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")) returned 0x1e [0149.654] CoTaskMemFree (pv=0x698010) [0149.654] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c730000, lpmodinfo=0x255b7b8, cb=0x18 | out: lpmodinfo=0x255b7b8*(lpBaseOfDll=0x7ff86c730000, SizeOfImage=0x2f000, EntryPoint=0x7ff86c73ec60)) returned 1 [0149.661] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.661] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c730000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="cryptnet.dll") returned 0xc [0149.666] CoTaskMemFree (pv=0x698010) [0149.667] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.667] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c730000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cryptnet.dll" (normalized: "c:\\windows\\system32\\cryptnet.dll")) returned 0x20 [0149.673] CoTaskMemFree (pv=0x698010) [0149.673] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f200000, lpmodinfo=0x255d970, cb=0x18 | out: lpmodinfo=0x255d970*(lpBaseOfDll=0x7ff86f200000, SizeOfImage=0x1c000, EntryPoint=0x7ff86f20da50)) returned 1 [0149.679] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.679] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f200000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="keyiso.dll") returned 0xa [0149.685] CoTaskMemFree (pv=0x698010) [0149.685] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.685] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f200000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\keyiso.dll" (normalized: "c:\\windows\\system32\\keyiso.dll")) returned 0x1e [0149.691] CoTaskMemFree (pv=0x698010) [0149.691] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86a300000, lpmodinfo=0x255fb18, cb=0x18 | out: lpmodinfo=0x255fb18*(lpBaseOfDll=0x7ff86a300000, SizeOfImage=0x17000, EntryPoint=0x7ff86a30b240)) returned 1 [0149.697] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.697] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86a300000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ngcpopkeysrv.dll") returned 0x10 [0149.703] CoTaskMemFree (pv=0x698010) [0149.703] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.703] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86a300000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ngcpopkeysrv.dll" (normalized: "c:\\windows\\system32\\ngcpopkeysrv.dll")) returned 0x24 [0149.708] CoTaskMemFree (pv=0x698010) [0149.708] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b760000, lpmodinfo=0x2561ce0, cb=0x18 | out: lpmodinfo=0x2561ce0*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0149.715] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.715] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b760000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0149.721] CoTaskMemFree (pv=0x698010) [0149.721] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.721] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b760000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0149.727] CoTaskMemFree (pv=0x698010) [0149.727] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875860000, lpmodinfo=0x2563e98, cb=0x18 | out: lpmodinfo=0x2563e98*(lpBaseOfDll=0x7ff875860000, SizeOfImage=0x93000, EntryPoint=0x7ff875869680)) returned 1 [0149.734] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.734] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875860000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0149.740] CoTaskMemFree (pv=0x698010) [0149.740] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.740] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875860000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0149.748] CoTaskMemFree (pv=0x698010) [0149.748] CloseHandle (hObject=0x260) returned 1 [0149.749] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0149.749] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x908) returned 0x260 [0149.749] EnumProcessModules (in: hProcess=0x260, lphModule=0x2567dc0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2567dc0, lpcbNeeded=0x14ef68) returned 1 [0149.749] GetModuleInformation (in: hProcess=0x260, hModule=0xc50000, lpmodinfo=0x2568030, cb=0x18 | out: lpmodinfo=0x2568030*(lpBaseOfDll=0xc50000, SizeOfImage=0x17000, EntryPoint=0xc514a1)) returned 1 [0149.750] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.750] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xc50000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="3dftp.exe") returned 0x9 [0149.750] CoTaskMemFree (pv=0x698010) [0149.750] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.750] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xc50000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Reference Assemblies\\3dftp.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\3dftp.exe")) returned 0x35 [0149.751] CoTaskMemFree (pv=0x698010) [0149.751] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x256a240, cb=0x18 | out: lpmodinfo=0x256a240*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0149.751] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.751] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0149.752] CoTaskMemFree (pv=0x698010) [0149.752] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.752] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0149.752] CoTaskMemFree (pv=0x698010) [0149.752] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x256c3e8, cb=0x18 | out: lpmodinfo=0x256c3e8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0149.753] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.753] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0149.753] CoTaskMemFree (pv=0x698010) [0149.753] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.753] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0149.754] CoTaskMemFree (pv=0x698010) [0149.754] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x256e590, cb=0x18 | out: lpmodinfo=0x256e590*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0149.754] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.755] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0149.755] CoTaskMemFree (pv=0x698010) [0149.755] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.755] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0149.756] CoTaskMemFree (pv=0x698010) [0149.756] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x2570748, cb=0x18 | out: lpmodinfo=0x2570748*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0149.756] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.756] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0149.757] CoTaskMemFree (pv=0x698010) [0149.757] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.757] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0149.758] CoTaskMemFree (pv=0x698010) [0149.758] CloseHandle (hObject=0x260) returned 1 [0149.758] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0149.758] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa90) returned 0x260 [0149.758] EnumProcessModules (in: hProcess=0x260, lphModule=0x2572e60, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2572e60, lpcbNeeded=0x14ef68) returned 1 [0149.762] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff7fc190000, lpmodinfo=0x25730d0, cb=0x18 | out: lpmodinfo=0x25730d0*(lpBaseOfDll=0x7ff7fc190000, SizeOfImage=0x8000, EntryPoint=0x7ff7fc191cd0)) returned 1 [0149.763] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.763] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff7fc190000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msfeedssync.exe") returned 0xf [0149.763] CoTaskMemFree (pv=0x698010) [0149.763] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.763] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff7fc190000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msfeedssync.exe" (normalized: "c:\\windows\\system32\\msfeedssync.exe")) returned 0x23 [0149.763] CoTaskMemFree (pv=0x698010) [0149.764] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25752c0, cb=0x18 | out: lpmodinfo=0x25752c0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0149.764] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.764] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0149.764] CoTaskMemFree (pv=0x698010) [0149.764] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.764] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0149.765] CoTaskMemFree (pv=0x698010) [0149.765] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x2577468, cb=0x18 | out: lpmodinfo=0x2577468*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0149.765] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.765] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0149.766] CoTaskMemFree (pv=0x698010) [0149.766] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.766] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0149.767] CoTaskMemFree (pv=0x698010) [0149.767] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x2579620, cb=0x18 | out: lpmodinfo=0x2579620*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0149.767] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.767] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0149.768] CoTaskMemFree (pv=0x698010) [0149.768] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.768] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0149.768] CoTaskMemFree (pv=0x698010) [0149.768] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x257b7d8, cb=0x18 | out: lpmodinfo=0x257b7d8*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0149.769] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.769] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0149.769] CoTaskMemFree (pv=0x698010) [0149.769] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.770] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0149.770] CoTaskMemFree (pv=0x698010) [0149.770] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x257d9d8, cb=0x18 | out: lpmodinfo=0x257d9d8*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0149.771] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.771] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0149.771] CoTaskMemFree (pv=0x698010) [0149.771] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.772] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0149.772] CoTaskMemFree (pv=0x698010) [0149.772] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x257fb80, cb=0x18 | out: lpmodinfo=0x257fb80*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0149.773] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.773] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0149.774] CoTaskMemFree (pv=0x698010) [0149.774] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.774] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0149.775] CoTaskMemFree (pv=0x698010) [0149.775] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x2581d28, cb=0x18 | out: lpmodinfo=0x2581d28*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0149.776] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.776] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0149.777] CoTaskMemFree (pv=0x698010) [0149.777] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.777] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0149.778] CoTaskMemFree (pv=0x698010) [0149.778] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x2583f00, cb=0x18 | out: lpmodinfo=0x2583f00*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0149.779] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.779] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0149.780] CoTaskMemFree (pv=0x698010) [0149.780] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.780] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0149.781] CoTaskMemFree (pv=0x698010) [0149.781] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x2586160, cb=0x18 | out: lpmodinfo=0x2586160*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0149.782] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.782] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0149.783] CoTaskMemFree (pv=0x698010) [0149.783] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.783] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0149.784] CoTaskMemFree (pv=0x698010) [0149.784] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x2588308, cb=0x18 | out: lpmodinfo=0x2588308*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0149.785] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.785] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0149.786] CoTaskMemFree (pv=0x698010) [0149.786] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.786] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0149.787] CoTaskMemFree (pv=0x698010) [0149.787] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpmodinfo=0x258a4b0, cb=0x18 | out: lpmodinfo=0x258a4b0*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0149.789] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.789] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0149.790] CoTaskMemFree (pv=0x698010) [0149.790] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.790] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0149.791] CoTaskMemFree (pv=0x698010) [0149.791] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87af40000, lpmodinfo=0x258c658, cb=0x18 | out: lpmodinfo=0x258c658*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0149.792] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.792] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87af40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0149.793] CoTaskMemFree (pv=0x698010) [0149.793] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.794] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87af40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0149.795] CoTaskMemFree (pv=0x698010) [0149.795] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x258e800, cb=0x18 | out: lpmodinfo=0x258e800*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0149.796] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.796] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0149.798] CoTaskMemFree (pv=0x698010) [0149.798] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.798] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0149.799] CoTaskMemFree (pv=0x698010) [0149.799] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff861500000, lpmodinfo=0x25909a8, cb=0x18 | out: lpmodinfo=0x25909a8*(lpBaseOfDll=0x7ff861500000, SizeOfImage=0xc5000, EntryPoint=0x7ff861501640)) returned 1 [0149.800] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.800] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff861500000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msfeeds.dll") returned 0xb [0149.802] CoTaskMemFree (pv=0x698010) [0149.802] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.802] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff861500000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msfeeds.dll" (normalized: "c:\\windows\\system32\\msfeeds.dll")) returned 0x1f [0149.803] CoTaskMemFree (pv=0x698010) [0149.804] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fb50000, lpmodinfo=0x2592b50, cb=0x18 | out: lpmodinfo=0x2592b50*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0149.805] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.805] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0149.807] CoTaskMemFree (pv=0x698010) [0149.807] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.807] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0149.808] CoTaskMemFree (pv=0x698010) [0149.808] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x2594cf8, cb=0x18 | out: lpmodinfo=0x2594cf8*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0149.810] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.810] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0149.811] CoTaskMemFree (pv=0x698010) [0149.811] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.811] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0149.813] CoTaskMemFree (pv=0x698010) [0149.813] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x2596fc8, cb=0x18 | out: lpmodinfo=0x2596fc8*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0149.816] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.816] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0149.817] CoTaskMemFree (pv=0x698010) [0149.817] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.817] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0149.819] CoTaskMemFree (pv=0x698010) [0149.819] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8764e0000, lpmodinfo=0x2599170, cb=0x18 | out: lpmodinfo=0x2599170*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0149.821] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.821] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0149.822] CoTaskMemFree (pv=0x698010) [0149.822] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.822] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0149.824] CoTaskMemFree (pv=0x698010) [0149.824] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c650000, lpmodinfo=0x259b328, cb=0x18 | out: lpmodinfo=0x259b328*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0149.826] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.826] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c650000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0149.828] CoTaskMemFree (pv=0x698010) [0149.828] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.828] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c650000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0149.830] CoTaskMemFree (pv=0x698010) [0149.830] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c760000, lpmodinfo=0x259d4d0, cb=0x18 | out: lpmodinfo=0x259d4d0*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0149.832] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.832] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c760000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0149.833] CoTaskMemFree (pv=0x698010) [0149.833] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.833] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c760000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0149.835] CoTaskMemFree (pv=0x698010) [0149.835] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x259f698, cb=0x18 | out: lpmodinfo=0x259f698*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0149.837] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.837] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0149.840] CoTaskMemFree (pv=0x698010) [0149.840] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.840] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0149.842] CoTaskMemFree (pv=0x698010) [0149.842] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x25a1850, cb=0x18 | out: lpmodinfo=0x25a1850*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0149.844] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.844] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0149.846] CoTaskMemFree (pv=0x698010) [0149.846] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.846] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0149.848] CoTaskMemFree (pv=0x698010) [0149.848] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x25a3a08, cb=0x18 | out: lpmodinfo=0x25a3a08*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0149.852] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.852] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0149.854] CoTaskMemFree (pv=0x698010) [0149.854] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.854] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0149.856] CoTaskMemFree (pv=0x698010) [0149.856] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c2e0000, lpmodinfo=0x25a5bb0, cb=0x18 | out: lpmodinfo=0x25a5bb0*(lpBaseOfDll=0x7ff86c2e0000, SizeOfImage=0x3e000, EntryPoint=0x7ff86c2e9650)) returned 1 [0149.858] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.858] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c2e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="MLANG.dll") returned 0x9 [0149.860] CoTaskMemFree (pv=0x698010) [0149.860] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.860] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c2e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MLANG.dll" (normalized: "c:\\windows\\system32\\mlang.dll")) returned 0x1d [0149.862] CoTaskMemFree (pv=0x698010) [0149.863] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875230000, lpmodinfo=0x25a7d58, cb=0x18 | out: lpmodinfo=0x25a7d58*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff875231b60)) returned 1 [0149.865] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.865] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875230000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0149.867] CoTaskMemFree (pv=0x698010) [0149.867] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.867] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875230000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0149.870] CoTaskMemFree (pv=0x698010) [0149.870] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpmodinfo=0x25a9f00, cb=0x18 | out: lpmodinfo=0x25a9f00*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0149.872] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.872] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0149.874] CoTaskMemFree (pv=0x698010) [0149.874] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.874] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0149.877] CoTaskMemFree (pv=0x698010) [0149.877] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x25ac0b8, cb=0x18 | out: lpmodinfo=0x25ac0b8*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0149.879] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.879] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0149.881] CoTaskMemFree (pv=0x698010) [0149.881] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.881] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0149.884] CoTaskMemFree (pv=0x698010) [0149.884] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x25ae260, cb=0x18 | out: lpmodinfo=0x25ae260*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0149.887] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.887] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0149.890] CoTaskMemFree (pv=0x698010) [0149.890] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.890] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0149.892] CoTaskMemFree (pv=0x698010) [0149.892] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpmodinfo=0x25b0418, cb=0x18 | out: lpmodinfo=0x25b0418*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0149.895] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.895] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0149.897] CoTaskMemFree (pv=0x698010) [0149.897] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.897] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0149.900] CoTaskMemFree (pv=0x698010) [0149.900] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f5d0000, lpmodinfo=0x25b25c0, cb=0x18 | out: lpmodinfo=0x25b25c0*(lpBaseOfDll=0x7ff87f5d0000, SizeOfImage=0x6f000, EntryPoint=0x7ff87f5f5f70)) returned 1 [0149.902] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.902] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f5d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="coml2.dll") returned 0x9 [0149.904] CoTaskMemFree (pv=0x698010) [0149.904] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.904] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f5d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll")) returned 0x1d [0149.907] CoTaskMemFree (pv=0x698010) [0149.907] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d650000, lpmodinfo=0x25b4768, cb=0x18 | out: lpmodinfo=0x25b4768*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0149.910] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.910] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d650000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0149.912] CoTaskMemFree (pv=0x698010) [0149.912] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.912] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d650000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0149.915] CoTaskMemFree (pv=0x698010) [0149.915] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86ec80000, lpmodinfo=0x25b6910, cb=0x18 | out: lpmodinfo=0x25b6910*(lpBaseOfDll=0x7ff86ec80000, SizeOfImage=0x28e000, EntryPoint=0x7ff86ed50f00)) returned 1 [0149.918] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.918] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86ec80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WININET.dll") returned 0xb [0149.921] CoTaskMemFree (pv=0x698010) [0149.921] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.921] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86ec80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WININET.dll" (normalized: "c:\\windows\\system32\\wininet.dll")) returned 0x1f [0149.924] CoTaskMemFree (pv=0x698010) [0149.924] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x25b8cd0, cb=0x18 | out: lpmodinfo=0x25b8cd0*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0149.926] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.926] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0149.929] CoTaskMemFree (pv=0x698010) [0149.929] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.929] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0149.932] CoTaskMemFree (pv=0x698010) [0149.932] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872540000, lpmodinfo=0x25bae78, cb=0x18 | out: lpmodinfo=0x25bae78*(lpBaseOfDll=0x7ff872540000, SizeOfImage=0x27a000, EntryPoint=0x7ff87255a7a0)) returned 1 [0149.935] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.935] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872540000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msxml6.dll") returned 0xa [0149.938] CoTaskMemFree (pv=0x698010) [0149.938] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.938] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872540000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")) returned 0x1e [0149.941] CoTaskMemFree (pv=0x698010) [0149.941] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87eed0000, lpmodinfo=0x25bd020, cb=0x18 | out: lpmodinfo=0x25bd020*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0149.944] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.944] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0149.948] CoTaskMemFree (pv=0x698010) [0149.948] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.948] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0149.951] CoTaskMemFree (pv=0x698010) [0149.951] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874ab0000, lpmodinfo=0x25bf1c8, cb=0x18 | out: lpmodinfo=0x25bf1c8*(lpBaseOfDll=0x7ff874ab0000, SizeOfImage=0x15000, EntryPoint=0x7ff874ab2dc0)) returned 1 [0149.955] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.955] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874ab0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0149.959] CoTaskMemFree (pv=0x698010) [0149.959] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.959] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874ab0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0149.962] CoTaskMemFree (pv=0x698010) [0149.962] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875480000, lpmodinfo=0x25c13b0, cb=0x18 | out: lpmodinfo=0x25c13b0*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0149.964] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.964] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875480000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0149.967] CoTaskMemFree (pv=0x698010) [0149.967] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.967] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875480000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0149.971] CoTaskMemFree (pv=0x698010) [0149.971] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878b20000, lpmodinfo=0x25c3568, cb=0x18 | out: lpmodinfo=0x25c3568*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0149.974] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.974] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878b20000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0149.977] CoTaskMemFree (pv=0x698010) [0149.977] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.977] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878b20000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0149.980] CoTaskMemFree (pv=0x698010) [0149.980] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8614e0000, lpmodinfo=0x25c5710, cb=0x18 | out: lpmodinfo=0x25c5710*(lpBaseOfDll=0x7ff8614e0000, SizeOfImage=0x16000, EntryPoint=0x7ff8614e3a10)) returned 1 [0149.983] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.983] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8614e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msfeedsbs.dll") returned 0xd [0149.987] CoTaskMemFree (pv=0x698010) [0149.987] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.987] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8614e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msfeedsbs.dll" (normalized: "c:\\windows\\system32\\msfeedsbs.dll")) returned 0x21 [0149.991] CoTaskMemFree (pv=0x698010) [0149.991] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8727c0000, lpmodinfo=0x25c78c8, cb=0x18 | out: lpmodinfo=0x25c78c8*(lpBaseOfDll=0x7ff8727c0000, SizeOfImage=0x40000, EntryPoint=0x7ff8727d6c60)) returned 1 [0149.994] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.994] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8727c0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0149.997] CoTaskMemFree (pv=0x698010) [0149.997] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0149.997] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8727c0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0150.001] CoTaskMemFree (pv=0x698010) [0150.001] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87be90000, lpmodinfo=0x25c9a80, cb=0x18 | out: lpmodinfo=0x25c9a80*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0150.004] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.004] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87be90000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0150.008] CoTaskMemFree (pv=0x698010) [0150.008] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.008] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87be90000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0150.011] CoTaskMemFree (pv=0x698010) [0150.011] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8750d0000, lpmodinfo=0x25cbc28, cb=0x18 | out: lpmodinfo=0x25cbc28*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0150.015] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.015] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0150.019] CoTaskMemFree (pv=0x698010) [0150.019] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.019] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0150.023] CoTaskMemFree (pv=0x698010) [0150.023] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87efa0000, lpmodinfo=0x25cddd0, cb=0x18 | out: lpmodinfo=0x25cddd0*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0150.028] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.028] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0150.031] CoTaskMemFree (pv=0x698010) [0150.031] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.031] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0150.035] CoTaskMemFree (pv=0x698010) [0150.035] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874a90000, lpmodinfo=0x25cff68, cb=0x18 | out: lpmodinfo=0x25cff68*(lpBaseOfDll=0x7ff874a90000, SizeOfImage=0xe000, EntryPoint=0x7ff874a91460)) returned 1 [0150.038] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.038] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874a90000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0150.042] CoTaskMemFree (pv=0x698010) [0150.042] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.042] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874a90000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0150.047] CoTaskMemFree (pv=0x698010) [0150.047] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870840000, lpmodinfo=0x25d2120, cb=0x18 | out: lpmodinfo=0x25d2120*(lpBaseOfDll=0x7ff870840000, SizeOfImage=0x1b8000, EntryPoint=0x7ff8708ae630)) returned 1 [0150.051] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.051] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870840000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="urlmon.dll") returned 0xa [0150.055] CoTaskMemFree (pv=0x698010) [0150.055] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.055] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870840000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")) returned 0x1e [0150.059] CoTaskMemFree (pv=0x698010) [0150.059] CloseHandle (hObject=0x260) returned 1 [0150.059] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0150.059] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x214) returned 0x0 [0150.060] EnumProcesses (in: lpidProcess=0x25d55e8, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x25d55e8, lpcbNeeded=0x14ee58) returned 1 [0150.067] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x14eab0, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0150.069] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x84) returned 0x260 [0150.069] EnumProcessModules (in: hProcess=0x260, lphModule=0x25d62f0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25d62f0, lpcbNeeded=0x14ef68) returned 1 [0150.070] GetModuleInformation (in: hProcess=0x260, hModule=0x9f0000, lpmodinfo=0x25d6560, cb=0x18 | out: lpmodinfo=0x25d6560*(lpBaseOfDll=0x9f0000, SizeOfImage=0x17000, EntryPoint=0x9f14a1)) returned 1 [0150.070] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.070] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x9f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="alftp.exe") returned 0x9 [0150.071] CoTaskMemFree (pv=0x698010) [0150.071] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.071] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x9f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Common Files\\alftp.exe" (normalized: "c:\\program files (x86)\\common files\\alftp.exe")) returned 0x2d [0150.071] CoTaskMemFree (pv=0x698010) [0150.071] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25d8760, cb=0x18 | out: lpmodinfo=0x25d8760*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0150.072] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.072] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0150.072] CoTaskMemFree (pv=0x698010) [0150.072] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.072] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0150.073] CoTaskMemFree (pv=0x698010) [0150.073] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x25da908, cb=0x18 | out: lpmodinfo=0x25da908*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0150.073] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.073] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0150.074] CoTaskMemFree (pv=0x698010) [0150.074] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.074] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0150.075] CoTaskMemFree (pv=0x698010) [0150.075] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x25dcab0, cb=0x18 | out: lpmodinfo=0x25dcab0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0150.075] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.075] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0150.076] CoTaskMemFree (pv=0x698010) [0150.076] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.076] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0150.077] CoTaskMemFree (pv=0x698010) [0150.077] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x25dec68, cb=0x18 | out: lpmodinfo=0x25dec68*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0150.077] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.077] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0150.078] CoTaskMemFree (pv=0x698010) [0150.078] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.078] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0150.079] CoTaskMemFree (pv=0x698010) [0150.079] CloseHandle (hObject=0x260) returned 1 [0150.079] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0150.079] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x9c4) returned 0x260 [0150.079] EnumProcessModules (in: hProcess=0x260, lphModule=0x25e1380, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25e1380, lpcbNeeded=0x14ef68) returned 1 [0150.080] GetModuleInformation (in: hProcess=0x260, hModule=0xa10000, lpmodinfo=0x25e15f0, cb=0x18 | out: lpmodinfo=0x25e15f0*(lpBaseOfDll=0xa10000, SizeOfImage=0x17000, EntryPoint=0xa114a1)) returned 1 [0150.080] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.080] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xa10000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="type relationship above.exe") returned 0x1b [0150.081] CoTaskMemFree (pv=0x698010) [0150.081] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.081] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xa10000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Portable Devices\\type relationship above.exe" (normalized: "c:\\program files\\windows portable devices\\type relationship above.exe")) returned 0x45 [0150.081] CoTaskMemFree (pv=0x698010) [0150.081] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25e3840, cb=0x18 | out: lpmodinfo=0x25e3840*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0150.082] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.082] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0150.082] CoTaskMemFree (pv=0x698010) [0150.082] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.082] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0150.083] CoTaskMemFree (pv=0x698010) [0150.083] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x25e59e8, cb=0x18 | out: lpmodinfo=0x25e59e8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0150.083] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.083] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0150.084] CoTaskMemFree (pv=0x698010) [0150.084] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.084] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0150.084] CoTaskMemFree (pv=0x698010) [0150.084] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x25e7b90, cb=0x18 | out: lpmodinfo=0x25e7b90*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0150.085] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.085] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0150.086] CoTaskMemFree (pv=0x698010) [0150.086] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.086] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0150.086] CoTaskMemFree (pv=0x698010) [0150.087] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x25e9d48, cb=0x18 | out: lpmodinfo=0x25e9d48*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0150.087] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.087] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0150.088] CoTaskMemFree (pv=0x698010) [0150.088] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.088] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0150.089] CoTaskMemFree (pv=0x698010) [0150.089] CloseHandle (hObject=0x260) returned 1 [0150.089] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0150.089] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xcd4) returned 0x260 [0150.089] EnumProcessModules (in: hProcess=0x260, lphModule=0x25ec460, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25ec460, lpcbNeeded=0x14ef68) returned 1 [0150.090] GetModuleInformation (in: hProcess=0x260, hModule=0xa40000, lpmodinfo=0x25ec6d0, cb=0x18 | out: lpmodinfo=0x25ec6d0*(lpBaseOfDll=0xa40000, SizeOfImage=0x17000, EntryPoint=0xa414a1)) returned 1 [0150.090] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.090] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xa40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="filezilla.exe") returned 0xd [0150.090] CoTaskMemFree (pv=0x698010) [0150.091] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.091] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xa40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft.NET\\filezilla.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\filezilla.exe")) returned 0x32 [0150.091] CoTaskMemFree (pv=0x698010) [0150.091] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25ee8e0, cb=0x18 | out: lpmodinfo=0x25ee8e0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0150.091] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.091] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0150.092] CoTaskMemFree (pv=0x698010) [0150.092] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.092] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0150.092] CoTaskMemFree (pv=0x698010) [0150.092] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x25f0a88, cb=0x18 | out: lpmodinfo=0x25f0a88*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0150.093] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.093] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0150.093] CoTaskMemFree (pv=0x698010) [0150.093] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.093] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0150.094] CoTaskMemFree (pv=0x698010) [0150.094] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x25f2c30, cb=0x18 | out: lpmodinfo=0x25f2c30*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0150.094] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.094] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0150.095] CoTaskMemFree (pv=0x698010) [0150.095] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.095] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0150.096] CoTaskMemFree (pv=0x698010) [0150.096] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x25f4de8, cb=0x18 | out: lpmodinfo=0x25f4de8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0150.096] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.096] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0150.097] CoTaskMemFree (pv=0x698010) [0150.097] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.097] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0150.098] CoTaskMemFree (pv=0x698010) [0150.098] CloseHandle (hObject=0x260) returned 1 [0150.098] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0150.098] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x45c) returned 0x260 [0150.098] EnumProcessModules (in: hProcess=0x260, lphModule=0x25f7500, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25f7500, lpcbNeeded=0x14ef68) returned 1 [0150.100] GetModuleInformation (in: hProcess=0x260, hModule=0x10a0000, lpmodinfo=0x25f7770, cb=0x18 | out: lpmodinfo=0x25f7770*(lpBaseOfDll=0x10a0000, SizeOfImage=0x17000, EntryPoint=0x10a14a1)) returned 1 [0150.100] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.100] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x10a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="barca.exe") returned 0x9 [0150.101] CoTaskMemFree (pv=0x698010) [0150.101] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.101] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x10a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\barca.exe" (normalized: "c:\\program files (x86)\\windows media player\\barca.exe")) returned 0x35 [0150.101] CoTaskMemFree (pv=0x698010) [0150.101] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25f9980, cb=0x18 | out: lpmodinfo=0x25f9980*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0150.102] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.102] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0150.102] CoTaskMemFree (pv=0x698010) [0150.102] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.103] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0150.103] CoTaskMemFree (pv=0x698010) [0150.103] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x25fbb28, cb=0x18 | out: lpmodinfo=0x25fbb28*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0150.104] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.104] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0150.104] CoTaskMemFree (pv=0x698010) [0150.104] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.104] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0150.105] CoTaskMemFree (pv=0x698010) [0150.105] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x25fdcd0, cb=0x18 | out: lpmodinfo=0x25fdcd0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0150.105] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.105] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0150.106] CoTaskMemFree (pv=0x698010) [0150.106] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.106] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0150.107] CoTaskMemFree (pv=0x698010) [0150.107] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x25ffe88, cb=0x18 | out: lpmodinfo=0x25ffe88*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0150.107] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.107] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0150.108] CoTaskMemFree (pv=0x698010) [0150.108] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.108] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0150.109] CoTaskMemFree (pv=0x698010) [0150.109] CloseHandle (hObject=0x260) returned 1 [0150.109] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0150.109] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x394) returned 0x260 [0150.109] EnumProcessModules (in: hProcess=0x260, lphModule=0x26025a0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26025a0, lpcbNeeded=0x14ef68) returned 1 [0150.110] GetModuleInformation (in: hProcess=0x260, hModule=0x11d0000, lpmodinfo=0x2602810, cb=0x18 | out: lpmodinfo=0x2602810*(lpBaseOfDll=0x11d0000, SizeOfImage=0x17000, EntryPoint=0x11d14a1)) returned 1 [0150.111] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.111] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x11d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="absolutetelnet.exe") returned 0x12 [0150.111] CoTaskMemFree (pv=0x698010) [0150.111] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.111] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x11d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\absolutetelnet.exe" (normalized: "c:\\program files (x86)\\windows media player\\absolutetelnet.exe")) returned 0x3e [0150.111] CoTaskMemFree (pv=0x698010) [0150.111] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2604a40, cb=0x18 | out: lpmodinfo=0x2604a40*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0150.112] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.112] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0150.112] CoTaskMemFree (pv=0x698010) [0150.112] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.112] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0150.113] CoTaskMemFree (pv=0x698010) [0150.113] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x2606be8, cb=0x18 | out: lpmodinfo=0x2606be8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0150.113] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.113] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0150.114] CoTaskMemFree (pv=0x698010) [0150.114] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.114] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0150.115] CoTaskMemFree (pv=0x698010) [0150.115] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x2608d90, cb=0x18 | out: lpmodinfo=0x2608d90*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0150.115] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.115] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0150.116] CoTaskMemFree (pv=0x698010) [0150.116] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.116] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0150.116] CoTaskMemFree (pv=0x698010) [0150.116] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x260af48, cb=0x18 | out: lpmodinfo=0x260af48*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0150.117] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.117] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0150.118] CoTaskMemFree (pv=0x698010) [0150.118] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.118] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0150.119] CoTaskMemFree (pv=0x698010) [0150.119] CloseHandle (hObject=0x260) returned 1 [0150.119] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0150.119] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x144) returned 0x260 [0150.119] EnumProcessModules (in: hProcess=0x260, lphModule=0x260d660, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x260d660, lpcbNeeded=0x14ef68) returned 1 [0150.124] EnumProcessModules (in: hProcess=0x260, lphModule=0x260d878, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x260d878, lpcbNeeded=0x14ef68) returned 1 [0150.129] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff6a3140000, lpmodinfo=0x260dce8, cb=0x18 | out: lpmodinfo=0x260dce8*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0150.130] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.130] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0150.130] CoTaskMemFree (pv=0x698010) [0150.130] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.130] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0150.131] CoTaskMemFree (pv=0x698010) [0150.131] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x260fec8, cb=0x18 | out: lpmodinfo=0x260fec8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0150.131] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.131] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0150.132] CoTaskMemFree (pv=0x698010) [0150.132] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.132] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0150.132] CoTaskMemFree (pv=0x698010) [0150.132] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x2612070, cb=0x18 | out: lpmodinfo=0x2612070*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0150.133] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.133] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0150.133] CoTaskMemFree (pv=0x698010) [0150.134] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.134] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0150.134] CoTaskMemFree (pv=0x698010) [0150.134] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x2614228, cb=0x18 | out: lpmodinfo=0x2614228*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0150.135] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.135] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0150.135] CoTaskMemFree (pv=0x698010) [0150.135] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.135] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0150.136] CoTaskMemFree (pv=0x698010) [0150.136] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x26163e0, cb=0x18 | out: lpmodinfo=0x26163e0*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0150.137] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.137] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0150.138] CoTaskMemFree (pv=0x698010) [0150.138] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.138] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0150.138] CoTaskMemFree (pv=0x698010) [0150.138] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x26185e0, cb=0x18 | out: lpmodinfo=0x26185e0*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0150.139] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.139] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0150.140] CoTaskMemFree (pv=0x698010) [0150.140] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.140] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0150.141] CoTaskMemFree (pv=0x698010) [0150.141] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b760000, lpmodinfo=0x261a788, cb=0x18 | out: lpmodinfo=0x261a788*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0150.142] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.142] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b760000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0150.143] CoTaskMemFree (pv=0x698010) [0150.143] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.143] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b760000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0150.143] CoTaskMemFree (pv=0x698010) [0150.144] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x261c940, cb=0x18 | out: lpmodinfo=0x261c940*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0150.144] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.144] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0150.145] CoTaskMemFree (pv=0x698010) [0150.145] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.145] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0150.146] CoTaskMemFree (pv=0x698010) [0150.146] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x261eae8, cb=0x18 | out: lpmodinfo=0x261eae8*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0150.147] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.147] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0150.148] CoTaskMemFree (pv=0x698010) [0150.150] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.150] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0150.151] CoTaskMemFree (pv=0x698010) [0150.151] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x2620d28, cb=0x18 | out: lpmodinfo=0x2620d28*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0150.152] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.152] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0150.153] CoTaskMemFree (pv=0x698010) [0150.153] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.153] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0150.154] CoTaskMemFree (pv=0x698010) [0150.154] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x2622f00, cb=0x18 | out: lpmodinfo=0x2622f00*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0150.155] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.155] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0150.156] CoTaskMemFree (pv=0x698010) [0150.156] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.156] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0150.157] CoTaskMemFree (pv=0x698010) [0150.157] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x26250c8, cb=0x18 | out: lpmodinfo=0x26250c8*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0150.158] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.158] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0150.160] CoTaskMemFree (pv=0x698010) [0150.160] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.160] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0150.161] CoTaskMemFree (pv=0x698010) [0150.161] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x2627270, cb=0x18 | out: lpmodinfo=0x2627270*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0150.162] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.162] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0150.163] CoTaskMemFree (pv=0x698010) [0150.163] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.163] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0150.165] CoTaskMemFree (pv=0x698010) [0150.165] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x2629418, cb=0x18 | out: lpmodinfo=0x2629418*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0150.166] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.166] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0150.168] CoTaskMemFree (pv=0x698010) [0150.168] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.168] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0150.170] CoTaskMemFree (pv=0x698010) [0150.170] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x262b5d0, cb=0x18 | out: lpmodinfo=0x262b5d0*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0150.171] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.171] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0150.173] CoTaskMemFree (pv=0x698010) [0150.173] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.173] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0150.175] CoTaskMemFree (pv=0x698010) [0150.175] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878180000, lpmodinfo=0x262d788, cb=0x18 | out: lpmodinfo=0x262d788*(lpBaseOfDll=0x7ff878180000, SizeOfImage=0xa1000, EntryPoint=0x7ff878183db0)) returned 1 [0150.176] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.176] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878180000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="PortableDeviceApi.dll") returned 0x15 [0150.178] CoTaskMemFree (pv=0x698010) [0150.178] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.178] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878180000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll")) returned 0x29 [0150.179] CoTaskMemFree (pv=0x698010) [0150.179] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x262f960, cb=0x18 | out: lpmodinfo=0x262f960*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0150.181] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.181] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0150.182] CoTaskMemFree (pv=0x698010) [0150.182] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.182] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0150.184] CoTaskMemFree (pv=0x698010) [0150.184] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fb50000, lpmodinfo=0x2631c20, cb=0x18 | out: lpmodinfo=0x2631c20*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0150.186] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.186] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0150.187] CoTaskMemFree (pv=0x698010) [0150.187] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.187] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0150.189] CoTaskMemFree (pv=0x698010) [0150.189] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87efb0000, lpmodinfo=0x2633dc8, cb=0x18 | out: lpmodinfo=0x2633dc8*(lpBaseOfDll=0x7ff87efb0000, SizeOfImage=0x429000, EntryPoint=0x7ff87efd8740)) returned 1 [0150.191] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.191] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87efb0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0150.193] CoTaskMemFree (pv=0x698010) [0150.193] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.193] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87efb0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0150.194] CoTaskMemFree (pv=0x698010) [0150.194] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87afe0000, lpmodinfo=0x2635f80, cb=0x18 | out: lpmodinfo=0x2635f80*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0150.196] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.196] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87afe0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0150.198] CoTaskMemFree (pv=0x698010) [0150.198] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.198] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87afe0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0150.200] CoTaskMemFree (pv=0x698010) [0150.200] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878160000, lpmodinfo=0x2638128, cb=0x18 | out: lpmodinfo=0x2638128*(lpBaseOfDll=0x7ff878160000, SizeOfImage=0x17000, EntryPoint=0x7ff8781625d0)) returned 1 [0150.202] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.202] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878160000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="portabledeviceconnectapi.dll") returned 0x1c [0150.204] CoTaskMemFree (pv=0x698010) [0150.204] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.204] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878160000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\portabledeviceconnectapi.dll" (normalized: "c:\\windows\\system32\\portabledeviceconnectapi.dll")) returned 0x30 [0150.206] CoTaskMemFree (pv=0x698010) [0150.206] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d340000, lpmodinfo=0x263a320, cb=0x18 | out: lpmodinfo=0x263a320*(lpBaseOfDll=0x7ff87d340000, SizeOfImage=0x55000, EntryPoint=0x7ff87d357970)) returned 1 [0150.208] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.208] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d340000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0150.210] CoTaskMemFree (pv=0x698010) [0150.210] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.210] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d340000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0150.212] CoTaskMemFree (pv=0x698010) [0150.212] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpmodinfo=0x263c4d8, cb=0x18 | out: lpmodinfo=0x263c4d8*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0150.214] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.214] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0150.232] CoTaskMemFree (pv=0x698010) [0150.232] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.232] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0150.234] CoTaskMemFree (pv=0x698010) [0150.234] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d170000, lpmodinfo=0x263e680, cb=0x18 | out: lpmodinfo=0x263e680*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0150.237] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.237] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d170000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0150.240] CoTaskMemFree (pv=0x698010) [0150.240] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.240] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d170000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0150.243] CoTaskMemFree (pv=0x698010) [0150.243] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x2640828, cb=0x18 | out: lpmodinfo=0x2640828*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0150.245] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.246] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0150.248] CoTaskMemFree (pv=0x698010) [0150.248] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.248] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0150.252] CoTaskMemFree (pv=0x698010) [0150.252] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878100000, lpmodinfo=0x26429e0, cb=0x18 | out: lpmodinfo=0x26429e0*(lpBaseOfDll=0x7ff878100000, SizeOfImage=0x4a000, EntryPoint=0x7ff878111450)) returned 1 [0150.254] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.254] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878100000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="audioendpointbuilder.dll") returned 0x18 [0150.257] CoTaskMemFree (pv=0x698010) [0150.257] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.257] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878100000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\audioendpointbuilder.dll" (normalized: "c:\\windows\\system32\\audioendpointbuilder.dll")) returned 0x2c [0150.260] CoTaskMemFree (pv=0x698010) [0150.260] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x2644bc8, cb=0x18 | out: lpmodinfo=0x2644bc8*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0150.262] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.262] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0150.264] CoTaskMemFree (pv=0x698010) [0150.264] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.264] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0150.267] CoTaskMemFree (pv=0x698010) [0150.267] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878090000, lpmodinfo=0x2646d70, cb=0x18 | out: lpmodinfo=0x2646d70*(lpBaseOfDll=0x7ff878090000, SizeOfImage=0x70000, EntryPoint=0x7ff8780b2960)) returned 1 [0150.269] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.269] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878090000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="MMDevAPI.DLL") returned 0xc [0150.272] CoTaskMemFree (pv=0x698010) [0150.272] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.272] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878090000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\MMDevAPI.DLL" (normalized: "c:\\windows\\system32\\mmdevapi.dll")) returned 0x20 [0150.274] CoTaskMemFree (pv=0x698010) [0150.274] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ab10000, lpmodinfo=0x2648f28, cb=0x18 | out: lpmodinfo=0x2648f28*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0150.277] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.277] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ab10000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0150.279] CoTaskMemFree (pv=0x698010) [0150.279] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.279] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ab10000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0150.282] CoTaskMemFree (pv=0x698010) [0150.282] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x264b0d0, cb=0x18 | out: lpmodinfo=0x264b0d0*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0150.284] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.284] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0150.287] CoTaskMemFree (pv=0x698010) [0150.287] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.287] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0150.290] CoTaskMemFree (pv=0x698010) [0150.290] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c650000, lpmodinfo=0x264d288, cb=0x18 | out: lpmodinfo=0x264d288*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0150.292] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.292] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c650000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0150.294] CoTaskMemFree (pv=0x698010) [0150.294] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.294] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c650000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0150.297] CoTaskMemFree (pv=0x698010) [0150.298] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ad00000, lpmodinfo=0x264f430, cb=0x18 | out: lpmodinfo=0x264f430*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0150.300] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.300] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0150.303] CoTaskMemFree (pv=0x698010) [0150.303] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.303] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0150.306] CoTaskMemFree (pv=0x698010) [0150.306] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpmodinfo=0x26515e8, cb=0x18 | out: lpmodinfo=0x26515e8*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0150.309] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.309] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0150.312] CoTaskMemFree (pv=0x698010) [0150.312] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.312] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0150.315] CoTaskMemFree (pv=0x698010) [0150.315] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874d40000, lpmodinfo=0x26539a8, cb=0x18 | out: lpmodinfo=0x26539a8*(lpBaseOfDll=0x7ff874d40000, SizeOfImage=0x1e000, EntryPoint=0x7ff874d43ce0)) returned 1 [0150.318] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.318] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874d40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wudfsvc.dll") returned 0xb [0150.321] CoTaskMemFree (pv=0x698010) [0150.321] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.321] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874d40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wudfsvc.dll" (normalized: "c:\\windows\\system32\\wudfsvc.dll")) returned 0x1f [0150.323] CoTaskMemFree (pv=0x698010) [0150.323] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874d00000, lpmodinfo=0x2655b50, cb=0x18 | out: lpmodinfo=0x2655b50*(lpBaseOfDll=0x7ff874d00000, SizeOfImage=0x36000, EntryPoint=0x7ff874d086d0)) returned 1 [0150.326] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.326] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874d00000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WUDFPlatform.dll") returned 0x10 [0150.329] CoTaskMemFree (pv=0x698010) [0150.329] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.329] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874d00000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WUDFPlatform.dll" (normalized: "c:\\windows\\system32\\wudfplatform.dll")) returned 0x24 [0150.333] CoTaskMemFree (pv=0x698010) [0150.333] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x2657d18, cb=0x18 | out: lpmodinfo=0x2657d18*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0150.336] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.336] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0150.339] CoTaskMemFree (pv=0x698010) [0150.339] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.339] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0150.342] CoTaskMemFree (pv=0x698010) [0150.342] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870b60000, lpmodinfo=0x2659ec0, cb=0x18 | out: lpmodinfo=0x2659ec0*(lpBaseOfDll=0x7ff870b60000, SizeOfImage=0x10e000, EntryPoint=0x7ff870bc7960)) returned 1 [0150.346] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.346] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870b60000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="sysmain.dll") returned 0xb [0150.349] CoTaskMemFree (pv=0x698010) [0150.349] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.349] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870b60000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\sysmain.dll" (normalized: "c:\\windows\\system32\\sysmain.dll")) returned 0x1f [0150.352] CoTaskMemFree (pv=0x698010) [0150.352] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870ab0000, lpmodinfo=0x265c068, cb=0x18 | out: lpmodinfo=0x265c068*(lpBaseOfDll=0x7ff870ab0000, SizeOfImage=0x85000, EntryPoint=0x7ff870ac9a10)) returned 1 [0150.355] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.355] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870ab0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="pcasvc.dll") returned 0xa [0150.359] CoTaskMemFree (pv=0x698010) [0150.359] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.359] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870ab0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\pcasvc.dll" (normalized: "c:\\windows\\system32\\pcasvc.dll")) returned 0x1e [0150.363] CoTaskMemFree (pv=0x698010) [0150.363] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87aa90000, lpmodinfo=0x265e210, cb=0x18 | out: lpmodinfo=0x265e210*(lpBaseOfDll=0x7ff87aa90000, SizeOfImage=0x79000, EntryPoint=0x7ff87aaafb90)) returned 1 [0150.366] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.366] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87aa90000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0150.369] CoTaskMemFree (pv=0x698010) [0150.369] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.369] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87aa90000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0150.373] CoTaskMemFree (pv=0x698010) [0150.373] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bd20000, lpmodinfo=0x26603b8, cb=0x18 | out: lpmodinfo=0x26603b8*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0150.376] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.376] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0150.380] CoTaskMemFree (pv=0x698010) [0150.380] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.380] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0150.383] CoTaskMemFree (pv=0x698010) [0150.383] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x2662560, cb=0x18 | out: lpmodinfo=0x2662560*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0150.387] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.387] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0150.391] CoTaskMemFree (pv=0x698010) [0150.391] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.391] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0150.394] CoTaskMemFree (pv=0x698010) [0150.394] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870a80000, lpmodinfo=0x2664708, cb=0x18 | out: lpmodinfo=0x2664708*(lpBaseOfDll=0x7ff870a80000, SizeOfImage=0x22000, EntryPoint=0x7ff870a8adf0)) returned 1 [0150.398] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.398] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870a80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="trkwks.dll") returned 0xa [0150.401] CoTaskMemFree (pv=0x698010) [0150.401] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.401] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870a80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\trkwks.dll" (normalized: "c:\\windows\\system32\\trkwks.dll")) returned 0x1e [0150.406] CoTaskMemFree (pv=0x698010) [0150.406] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bab0000, lpmodinfo=0x26668b0, cb=0x18 | out: lpmodinfo=0x26668b0*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0150.410] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.410] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0150.413] CoTaskMemFree (pv=0x698010) [0150.413] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.413] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0150.417] CoTaskMemFree (pv=0x698010) [0150.417] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878150000, lpmodinfo=0x2668a58, cb=0x18 | out: lpmodinfo=0x2668a58*(lpBaseOfDll=0x7ff878150000, SizeOfImage=0xc000, EntryPoint=0x7ff878152830)) returned 1 [0150.428] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.428] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878150000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bi.dll") returned 0x6 [0150.432] CoTaskMemFree (pv=0x698010) [0150.432] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.432] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878150000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")) returned 0x1a [0150.437] CoTaskMemFree (pv=0x698010) [0150.437] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f460000, lpmodinfo=0x266abf0, cb=0x18 | out: lpmodinfo=0x266abf0*(lpBaseOfDll=0x7ff86f460000, SizeOfImage=0xb000, EntryPoint=0x7ff86f461e70)) returned 1 [0150.441] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.441] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f460000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SystemEventsBrokerClient.dll") returned 0x1c [0150.445] CoTaskMemFree (pv=0x698010) [0150.446] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.446] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f460000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\systemeventsbrokerclient.dll")) returned 0x30 [0150.449] CoTaskMemFree (pv=0x698010) [0150.449] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c430000, lpmodinfo=0x266cde8, cb=0x18 | out: lpmodinfo=0x266cde8*(lpBaseOfDll=0x7ff86c430000, SizeOfImage=0x58000, EntryPoint=0x7ff86c447f80)) returned 1 [0150.453] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.453] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c430000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ncbservice.dll") returned 0xe [0150.457] CoTaskMemFree (pv=0x698010) [0150.457] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.457] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c430000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ncbservice.dll" (normalized: "c:\\windows\\system32\\ncbservice.dll")) returned 0x22 [0150.462] CoTaskMemFree (pv=0x698010) [0150.462] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87eed0000, lpmodinfo=0x266efa0, cb=0x18 | out: lpmodinfo=0x266efa0*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0150.466] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.466] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0150.470] CoTaskMemFree (pv=0x698010) [0150.470] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.470] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0150.473] CoTaskMemFree (pv=0x698010) [0150.473] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87efa0000, lpmodinfo=0x2671148, cb=0x18 | out: lpmodinfo=0x2671148*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0150.477] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.477] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0150.482] CoTaskMemFree (pv=0x698010) [0150.482] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.482] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0150.486] CoTaskMemFree (pv=0x698010) [0150.486] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875480000, lpmodinfo=0x26732e0, cb=0x18 | out: lpmodinfo=0x26732e0*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0150.490] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.490] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875480000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0150.501] CoTaskMemFree (pv=0x698010) [0150.501] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.501] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875480000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0150.505] CoTaskMemFree (pv=0x698010) [0150.505] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ae70000, lpmodinfo=0x2675498, cb=0x18 | out: lpmodinfo=0x2675498*(lpBaseOfDll=0x7ff87ae70000, SizeOfImage=0x40000, EntryPoint=0x7ff87ae81960)) returned 1 [0150.509] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.509] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ae70000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="BrokerLib.dll") returned 0xd [0150.513] CoTaskMemFree (pv=0x698010) [0150.513] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.514] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ae70000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")) returned 0x21 [0150.518] CoTaskMemFree (pv=0x698010) [0150.518] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872410000, lpmodinfo=0x2677650, cb=0x18 | out: lpmodinfo=0x2677650*(lpBaseOfDll=0x7ff872410000, SizeOfImage=0x9000, EntryPoint=0x7ff8724121d0)) returned 1 [0150.522] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.522] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872410000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="httpprxc.dll") returned 0xc [0150.526] CoTaskMemFree (pv=0x698010) [0150.526] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.526] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872410000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll")) returned 0x20 [0150.531] CoTaskMemFree (pv=0x698010) [0150.531] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87be90000, lpmodinfo=0x2679808, cb=0x18 | out: lpmodinfo=0x2679808*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0150.535] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.535] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87be90000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0150.539] CoTaskMemFree (pv=0x698010) [0150.539] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.539] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87be90000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0150.544] CoTaskMemFree (pv=0x698010) [0150.544] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873f90000, lpmodinfo=0x267b9b0, cb=0x18 | out: lpmodinfo=0x267b9b0*(lpBaseOfDll=0x7ff873f90000, SizeOfImage=0x44000, EntryPoint=0x7ff873f9c010)) returned 1 [0150.548] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.548] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873f90000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="execmodelclient.dll") returned 0x13 [0150.552] CoTaskMemFree (pv=0x698010) [0150.552] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.552] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873f90000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\execmodelclient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")) returned 0x27 [0150.558] CoTaskMemFree (pv=0x698010) [0150.558] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpmodinfo=0x267db78, cb=0x18 | out: lpmodinfo=0x267db78*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0150.563] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.563] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="CoreMessaging.dll") returned 0x11 [0150.567] CoTaskMemFree (pv=0x698010) [0150.567] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.567] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0150.572] CoTaskMemFree (pv=0x698010) [0150.572] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8727c0000, lpmodinfo=0x267fd40, cb=0x18 | out: lpmodinfo=0x267fd40*(lpBaseOfDll=0x7ff8727c0000, SizeOfImage=0x40000, EntryPoint=0x7ff8727d6c60)) returned 1 [0150.577] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.577] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8727c0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0150.581] CoTaskMemFree (pv=0x698010) [0150.581] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.581] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8727c0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0150.586] CoTaskMemFree (pv=0x698010) [0150.586] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874a90000, lpmodinfo=0x2681ef8, cb=0x18 | out: lpmodinfo=0x2681ef8*(lpBaseOfDll=0x7ff874a90000, SizeOfImage=0xe000, EntryPoint=0x7ff874a91460)) returned 1 [0150.590] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.590] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874a90000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0150.595] CoTaskMemFree (pv=0x698010) [0150.595] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.595] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874a90000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0150.600] CoTaskMemFree (pv=0x698010) [0150.600] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878230000, lpmodinfo=0x26840b0, cb=0x18 | out: lpmodinfo=0x26840b0*(lpBaseOfDll=0x7ff878230000, SizeOfImage=0xbf000, EntryPoint=0x7ff878251c50)) returned 1 [0150.605] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.605] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878230000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0150.609] CoTaskMemFree (pv=0x698010) [0150.609] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.609] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878230000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0150.614] CoTaskMemFree (pv=0x698010) [0150.614] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878ff0000, lpmodinfo=0x2686268, cb=0x18 | out: lpmodinfo=0x2686268*(lpBaseOfDll=0x7ff878ff0000, SizeOfImage=0x36000, EntryPoint=0x7ff879000070)) returned 1 [0150.618] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.618] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878ff0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0150.623] CoTaskMemFree (pv=0x698010) [0150.623] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.623] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878ff0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0150.629] CoTaskMemFree (pv=0x698010) [0150.629] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpmodinfo=0x2688410, cb=0x18 | out: lpmodinfo=0x2688410*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0150.634] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.634] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0150.638] CoTaskMemFree (pv=0x698010) [0150.638] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.638] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0150.644] CoTaskMemFree (pv=0x698010) [0150.644] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f5d0000, lpmodinfo=0x268a5b8, cb=0x18 | out: lpmodinfo=0x268a5b8*(lpBaseOfDll=0x7ff87f5d0000, SizeOfImage=0x6f000, EntryPoint=0x7ff87f5f5f70)) returned 1 [0150.648] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.648] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f5d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="coml2.dll") returned 0x9 [0150.654] CoTaskMemFree (pv=0x698010) [0150.654] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.654] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f5d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll")) returned 0x1d [0150.658] CoTaskMemFree (pv=0x698010) [0150.658] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879c90000, lpmodinfo=0x268c760, cb=0x18 | out: lpmodinfo=0x268c760*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0150.664] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.664] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879c90000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0150.669] CoTaskMemFree (pv=0x698010) [0150.669] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.669] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879c90000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0150.675] CoTaskMemFree (pv=0x698010) [0150.675] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870b40000, lpmodinfo=0x268e918, cb=0x18 | out: lpmodinfo=0x268e918*(lpBaseOfDll=0x7ff870b40000, SizeOfImage=0x1d000, EntryPoint=0x7ff870b46190)) returned 1 [0150.679] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.679] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870b40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wdi.dll") returned 0x7 [0150.684] CoTaskMemFree (pv=0x698010) [0150.684] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.684] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870b40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll")) returned 0x1b [0150.689] CoTaskMemFree (pv=0x698010) [0150.689] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874fb0000, lpmodinfo=0x2690ab0, cb=0x18 | out: lpmodinfo=0x2690ab0*(lpBaseOfDll=0x7ff874fb0000, SizeOfImage=0x10000, EntryPoint=0x7ff874fb1ec0)) returned 1 [0150.694] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.694] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874fb0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="pcadm.dll") returned 0x9 [0150.700] CoTaskMemFree (pv=0x698010) [0150.700] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.700] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874fb0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pcadm.dll" (normalized: "c:\\windows\\system32\\pcadm.dll")) returned 0x1d [0150.705] CoTaskMemFree (pv=0x698010) [0150.705] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f070000, lpmodinfo=0x2692c58, cb=0x18 | out: lpmodinfo=0x2692c58*(lpBaseOfDll=0x7ff86f070000, SizeOfImage=0x10000, EntryPoint=0x7ff86f073d50)) returned 1 [0150.711] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.711] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f070000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="pcacli.dll") returned 0xa [0150.716] CoTaskMemFree (pv=0x698010) [0150.716] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.716] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f070000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pcacli.dll" (normalized: "c:\\windows\\system32\\pcacli.dll")) returned 0x1e [0150.721] CoTaskMemFree (pv=0x698010) [0150.721] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874540000, lpmodinfo=0x2694e00, cb=0x18 | out: lpmodinfo=0x2694e00*(lpBaseOfDll=0x7ff874540000, SizeOfImage=0x1b000, EntryPoint=0x7ff874541040)) returned 1 [0150.726] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.726] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874540000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="MPR.dll") returned 0x7 [0150.731] CoTaskMemFree (pv=0x698010) [0150.731] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0150.731] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874540000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MPR.dll" (normalized: "c:\\windows\\system32\\mpr.dll")) returned 0x1b [0150.737] CoTaskMemFree (pv=0x698010) [0150.737] CloseHandle (hObject=0x260) returned 1 [0150.738] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0150.738] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xb44) returned 0x260 [0150.738] EnumProcessModules (in: hProcess=0x260, lphModule=0x2698d58, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2698d58, lpcbNeeded=0x14ef68) returned 1 [0150.738] GetModuleInformation (in: hProcess=0x260, hModule=0xd10000, lpmodinfo=0x2698fc8, cb=0x18 | out: lpmodinfo=0x2698fc8*(lpBaseOfDll=0xd10000, SizeOfImage=0x17000, EntryPoint=0xd114a1)) returned 1 [0150.739] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.739] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xd10000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="practice.exe") returned 0xc [0150.739] CoTaskMemFree (pv=0x69a130) [0150.739] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.739] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xd10000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Office\\practice.exe" (normalized: "c:\\program files (x86)\\microsoft office\\practice.exe")) returned 0x34 [0150.740] CoTaskMemFree (pv=0x69a130) [0150.740] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x269b1e0, cb=0x18 | out: lpmodinfo=0x269b1e0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0150.740] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.740] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0150.741] CoTaskMemFree (pv=0x69a130) [0150.741] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.741] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0150.741] CoTaskMemFree (pv=0x69a130) [0150.741] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x269d388, cb=0x18 | out: lpmodinfo=0x269d388*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0150.742] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.742] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0150.742] CoTaskMemFree (pv=0x69a130) [0150.742] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.742] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0150.743] CoTaskMemFree (pv=0x69a130) [0150.743] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x269f530, cb=0x18 | out: lpmodinfo=0x269f530*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0150.743] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.743] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0150.744] CoTaskMemFree (pv=0x69a130) [0150.744] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.744] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0150.744] CoTaskMemFree (pv=0x69a130) [0150.745] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x26a16e8, cb=0x18 | out: lpmodinfo=0x26a16e8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0150.745] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.745] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0150.746] CoTaskMemFree (pv=0x69a130) [0150.746] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.746] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0150.746] CoTaskMemFree (pv=0x69a130) [0150.746] CloseHandle (hObject=0x260) returned 1 [0150.747] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0150.747] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10a4) returned 0x260 [0150.747] EnumProcessModules (in: hProcess=0x260, lphModule=0x26a3e00, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26a3e00, lpcbNeeded=0x14ef68) returned 1 [0150.747] GetModuleInformation (in: hProcess=0x260, hModule=0xa0000, lpmodinfo=0x26a4070, cb=0x18 | out: lpmodinfo=0x26a4070*(lpBaseOfDll=0xa0000, SizeOfImage=0x17000, EntryPoint=0xa14a1)) returned 1 [0150.748] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.748] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xa0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="skype.exe") returned 0x9 [0150.748] CoTaskMemFree (pv=0x69a130) [0150.748] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.748] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xa0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Program Files\\Uninstall Information\\skype.exe" (normalized: "c:\\program files\\uninstall information\\skype.exe")) returned 0x30 [0150.749] CoTaskMemFree (pv=0x69a130) [0150.749] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x26a6278, cb=0x18 | out: lpmodinfo=0x26a6278*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0150.749] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.749] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0150.750] CoTaskMemFree (pv=0x69a130) [0150.750] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.750] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0150.750] CoTaskMemFree (pv=0x69a130) [0150.750] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x26a8420, cb=0x18 | out: lpmodinfo=0x26a8420*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0150.750] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.751] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0150.751] CoTaskMemFree (pv=0x69a130) [0150.751] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.751] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0150.752] CoTaskMemFree (pv=0x69a130) [0150.752] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x26aa5c8, cb=0x18 | out: lpmodinfo=0x26aa5c8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0150.752] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.752] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0150.753] CoTaskMemFree (pv=0x69a130) [0150.753] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.753] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0150.754] CoTaskMemFree (pv=0x69a130) [0150.754] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x26ac780, cb=0x18 | out: lpmodinfo=0x26ac780*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0150.754] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.754] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0150.755] CoTaskMemFree (pv=0x69a130) [0150.755] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.755] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0150.756] CoTaskMemFree (pv=0x69a130) [0150.756] CloseHandle (hObject=0x260) returned 1 [0150.756] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0150.756] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x112c) returned 0x260 [0150.756] EnumProcessModules (in: hProcess=0x260, lphModule=0x26aee98, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26aee98, lpcbNeeded=0x14ef68) returned 1 [0150.757] GetModuleInformation (in: hProcess=0x260, hModule=0xbe0000, lpmodinfo=0x26af108, cb=0x18 | out: lpmodinfo=0x26af108*(lpBaseOfDll=0xbe0000, SizeOfImage=0x17000, EntryPoint=0xbe14a1)) returned 1 [0150.757] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.757] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xbe0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="centralcreditcard.exe") returned 0x15 [0150.758] CoTaskMemFree (pv=0x69a130) [0150.758] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.758] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xbe0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Portable Devices\\centralcreditcard.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\centralcreditcard.exe")) returned 0x45 [0150.758] CoTaskMemFree (pv=0x69a130) [0150.758] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x26b1350, cb=0x18 | out: lpmodinfo=0x26b1350*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0150.759] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.759] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0150.759] CoTaskMemFree (pv=0x69a130) [0150.759] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.759] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0150.760] CoTaskMemFree (pv=0x69a130) [0150.760] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x26b34f8, cb=0x18 | out: lpmodinfo=0x26b34f8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0150.760] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.760] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0150.761] CoTaskMemFree (pv=0x69a130) [0150.761] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.761] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0150.762] CoTaskMemFree (pv=0x69a130) [0150.762] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x26b56a0, cb=0x18 | out: lpmodinfo=0x26b56a0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0150.763] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.763] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0150.764] CoTaskMemFree (pv=0x69a130) [0150.764] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.764] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0150.764] CoTaskMemFree (pv=0x69a130) [0150.764] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x26b7858, cb=0x18 | out: lpmodinfo=0x26b7858*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0150.765] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.765] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0150.767] CoTaskMemFree (pv=0x69a130) [0150.767] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.767] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0150.767] CoTaskMemFree (pv=0x69a130) [0150.767] CloseHandle (hObject=0x260) returned 1 [0150.768] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0150.768] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1164) returned 0x260 [0150.768] EnumProcessModules (in: hProcess=0x260, lphModule=0x26b9f70, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26b9f70, lpcbNeeded=0x14ef68) returned 1 [0150.768] GetModuleInformation (in: hProcess=0x260, hModule=0x1100000, lpmodinfo=0x26ba1e0, cb=0x18 | out: lpmodinfo=0x26ba1e0*(lpBaseOfDll=0x1100000, SizeOfImage=0x17000, EntryPoint=0x11014a1)) returned 1 [0150.769] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.769] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x1100000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="fpos.exe") returned 0x8 [0150.769] CoTaskMemFree (pv=0x69a130) [0150.769] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.769] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x1100000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Mail\\fpos.exe" (normalized: "c:\\program files\\windows mail\\fpos.exe")) returned 0x26 [0150.770] CoTaskMemFree (pv=0x69a130) [0150.770] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x26bc3d0, cb=0x18 | out: lpmodinfo=0x26bc3d0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0150.770] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.770] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0150.770] CoTaskMemFree (pv=0x69a130) [0150.770] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.770] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0150.771] CoTaskMemFree (pv=0x69a130) [0150.771] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x26be578, cb=0x18 | out: lpmodinfo=0x26be578*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0150.772] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.772] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0150.772] CoTaskMemFree (pv=0x69a130) [0150.772] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.772] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0150.773] CoTaskMemFree (pv=0x69a130) [0150.773] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x26c0720, cb=0x18 | out: lpmodinfo=0x26c0720*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0150.773] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.773] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0150.774] CoTaskMemFree (pv=0x69a130) [0150.774] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.774] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0150.775] CoTaskMemFree (pv=0x69a130) [0150.775] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x26c28d8, cb=0x18 | out: lpmodinfo=0x26c28d8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0150.775] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.775] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0150.776] CoTaskMemFree (pv=0x69a130) [0150.776] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.776] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0150.777] CoTaskMemFree (pv=0x69a130) [0150.777] CloseHandle (hObject=0x260) returned 1 [0150.777] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0150.777] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x388) returned 0x260 [0150.777] EnumProcessModules (in: hProcess=0x260, lphModule=0x26c4ff0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26c4ff0, lpcbNeeded=0x14ef68) returned 1 [0150.781] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff6a3140000, lpmodinfo=0x26c5260, cb=0x18 | out: lpmodinfo=0x26c5260*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0150.781] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.781] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0150.782] CoTaskMemFree (pv=0x69a130) [0150.782] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.782] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0150.782] CoTaskMemFree (pv=0x69a130) [0150.782] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x26c7440, cb=0x18 | out: lpmodinfo=0x26c7440*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0150.783] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.783] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0150.783] CoTaskMemFree (pv=0x69a130) [0150.783] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.783] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0150.784] CoTaskMemFree (pv=0x69a130) [0150.784] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x26c95e8, cb=0x18 | out: lpmodinfo=0x26c95e8*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0150.784] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.784] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0150.785] CoTaskMemFree (pv=0x69a130) [0150.785] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.785] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0150.786] CoTaskMemFree (pv=0x69a130) [0150.786] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x26cb7a0, cb=0x18 | out: lpmodinfo=0x26cb7a0*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0150.786] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.786] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0150.787] CoTaskMemFree (pv=0x69a130) [0150.787] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.787] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0150.787] CoTaskMemFree (pv=0x69a130) [0150.787] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x26cd958, cb=0x18 | out: lpmodinfo=0x26cd958*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0150.788] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.788] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0150.789] CoTaskMemFree (pv=0x69a130) [0150.789] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.789] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0150.790] CoTaskMemFree (pv=0x69a130) [0150.790] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x26cfb58, cb=0x18 | out: lpmodinfo=0x26cfb58*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0150.790] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.790] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0150.791] CoTaskMemFree (pv=0x69a130) [0150.791] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.791] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0150.792] CoTaskMemFree (pv=0x69a130) [0150.792] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b760000, lpmodinfo=0x26d1d00, cb=0x18 | out: lpmodinfo=0x26d1d00*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0150.793] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.793] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b760000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0150.794] CoTaskMemFree (pv=0x69a130) [0150.794] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.794] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b760000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0150.795] CoTaskMemFree (pv=0x69a130) [0150.795] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x26d3eb8, cb=0x18 | out: lpmodinfo=0x26d3eb8*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0150.796] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.796] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0150.797] CoTaskMemFree (pv=0x69a130) [0150.797] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.797] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0150.798] CoTaskMemFree (pv=0x69a130) [0150.798] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x26d6060, cb=0x18 | out: lpmodinfo=0x26d6060*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0150.798] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.799] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0150.799] CoTaskMemFree (pv=0x69a130) [0150.800] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.800] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0150.801] CoTaskMemFree (pv=0x69a130) [0150.801] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x26d82a0, cb=0x18 | out: lpmodinfo=0x26d82a0*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0150.802] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.802] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0150.803] CoTaskMemFree (pv=0x69a130) [0150.803] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.803] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0150.804] CoTaskMemFree (pv=0x69a130) [0150.804] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x26da478, cb=0x18 | out: lpmodinfo=0x26da478*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0150.805] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.805] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0150.807] CoTaskMemFree (pv=0x69a130) [0150.807] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.807] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0150.808] CoTaskMemFree (pv=0x69a130) [0150.808] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x26dc640, cb=0x18 | out: lpmodinfo=0x26dc640*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0150.809] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.809] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0150.810] CoTaskMemFree (pv=0x69a130) [0150.810] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.810] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0150.811] CoTaskMemFree (pv=0x69a130) [0150.811] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x26de7e8, cb=0x18 | out: lpmodinfo=0x26de7e8*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0150.812] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.812] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0150.813] CoTaskMemFree (pv=0x69a130) [0150.814] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.814] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0150.815] CoTaskMemFree (pv=0x69a130) [0150.815] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879880000, lpmodinfo=0x26e0990, cb=0x18 | out: lpmodinfo=0x26e0990*(lpBaseOfDll=0x7ff879880000, SizeOfImage=0x2c000, EntryPoint=0x7ff87988ad60)) returned 1 [0150.816] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.816] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879880000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="timebrokerserver.dll") returned 0x14 [0150.818] CoTaskMemFree (pv=0x69a130) [0150.818] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.818] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879880000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\timebrokerserver.dll" (normalized: "c:\\windows\\system32\\timebrokerserver.dll")) returned 0x28 [0150.819] CoTaskMemFree (pv=0x69a130) [0150.819] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x26e2b68, cb=0x18 | out: lpmodinfo=0x26e2b68*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0150.821] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.821] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0150.822] CoTaskMemFree (pv=0x69a130) [0150.822] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.822] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0150.824] CoTaskMemFree (pv=0x69a130) [0150.824] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ae70000, lpmodinfo=0x26e4d20, cb=0x18 | out: lpmodinfo=0x26e4d20*(lpBaseOfDll=0x7ff87ae70000, SizeOfImage=0x40000, EntryPoint=0x7ff87ae81960)) returned 1 [0150.825] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.825] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ae70000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="BrokerLib.dll") returned 0xd [0150.827] CoTaskMemFree (pv=0x69a130) [0150.827] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.827] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ae70000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")) returned 0x21 [0150.828] CoTaskMemFree (pv=0x69a130) [0150.828] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878150000, lpmodinfo=0x26e6ed8, cb=0x18 | out: lpmodinfo=0x26e6ed8*(lpBaseOfDll=0x7ff878150000, SizeOfImage=0xc000, EntryPoint=0x7ff878152830)) returned 1 [0150.830] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.830] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878150000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="bi.dll") returned 0x6 [0150.831] CoTaskMemFree (pv=0x69a130) [0150.831] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.831] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878150000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")) returned 0x1a [0150.833] CoTaskMemFree (pv=0x69a130) [0150.833] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x26e9188, cb=0x18 | out: lpmodinfo=0x26e9188*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0150.835] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.835] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0150.837] CoTaskMemFree (pv=0x69a130) [0150.837] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.838] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0150.839] CoTaskMemFree (pv=0x69a130) [0150.839] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873f90000, lpmodinfo=0x26eb330, cb=0x18 | out: lpmodinfo=0x26eb330*(lpBaseOfDll=0x7ff873f90000, SizeOfImage=0x44000, EntryPoint=0x7ff873f9c010)) returned 1 [0150.841] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.841] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873f90000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="execmodelclient.dll") returned 0x13 [0150.843] CoTaskMemFree (pv=0x69a130) [0150.843] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.843] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873f90000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\execmodelclient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")) returned 0x27 [0150.844] CoTaskMemFree (pv=0x69a130) [0150.844] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpmodinfo=0x26ed4f8, cb=0x18 | out: lpmodinfo=0x26ed4f8*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0150.846] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.846] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="CoreMessaging.dll") returned 0x11 [0150.848] CoTaskMemFree (pv=0x69a130) [0150.848] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.848] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0150.850] CoTaskMemFree (pv=0x69a130) [0150.850] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpmodinfo=0x26ef6c0, cb=0x18 | out: lpmodinfo=0x26ef6c0*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0150.852] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.852] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0150.854] CoTaskMemFree (pv=0x69a130) [0150.854] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.854] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0150.856] CoTaskMemFree (pv=0x69a130) [0150.856] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x26f1888, cb=0x18 | out: lpmodinfo=0x26f1888*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0150.858] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.858] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0150.860] CoTaskMemFree (pv=0x69a130) [0150.860] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.860] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0150.862] CoTaskMemFree (pv=0x69a130) [0150.862] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c650000, lpmodinfo=0x26f3a30, cb=0x18 | out: lpmodinfo=0x26f3a30*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0150.864] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.864] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c650000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0150.867] CoTaskMemFree (pv=0x69a130) [0150.867] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.867] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c650000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0150.869] CoTaskMemFree (pv=0x69a130) [0150.869] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8658d0000, lpmodinfo=0x26f5bd8, cb=0x18 | out: lpmodinfo=0x26f5bd8*(lpBaseOfDll=0x7ff8658d0000, SizeOfImage=0x41000, EntryPoint=0x7ff8658e1de0)) returned 1 [0150.871] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.871] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8658d0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="ssdpsrv.dll") returned 0xb [0150.873] CoTaskMemFree (pv=0x69a130) [0150.873] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.874] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8658d0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ssdpsrv.dll" (normalized: "c:\\windows\\system32\\ssdpsrv.dll")) returned 0x1f [0150.875] CoTaskMemFree (pv=0x69a130) [0150.875] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87eed0000, lpmodinfo=0x26f7d80, cb=0x18 | out: lpmodinfo=0x26f7d80*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0150.877] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.877] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0150.879] CoTaskMemFree (pv=0x69a130) [0150.879] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.879] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0150.882] CoTaskMemFree (pv=0x69a130) [0150.882] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87efa0000, lpmodinfo=0x26f9f28, cb=0x18 | out: lpmodinfo=0x26f9f28*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0150.884] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.884] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0150.886] CoTaskMemFree (pv=0x69a130) [0150.886] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.886] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0150.889] CoTaskMemFree (pv=0x69a130) [0150.889] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87cdb0000, lpmodinfo=0x26fc0c0, cb=0x18 | out: lpmodinfo=0x26fc0c0*(lpBaseOfDll=0x7ff87cdb0000, SizeOfImage=0x86000, EntryPoint=0x7ff87cdbd8f0)) returned 1 [0150.891] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.891] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87cdb0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="FirewallAPI.dll") returned 0xf [0150.893] CoTaskMemFree (pv=0x69a130) [0150.893] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.893] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87cdb0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0150.896] CoTaskMemFree (pv=0x69a130) [0150.896] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b340000, lpmodinfo=0x26fe278, cb=0x18 | out: lpmodinfo=0x26fe278*(lpBaseOfDll=0x7ff87b340000, SizeOfImage=0x32000, EntryPoint=0x7ff87b352340)) returned 1 [0150.898] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.898] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b340000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="fwbase.dll") returned 0xa [0150.901] CoTaskMemFree (pv=0x69a130) [0150.901] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.901] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b340000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")) returned 0x1e [0150.903] CoTaskMemFree (pv=0x69a130) [0150.903] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875480000, lpmodinfo=0x2700420, cb=0x18 | out: lpmodinfo=0x2700420*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0150.907] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.907] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875480000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0150.909] CoTaskMemFree (pv=0x69a130) [0150.909] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.909] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875480000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0150.912] CoTaskMemFree (pv=0x69a130) [0150.912] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875270000, lpmodinfo=0x27025d8, cb=0x18 | out: lpmodinfo=0x27025d8*(lpBaseOfDll=0x7ff875270000, SizeOfImage=0x16000, EntryPoint=0x7ff8752719f0)) returned 1 [0150.915] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.915] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875270000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0150.917] CoTaskMemFree (pv=0x69a130) [0150.917] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.917] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875270000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0150.920] CoTaskMemFree (pv=0x69a130) [0150.920] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875250000, lpmodinfo=0x2704790, cb=0x18 | out: lpmodinfo=0x2704790*(lpBaseOfDll=0x7ff875250000, SizeOfImage=0x1a000, EntryPoint=0x7ff875252430)) returned 1 [0150.922] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.922] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875250000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0150.925] CoTaskMemFree (pv=0x69a130) [0150.925] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.925] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875250000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0150.928] CoTaskMemFree (pv=0x69a130) [0150.928] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bf40000, lpmodinfo=0x2706948, cb=0x18 | out: lpmodinfo=0x2706948*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0150.930] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.930] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0150.933] CoTaskMemFree (pv=0x69a130) [0150.933] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.933] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0150.936] CoTaskMemFree (pv=0x69a130) [0150.936] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpmodinfo=0x2708af0, cb=0x18 | out: lpmodinfo=0x2708af0*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0150.939] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.939] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0150.941] CoTaskMemFree (pv=0x69a130) [0150.941] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.941] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0150.944] CoTaskMemFree (pv=0x69a130) [0150.944] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c060000, lpmodinfo=0x270aeb0, cb=0x18 | out: lpmodinfo=0x270aeb0*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0150.947] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.947] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c060000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0150.950] CoTaskMemFree (pv=0x69a130) [0150.950] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.950] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c060000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0150.953] CoTaskMemFree (pv=0x69a130) [0150.953] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87be90000, lpmodinfo=0x270d068, cb=0x18 | out: lpmodinfo=0x270d068*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0150.956] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.956] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87be90000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0150.959] CoTaskMemFree (pv=0x69a130) [0150.959] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.959] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87be90000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0150.962] CoTaskMemFree (pv=0x69a130) [0150.962] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870fc0000, lpmodinfo=0x270f210, cb=0x18 | out: lpmodinfo=0x270f210*(lpBaseOfDll=0x7ff870fc0000, SizeOfImage=0xa000, EntryPoint=0x7ff870fc15c0)) returned 1 [0150.965] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.965] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870fc0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wshqos.dll") returned 0xa [0150.969] CoTaskMemFree (pv=0x69a130) [0150.969] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.969] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870fc0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll")) returned 0x1e [0150.972] CoTaskMemFree (pv=0x69a130) [0150.972] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870e00000, lpmodinfo=0x27113b8, cb=0x18 | out: lpmodinfo=0x27113b8*(lpBaseOfDll=0x7ff870e00000, SizeOfImage=0x8000, EntryPoint=0x7ff870e010a0)) returned 1 [0150.975] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.975] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870e00000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wshtcpip.DLL") returned 0xc [0150.978] CoTaskMemFree (pv=0x69a130) [0150.978] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.978] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870e00000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wshtcpip.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0150.982] CoTaskMemFree (pv=0x69a130) [0150.982] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870df0000, lpmodinfo=0x2713570, cb=0x18 | out: lpmodinfo=0x2713570*(lpBaseOfDll=0x7ff870df0000, SizeOfImage=0x8000, EntryPoint=0x7ff870df1ab0)) returned 1 [0150.985] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.985] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870df0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0150.989] CoTaskMemFree (pv=0x69a130) [0150.989] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.989] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870df0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0150.992] CoTaskMemFree (pv=0x69a130) [0150.992] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x2715718, cb=0x18 | out: lpmodinfo=0x2715718*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0150.995] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.995] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="sspicli.dll") returned 0xb [0150.999] CoTaskMemFree (pv=0x69a130) [0150.999] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0150.999] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0151.002] CoTaskMemFree (pv=0x69a130) [0151.002] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8750d0000, lpmodinfo=0x27178c0, cb=0x18 | out: lpmodinfo=0x27178c0*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0151.005] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.005] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0151.008] CoTaskMemFree (pv=0x69a130) [0151.008] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.008] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0151.012] CoTaskMemFree (pv=0x69a130) [0151.012] CloseHandle (hObject=0x260) returned 1 [0151.012] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0151.012] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1fc) returned 0x260 [0151.012] EnumProcessModules (in: hProcess=0x260, lphModule=0x271ab78, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x271ab78, lpcbNeeded=0x14ef68) returned 1 [0151.016] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff6a4020000, lpmodinfo=0x271ade8, cb=0x18 | out: lpmodinfo=0x271ade8*(lpBaseOfDll=0x7ff6a4020000, SizeOfImage=0x94000, EntryPoint=0x7ff6a4048810)) returned 1 [0151.016] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.016] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff6a4020000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="winlogon.exe") returned 0xc [0151.016] CoTaskMemFree (pv=0x69a130) [0151.016] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.016] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff6a4020000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\winlogon.exe" (normalized: "c:\\windows\\system32\\winlogon.exe")) returned 0x20 [0151.017] CoTaskMemFree (pv=0x69a130) [0151.017] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x271cfd8, cb=0x18 | out: lpmodinfo=0x271cfd8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0151.017] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.017] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0151.018] CoTaskMemFree (pv=0x69a130) [0151.018] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.018] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0151.018] CoTaskMemFree (pv=0x69a130) [0151.018] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x271f180, cb=0x18 | out: lpmodinfo=0x271f180*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0151.019] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.019] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0151.019] CoTaskMemFree (pv=0x69a130) [0151.019] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.019] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0151.020] CoTaskMemFree (pv=0x69a130) [0151.020] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x2721338, cb=0x18 | out: lpmodinfo=0x2721338*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0151.021] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.021] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0151.021] CoTaskMemFree (pv=0x69a130) [0151.021] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.021] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0151.022] CoTaskMemFree (pv=0x69a130) [0151.022] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x27234f0, cb=0x18 | out: lpmodinfo=0x27234f0*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0151.023] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.023] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0151.024] CoTaskMemFree (pv=0x69a130) [0151.024] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.024] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0151.025] CoTaskMemFree (pv=0x69a130) [0151.025] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x27256f0, cb=0x18 | out: lpmodinfo=0x27256f0*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0151.026] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.026] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0151.026] CoTaskMemFree (pv=0x69a130) [0151.026] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.026] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0151.027] CoTaskMemFree (pv=0x69a130) [0151.027] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x2727898, cb=0x18 | out: lpmodinfo=0x2727898*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0151.028] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.028] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0151.029] CoTaskMemFree (pv=0x69a130) [0151.029] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.029] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0151.030] CoTaskMemFree (pv=0x69a130) [0151.030] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x2729a40, cb=0x18 | out: lpmodinfo=0x2729a40*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0151.031] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.031] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0151.032] CoTaskMemFree (pv=0x69a130) [0151.032] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.032] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0151.033] CoTaskMemFree (pv=0x69a130) [0151.033] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x272bbf8, cb=0x18 | out: lpmodinfo=0x272bbf8*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0151.034] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.034] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0151.035] CoTaskMemFree (pv=0x69a130) [0151.035] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.035] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0151.036] CoTaskMemFree (pv=0x69a130) [0151.036] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x272de48, cb=0x18 | out: lpmodinfo=0x272de48*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0151.037] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.037] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0151.038] CoTaskMemFree (pv=0x69a130) [0151.038] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.038] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0151.039] CoTaskMemFree (pv=0x69a130) [0151.040] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x272fff0, cb=0x18 | out: lpmodinfo=0x272fff0*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0151.041] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.041] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0151.042] CoTaskMemFree (pv=0x69a130) [0151.042] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.042] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0151.043] CoTaskMemFree (pv=0x69a130) [0151.043] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x2732198, cb=0x18 | out: lpmodinfo=0x2732198*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0151.044] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.044] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0151.045] CoTaskMemFree (pv=0x69a130) [0151.045] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.045] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0151.047] CoTaskMemFree (pv=0x69a130) [0151.047] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x2734340, cb=0x18 | out: lpmodinfo=0x2734340*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0151.048] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.048] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0151.049] CoTaskMemFree (pv=0x69a130) [0151.049] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.049] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0151.052] CoTaskMemFree (pv=0x69a130) [0151.052] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpmodinfo=0x27364e8, cb=0x18 | out: lpmodinfo=0x27364e8*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0151.054] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.054] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0151.055] CoTaskMemFree (pv=0x69a130) [0151.055] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.055] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0151.057] CoTaskMemFree (pv=0x69a130) [0151.057] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpmodinfo=0x2738690, cb=0x18 | out: lpmodinfo=0x2738690*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0151.058] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.058] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="winsta.dll") returned 0xa [0151.060] CoTaskMemFree (pv=0x69a130) [0151.060] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.060] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0151.061] CoTaskMemFree (pv=0x69a130) [0151.061] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b010000, lpmodinfo=0x273a838, cb=0x18 | out: lpmodinfo=0x273a838*(lpBaseOfDll=0x7ff87b010000, SizeOfImage=0x1a000, EntryPoint=0x7ff87b017d00)) returned 1 [0151.063] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.063] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b010000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="UXINIT.dll") returned 0xa [0151.064] CoTaskMemFree (pv=0x69a130) [0151.064] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.064] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b010000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UXINIT.dll" (normalized: "c:\\windows\\system32\\uxinit.dll")) returned 0x1e [0151.066] CoTaskMemFree (pv=0x69a130) [0151.066] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c650000, lpmodinfo=0x273c9e0, cb=0x18 | out: lpmodinfo=0x273c9e0*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0151.067] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.067] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c650000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0151.078] CoTaskMemFree (pv=0x69a130) [0151.078] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.078] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c650000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0151.080] CoTaskMemFree (pv=0x69a130) [0151.080] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x273eca0, cb=0x18 | out: lpmodinfo=0x273eca0*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0151.082] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.082] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0151.085] CoTaskMemFree (pv=0x69a130) [0151.085] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.085] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0151.087] CoTaskMemFree (pv=0x69a130) [0151.087] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x2740e48, cb=0x18 | out: lpmodinfo=0x2740e48*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0151.089] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.089] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0151.091] CoTaskMemFree (pv=0x69a130) [0151.091] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.091] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0151.092] CoTaskMemFree (pv=0x69a130) [0151.092] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87af40000, lpmodinfo=0x2743020, cb=0x18 | out: lpmodinfo=0x2743020*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0151.094] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.094] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87af40000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="UxTheme.dll") returned 0xb [0151.096] CoTaskMemFree (pv=0x69a130) [0151.096] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.096] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87af40000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UxTheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0151.098] CoTaskMemFree (pv=0x69a130) [0151.098] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d170000, lpmodinfo=0x27451c8, cb=0x18 | out: lpmodinfo=0x27451c8*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0151.100] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.100] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d170000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0151.102] CoTaskMemFree (pv=0x69a130) [0151.102] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.102] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d170000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0151.104] CoTaskMemFree (pv=0x69a130) [0151.104] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpmodinfo=0x2747370, cb=0x18 | out: lpmodinfo=0x2747370*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0151.106] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.106] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0151.108] CoTaskMemFree (pv=0x69a130) [0151.108] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.108] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0151.110] CoTaskMemFree (pv=0x69a130) [0151.110] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bc10000, lpmodinfo=0x2749518, cb=0x18 | out: lpmodinfo=0x2749518*(lpBaseOfDll=0x7ff87bc10000, SizeOfImage=0xa000, EntryPoint=0x7ff87bc11830)) returned 1 [0151.112] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.112] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bc10000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="DPAPI.dll") returned 0x9 [0151.114] CoTaskMemFree (pv=0x69a130) [0151.114] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.114] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bc10000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DPAPI.dll" (normalized: "c:\\windows\\system32\\dpapi.dll")) returned 0x1d [0151.116] CoTaskMemFree (pv=0x69a130) [0151.116] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c060000, lpmodinfo=0x274b6c0, cb=0x18 | out: lpmodinfo=0x274b6c0*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0151.119] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.119] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c060000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0151.121] CoTaskMemFree (pv=0x69a130) [0151.121] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.121] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c060000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0151.123] CoTaskMemFree (pv=0x69a130) [0151.123] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87af20000, lpmodinfo=0x274d878, cb=0x18 | out: lpmodinfo=0x274d878*(lpBaseOfDll=0x7ff87af20000, SizeOfImage=0x14000, EntryPoint=0x7ff87af24530)) returned 1 [0151.125] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.125] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87af20000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="dwminit.dll") returned 0xb [0151.128] CoTaskMemFree (pv=0x69a130) [0151.128] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.128] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87af20000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dwminit.dll" (normalized: "c:\\windows\\system32\\dwminit.dll")) returned 0x1f [0151.131] CoTaskMemFree (pv=0x69a130) [0151.131] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x274fa20, cb=0x18 | out: lpmodinfo=0x274fa20*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0151.133] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.133] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0151.135] CoTaskMemFree (pv=0x69a130) [0151.135] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.135] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0151.137] CoTaskMemFree (pv=0x69a130) [0151.137] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87aa90000, lpmodinfo=0x2751bc8, cb=0x18 | out: lpmodinfo=0x2751bc8*(lpBaseOfDll=0x7ff87aa90000, SizeOfImage=0x79000, EntryPoint=0x7ff87aaafb90)) returned 1 [0151.140] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.140] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87aa90000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0151.143] CoTaskMemFree (pv=0x69a130) [0151.143] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.143] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87aa90000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0151.145] CoTaskMemFree (pv=0x69a130) [0151.145] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875b40000, lpmodinfo=0x2753d70, cb=0x18 | out: lpmodinfo=0x2753d70*(lpBaseOfDll=0x7ff875b40000, SizeOfImage=0x10000, EntryPoint=0x7ff875b42c60)) returned 1 [0151.147] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.147] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875b40000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="usermgrcli.dll") returned 0xe [0151.150] CoTaskMemFree (pv=0x69a130) [0151.150] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.150] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875b40000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")) returned 0x22 [0151.153] CoTaskMemFree (pv=0x69a130) [0151.153] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bab0000, lpmodinfo=0x2755f28, cb=0x18 | out: lpmodinfo=0x2755f28*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0151.155] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.155] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0151.158] CoTaskMemFree (pv=0x69a130) [0151.158] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.158] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0151.160] CoTaskMemFree (pv=0x69a130) [0151.160] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874540000, lpmodinfo=0x27580d0, cb=0x18 | out: lpmodinfo=0x27580d0*(lpBaseOfDll=0x7ff874540000, SizeOfImage=0x1b000, EntryPoint=0x7ff874541040)) returned 1 [0151.163] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.163] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874540000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="MPR.dll") returned 0x7 [0151.166] CoTaskMemFree (pv=0x69a130) [0151.166] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.166] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874540000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MPR.dll" (normalized: "c:\\windows\\system32\\mpr.dll")) returned 0x1b [0151.168] CoTaskMemFree (pv=0x69a130) [0151.169] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874530000, lpmodinfo=0x275a268, cb=0x18 | out: lpmodinfo=0x275a268*(lpBaseOfDll=0x7ff874530000, SizeOfImage=0xb000, EntryPoint=0x7ff874531a40)) returned 1 [0151.172] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.172] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874530000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="drprov.dll") returned 0xa [0151.175] CoTaskMemFree (pv=0x69a130) [0151.175] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.175] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874530000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll")) returned 0x1e [0151.179] CoTaskMemFree (pv=0x69a130) [0151.179] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874510000, lpmodinfo=0x256c628, cb=0x18 | out: lpmodinfo=0x256c628*(lpBaseOfDll=0x7ff874510000, SizeOfImage=0x16000, EntryPoint=0x7ff874513380)) returned 1 [0151.182] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.182] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874510000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="ntlanman.dll") returned 0xc [0151.185] CoTaskMemFree (pv=0x69a130) [0151.185] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.185] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874510000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll")) returned 0x20 [0151.188] CoTaskMemFree (pv=0x69a130) [0151.188] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8744f0000, lpmodinfo=0x256e7e0, cb=0x18 | out: lpmodinfo=0x256e7e0*(lpBaseOfDll=0x7ff8744f0000, SizeOfImage=0x20000, EntryPoint=0x7ff8744f1920)) returned 1 [0151.191] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.191] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8744f0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="davclnt.dll") returned 0xb [0151.194] CoTaskMemFree (pv=0x69a130) [0151.194] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.194] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8744f0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll")) returned 0x1f [0151.196] CoTaskMemFree (pv=0x69a130) [0151.197] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8744e0000, lpmodinfo=0x2570ba0, cb=0x18 | out: lpmodinfo=0x2570ba0*(lpBaseOfDll=0x7ff8744e0000, SizeOfImage=0xc000, EntryPoint=0x7ff8744e1860)) returned 1 [0151.199] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.199] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8744e0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="DAVHLPR.dll") returned 0xb [0151.202] CoTaskMemFree (pv=0x69a130) [0151.202] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.202] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8744e0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DAVHLPR.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll")) returned 0x1f [0151.204] CoTaskMemFree (pv=0x69a130) [0151.205] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8744d0000, lpmodinfo=0x2572d48, cb=0x18 | out: lpmodinfo=0x2572d48*(lpBaseOfDll=0x7ff8744d0000, SizeOfImage=0xa000, EntryPoint=0x7ff8744d1010)) returned 1 [0151.210] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.210] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8744d0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="mprext.dll") returned 0xa [0151.213] CoTaskMemFree (pv=0x69a130) [0151.213] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.213] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8744d0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mprext.dll" (normalized: "c:\\windows\\system32\\mprext.dll")) returned 0x1e [0151.224] CoTaskMemFree (pv=0x69a130) [0151.224] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8744b0000, lpmodinfo=0x2574ef0, cb=0x18 | out: lpmodinfo=0x2574ef0*(lpBaseOfDll=0x7ff8744b0000, SizeOfImage=0x12000, EntryPoint=0x7ff8744b3580)) returned 1 [0151.227] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.227] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8744b0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="cscapi.dll") returned 0xa [0151.230] CoTaskMemFree (pv=0x69a130) [0151.230] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.230] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8744b0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")) returned 0x1e [0151.233] CoTaskMemFree (pv=0x69a130) [0151.233] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpmodinfo=0x2577098, cb=0x18 | out: lpmodinfo=0x2577098*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0151.236] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.236] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0151.239] CoTaskMemFree (pv=0x69a130) [0151.239] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.239] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0151.242] CoTaskMemFree (pv=0x69a130) [0151.242] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875230000, lpmodinfo=0x2579250, cb=0x18 | out: lpmodinfo=0x2579250*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff875231b60)) returned 1 [0151.245] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.245] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875230000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0151.249] CoTaskMemFree (pv=0x69a130) [0151.249] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.249] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875230000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0151.252] CoTaskMemFree (pv=0x69a130) [0151.252] CloseHandle (hObject=0x260) returned 1 [0151.253] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0151.253] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1224) returned 0x260 [0151.253] EnumProcessModules (in: hProcess=0x260, lphModule=0x257c458, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x257c458, lpcbNeeded=0x14ef68) returned 1 [0151.253] GetModuleInformation (in: hProcess=0x260, hModule=0xee0000, lpmodinfo=0x257c6c8, cb=0x18 | out: lpmodinfo=0x257c6c8*(lpBaseOfDll=0xee0000, SizeOfImage=0xca000, EntryPoint=0xee3a40)) returned 1 [0151.254] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.254] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xee0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="IEXPLORE.EXE") returned 0xc [0151.254] CoTaskMemFree (pv=0x69a130) [0151.254] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.254] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xee0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\IEXPLORE.EXE" (normalized: "c:\\program files (x86)\\internet explorer\\iexplore.exe")) returned 0x35 [0151.255] CoTaskMemFree (pv=0x69a130) [0151.255] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x257e8e0, cb=0x18 | out: lpmodinfo=0x257e8e0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0151.255] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.255] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0151.255] CoTaskMemFree (pv=0x69a130) [0151.256] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.256] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0151.256] CoTaskMemFree (pv=0x69a130) [0151.256] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x2580a88, cb=0x18 | out: lpmodinfo=0x2580a88*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0151.256] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.256] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0151.257] CoTaskMemFree (pv=0x69a130) [0151.257] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.257] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0151.258] CoTaskMemFree (pv=0x69a130) [0151.258] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x2582c30, cb=0x18 | out: lpmodinfo=0x2582c30*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0151.258] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.258] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0151.259] CoTaskMemFree (pv=0x69a130) [0151.259] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.259] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0151.260] CoTaskMemFree (pv=0x69a130) [0151.260] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x2584de8, cb=0x18 | out: lpmodinfo=0x2584de8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0151.260] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.260] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0151.261] CoTaskMemFree (pv=0x69a130) [0151.261] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.261] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0151.262] CoTaskMemFree (pv=0x69a130) [0151.262] CloseHandle (hObject=0x260) returned 1 [0151.262] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0151.262] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x12e8) returned 0x260 [0151.262] EnumProcessModules (in: hProcess=0x260, lphModule=0x2587500, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2587500, lpcbNeeded=0x14ef68) returned 1 [0151.266] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff623080000, lpmodinfo=0x2587770, cb=0x18 | out: lpmodinfo=0x2587770*(lpBaseOfDll=0x7ff623080000, SizeOfImage=0x7000, EntryPoint=0x7ff623081460)) returned 1 [0151.266] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.266] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff623080000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="backgroundTaskHost.exe") returned 0x16 [0151.266] CoTaskMemFree (pv=0x69a130) [0151.266] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.266] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff623080000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\backgroundTaskHost.exe" (normalized: "c:\\windows\\system32\\backgroundtaskhost.exe")) returned 0x2a [0151.267] CoTaskMemFree (pv=0x69a130) [0151.267] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2589980, cb=0x18 | out: lpmodinfo=0x2589980*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0151.267] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.267] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0151.268] CoTaskMemFree (pv=0x69a130) [0151.268] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.268] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0151.268] CoTaskMemFree (pv=0x69a130) [0151.268] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x258bb28, cb=0x18 | out: lpmodinfo=0x258bb28*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0151.269] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.269] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0151.269] CoTaskMemFree (pv=0x69a130) [0151.269] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.269] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0151.270] CoTaskMemFree (pv=0x69a130) [0151.270] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x258dce0, cb=0x18 | out: lpmodinfo=0x258dce0*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0151.271] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.271] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0151.271] CoTaskMemFree (pv=0x69a130) [0151.271] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.271] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0151.272] CoTaskMemFree (pv=0x69a130) [0151.272] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x258fe98, cb=0x18 | out: lpmodinfo=0x258fe98*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0151.272] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.272] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0151.273] CoTaskMemFree (pv=0x69a130) [0151.273] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.273] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0151.274] CoTaskMemFree (pv=0x69a130) [0151.274] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x2592098, cb=0x18 | out: lpmodinfo=0x2592098*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0151.274] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.274] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0151.275] CoTaskMemFree (pv=0x69a130) [0151.275] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.275] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0151.276] CoTaskMemFree (pv=0x69a130) [0151.276] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x2594240, cb=0x18 | out: lpmodinfo=0x2594240*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0151.277] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.277] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0151.278] CoTaskMemFree (pv=0x69a130) [0151.278] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.278] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0151.279] CoTaskMemFree (pv=0x69a130) [0151.279] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x25963e8, cb=0x18 | out: lpmodinfo=0x25963e8*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0151.280] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.280] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0151.281] CoTaskMemFree (pv=0x69a130) [0151.281] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.281] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0151.282] CoTaskMemFree (pv=0x69a130) [0151.282] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x25985c0, cb=0x18 | out: lpmodinfo=0x25985c0*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0151.283] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.283] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0151.284] CoTaskMemFree (pv=0x69a130) [0151.284] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.284] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0151.286] CoTaskMemFree (pv=0x69a130) [0151.286] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpmodinfo=0x259a820, cb=0x18 | out: lpmodinfo=0x259a820*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0151.287] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.287] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0151.288] CoTaskMemFree (pv=0x69a130) [0151.288] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.288] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0151.290] CoTaskMemFree (pv=0x69a130) [0151.290] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x259c9e8, cb=0x18 | out: lpmodinfo=0x259c9e8*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0151.291] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.291] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0151.292] CoTaskMemFree (pv=0x69a130) [0151.292] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.292] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0151.293] CoTaskMemFree (pv=0x69a130) [0151.293] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x259eb90, cb=0x18 | out: lpmodinfo=0x259eb90*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0151.294] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.294] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0151.295] CoTaskMemFree (pv=0x69a130) [0151.295] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.295] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0151.297] CoTaskMemFree (pv=0x69a130) [0151.297] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff876870000, lpmodinfo=0x25a0d38, cb=0x18 | out: lpmodinfo=0x25a0d38*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0151.298] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.298] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff876870000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="WinTypes.dll") returned 0xc [0151.299] CoTaskMemFree (pv=0x69a130) [0151.299] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.299] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff876870000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0151.301] CoTaskMemFree (pv=0x69a130) [0151.301] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c650000, lpmodinfo=0x25a2ef0, cb=0x18 | out: lpmodinfo=0x25a2ef0*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0151.302] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.302] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c650000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0151.303] CoTaskMemFree (pv=0x69a130) [0151.303] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.303] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c650000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0151.305] CoTaskMemFree (pv=0x69a130) [0151.305] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x25a5098, cb=0x18 | out: lpmodinfo=0x25a5098*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0151.306] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.306] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0151.308] CoTaskMemFree (pv=0x69a130) [0151.308] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.308] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0151.309] CoTaskMemFree (pv=0x69a130) [0151.310] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x25a7240, cb=0x18 | out: lpmodinfo=0x25a7240*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0151.311] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.311] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0151.313] CoTaskMemFree (pv=0x69a130) [0151.313] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.313] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0151.314] CoTaskMemFree (pv=0x69a130) [0151.314] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpmodinfo=0x25a93e8, cb=0x18 | out: lpmodinfo=0x25a93e8*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0151.316] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.316] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0151.317] CoTaskMemFree (pv=0x69a130) [0151.317] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.317] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0151.319] CoTaskMemFree (pv=0x69a130) [0151.319] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff877aa0000, lpmodinfo=0x25ab6a8, cb=0x18 | out: lpmodinfo=0x25ab6a8*(lpBaseOfDll=0x7ff877aa0000, SizeOfImage=0x10e000, EntryPoint=0x7ff877aeeaa0)) returned 1 [0151.321] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.321] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff877aa0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="mrmcorer.dll") returned 0xc [0151.322] CoTaskMemFree (pv=0x69a130) [0151.322] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.322] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff877aa0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mrmcorer.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")) returned 0x20 [0151.324] CoTaskMemFree (pv=0x69a130) [0151.324] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879c90000, lpmodinfo=0x25ad860, cb=0x18 | out: lpmodinfo=0x25ad860*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0151.326] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.326] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879c90000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0151.328] CoTaskMemFree (pv=0x69a130) [0151.328] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.328] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879c90000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0151.329] CoTaskMemFree (pv=0x69a130) [0151.329] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878e40000, lpmodinfo=0x25afa18, cb=0x18 | out: lpmodinfo=0x25afa18*(lpBaseOfDll=0x7ff878e40000, SizeOfImage=0x33000, EntryPoint=0x7ff878e4d5a0)) returned 1 [0151.331] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.331] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878e40000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="biwinrt.dll") returned 0xb [0151.333] CoTaskMemFree (pv=0x69a130) [0151.333] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.333] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878e40000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\biwinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll")) returned 0x1f [0151.335] CoTaskMemFree (pv=0x69a130) [0151.335] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8603c0000, lpmodinfo=0x25b1bc0, cb=0x18 | out: lpmodinfo=0x25b1bc0*(lpBaseOfDll=0x7ff8603c0000, SizeOfImage=0x2f7000, EntryPoint=0x7ff860566b00)) returned 1 [0151.337] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.337] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8603c0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="ContentDeliveryManager.Background.dll") returned 0x25 [0151.339] CoTaskMemFree (pv=0x69a130) [0151.339] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.339] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8603c0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\ContentDeliveryManager.Background.dll" (normalized: "c:\\windows\\systemapps\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\contentdeliverymanager.background.dll")) returned 0x72 [0151.340] CoTaskMemFree (pv=0x69a130) [0151.340] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x25b3e48, cb=0x18 | out: lpmodinfo=0x25b3e48*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0151.342] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.342] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0151.344] CoTaskMemFree (pv=0x69a130) [0151.344] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.344] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0151.346] CoTaskMemFree (pv=0x69a130) [0151.346] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d650000, lpmodinfo=0x25b6000, cb=0x18 | out: lpmodinfo=0x25b6000*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0151.348] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.348] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d650000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="shell32.dll") returned 0xb [0151.350] CoTaskMemFree (pv=0x69a130) [0151.350] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.350] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d650000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shell32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0151.352] CoTaskMemFree (pv=0x69a130) [0151.353] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x25b81a8, cb=0x18 | out: lpmodinfo=0x25b81a8*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0151.355] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.355] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0151.358] CoTaskMemFree (pv=0x69a130) [0151.358] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.358] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0151.360] CoTaskMemFree (pv=0x69a130) [0151.360] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c760000, lpmodinfo=0x25ba360, cb=0x18 | out: lpmodinfo=0x25ba360*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0151.362] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.362] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c760000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0151.364] CoTaskMemFree (pv=0x69a130) [0151.364] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.364] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c760000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0151.367] CoTaskMemFree (pv=0x69a130) [0151.367] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fb50000, lpmodinfo=0x25bc528, cb=0x18 | out: lpmodinfo=0x25bc528*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0151.369] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.369] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0151.371] CoTaskMemFree (pv=0x69a130) [0151.371] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.371] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0151.374] CoTaskMemFree (pv=0x69a130) [0151.374] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x25be6d0, cb=0x18 | out: lpmodinfo=0x25be6d0*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0151.376] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.376] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0151.378] CoTaskMemFree (pv=0x69a130) [0151.378] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.378] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0151.381] CoTaskMemFree (pv=0x69a130) [0151.381] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x25c0888, cb=0x18 | out: lpmodinfo=0x25c0888*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0151.384] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.384] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0151.386] CoTaskMemFree (pv=0x69a130) [0151.386] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.387] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0151.389] CoTaskMemFree (pv=0x69a130) [0151.389] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpmodinfo=0x25c2a30, cb=0x18 | out: lpmodinfo=0x25c2a30*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0151.392] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.392] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0151.394] CoTaskMemFree (pv=0x69a130) [0151.394] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.394] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0151.397] CoTaskMemFree (pv=0x69a130) [0151.397] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x25c4bd8, cb=0x18 | out: lpmodinfo=0x25c4bd8*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0151.399] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.399] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0151.402] CoTaskMemFree (pv=0x69a130) [0151.402] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.402] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0151.405] CoTaskMemFree (pv=0x69a130) [0151.405] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x25c6d90, cb=0x18 | out: lpmodinfo=0x25c6d90*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0151.407] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.407] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0151.415] CoTaskMemFree (pv=0x69a130) [0151.415] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.415] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0151.418] CoTaskMemFree (pv=0x69a130) [0151.418] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ad80000, lpmodinfo=0x25c8f38, cb=0x18 | out: lpmodinfo=0x25c8f38*(lpBaseOfDll=0x7ff87ad80000, SizeOfImage=0x25000, EntryPoint=0x7ff87ad95220)) returned 1 [0151.421] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.421] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ad80000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="SLC.dll") returned 0x7 [0151.423] CoTaskMemFree (pv=0x69a130) [0151.423] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.423] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ad80000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SLC.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0151.428] CoTaskMemFree (pv=0x69a130) [0151.428] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8740b0000, lpmodinfo=0x25cb0d0, cb=0x18 | out: lpmodinfo=0x25cb0d0*(lpBaseOfDll=0x7ff8740b0000, SizeOfImage=0x4b000, EntryPoint=0x7ff8740c7b70)) returned 1 [0151.431] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.431] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8740b0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="VEEventDispatcher.dll") returned 0x15 [0151.434] CoTaskMemFree (pv=0x69a130) [0151.434] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.434] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8740b0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll")) returned 0x29 [0151.436] CoTaskMemFree (pv=0x69a130) [0151.436] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878830000, lpmodinfo=0x25cd4c0, cb=0x18 | out: lpmodinfo=0x25cd4c0*(lpBaseOfDll=0x7ff878830000, SizeOfImage=0x55000, EntryPoint=0x7ff878833fb0)) returned 1 [0151.439] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.439] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878830000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="policymanager.dll") returned 0x11 [0151.442] CoTaskMemFree (pv=0x69a130) [0151.442] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.442] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878830000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")) returned 0x25 [0151.445] CoTaskMemFree (pv=0x69a130) [0151.445] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff877bb0000, lpmodinfo=0x25cf688, cb=0x18 | out: lpmodinfo=0x25cf688*(lpBaseOfDll=0x7ff877bb0000, SizeOfImage=0x6a000, EntryPoint=0x7ff877bb9d60)) returned 1 [0151.448] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.448] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff877bb0000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="wincorlib.DLL") returned 0xd [0151.451] CoTaskMemFree (pv=0x69a130) [0151.451] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.451] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff877bb0000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wincorlib.DLL" (normalized: "c:\\windows\\system32\\wincorlib.dll")) returned 0x21 [0151.454] CoTaskMemFree (pv=0x69a130) [0151.454] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ad20000, lpmodinfo=0x25d1840, cb=0x18 | out: lpmodinfo=0x25d1840*(lpBaseOfDll=0x7ff87ad20000, SizeOfImage=0x25000, EntryPoint=0x7ff87ad22300)) returned 1 [0151.457] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.457] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ad20000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="sppc.dll") returned 0x8 [0151.461] CoTaskMemFree (pv=0x69a130) [0151.461] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.461] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ad20000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll")) returned 0x1c [0151.464] CoTaskMemFree (pv=0x69a130) [0151.464] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878e80000, lpmodinfo=0x25d39e8, cb=0x18 | out: lpmodinfo=0x25d39e8*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0151.467] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.467] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878e80000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0151.469] CoTaskMemFree (pv=0x69a130) [0151.470] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.470] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878e80000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0151.472] CoTaskMemFree (pv=0x69a130) [0151.472] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c060000, lpmodinfo=0x25d5bb0, cb=0x18 | out: lpmodinfo=0x25d5bb0*(lpBaseOfDll=0x7ff86c060000, SizeOfImage=0x55000, EntryPoint=0x7ff86c071250)) returned 1 [0151.476] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.476] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c060000, lpBaseName=0x69a130, nSize=0x800 | out: lpBaseName="Windows.Storage.ApplicationData.dll") returned 0x23 [0151.479] CoTaskMemFree (pv=0x69a130) [0151.479] CoTaskMemAlloc (cb=0x804) returned 0x69a130 [0151.479] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c060000, lpFilename=0x69a130, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll" (normalized: "c:\\windows\\system32\\windows.storage.applicationdata.dll")) returned 0x37 [0151.482] CoTaskMemFree (pv=0x69a130) [0151.482] CloseHandle (hObject=0x260) returned 1 [0151.483] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0151.483] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd84) returned 0x260 [0151.484] EnumProcessModules (in: hProcess=0x260, lphModule=0x25d8e18, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25d8e18, lpcbNeeded=0x14ef68) returned 1 [0151.485] GetModuleInformation (in: hProcess=0x260, hModule=0x80000, lpmodinfo=0x25d9088, cb=0x18 | out: lpmodinfo=0x25d9088*(lpBaseOfDll=0x80000, SizeOfImage=0x17000, EntryPoint=0x814a1)) returned 1 [0151.485] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.485] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="on-song.exe") returned 0xb [0151.486] CoTaskMemFree (pv=0x698010) [0151.486] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.486] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Program Files\\MSBuild\\on-song.exe" (normalized: "c:\\program files\\msbuild\\on-song.exe")) returned 0x24 [0151.486] CoTaskMemFree (pv=0x698010) [0151.486] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25db278, cb=0x18 | out: lpmodinfo=0x25db278*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0151.487] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.487] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0151.487] CoTaskMemFree (pv=0x698010) [0151.487] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.487] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0151.488] CoTaskMemFree (pv=0x698010) [0151.488] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x25dd420, cb=0x18 | out: lpmodinfo=0x25dd420*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0151.488] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.488] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0151.489] CoTaskMemFree (pv=0x698010) [0151.489] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.489] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0151.490] CoTaskMemFree (pv=0x698010) [0151.490] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x25df5c8, cb=0x18 | out: lpmodinfo=0x25df5c8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0151.490] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.490] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0151.491] CoTaskMemFree (pv=0x698010) [0151.491] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.491] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0151.491] CoTaskMemFree (pv=0x698010) [0151.491] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x25e1780, cb=0x18 | out: lpmodinfo=0x25e1780*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0151.498] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.499] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0151.500] CoTaskMemFree (pv=0x698010) [0151.500] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.500] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0151.500] CoTaskMemFree (pv=0x698010) [0151.500] CloseHandle (hObject=0x260) returned 1 [0151.501] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0151.501] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1094) returned 0x260 [0151.501] EnumProcessModules (in: hProcess=0x260, lphModule=0x25e3e98, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25e3e98, lpcbNeeded=0x14ef68) returned 1 [0151.503] GetModuleInformation (in: hProcess=0x260, hModule=0x1230000, lpmodinfo=0x25e4108, cb=0x18 | out: lpmodinfo=0x25e4108*(lpBaseOfDll=0x1230000, SizeOfImage=0x17000, EntryPoint=0x12314a1)) returned 1 [0151.503] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.503] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x1230000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="scriptftp.exe") returned 0xd [0151.503] CoTaskMemFree (pv=0x698010) [0151.503] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.503] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x1230000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Multimedia Platform\\scriptftp.exe" (normalized: "c:\\program files (x86)\\windows multimedia platform\\scriptftp.exe")) returned 0x40 [0151.504] CoTaskMemFree (pv=0x698010) [0151.504] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25e6338, cb=0x18 | out: lpmodinfo=0x25e6338*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0151.504] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.504] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0151.505] CoTaskMemFree (pv=0x698010) [0151.505] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.505] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0151.506] CoTaskMemFree (pv=0x698010) [0151.506] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x25e84e0, cb=0x18 | out: lpmodinfo=0x25e84e0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0151.506] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.506] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0151.507] CoTaskMemFree (pv=0x698010) [0151.507] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.507] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0151.507] CoTaskMemFree (pv=0x698010) [0151.507] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x25ea688, cb=0x18 | out: lpmodinfo=0x25ea688*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0151.508] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.508] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0151.509] CoTaskMemFree (pv=0x698010) [0151.509] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.509] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0151.509] CoTaskMemFree (pv=0x698010) [0151.509] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x25ec840, cb=0x18 | out: lpmodinfo=0x25ec840*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0151.510] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.510] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0151.511] CoTaskMemFree (pv=0x698010) [0151.511] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.511] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0151.511] CoTaskMemFree (pv=0x698010) [0151.512] CloseHandle (hObject=0x260) returned 1 [0151.512] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0151.512] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x35c) returned 0x260 [0151.512] EnumProcessModules (in: hProcess=0x260, lphModule=0x25eef58, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25eef58, lpcbNeeded=0x14ef68) returned 1 [0151.519] EnumProcessModules (in: hProcess=0x260, lphModule=0x25ef170, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x25ef170, lpcbNeeded=0x14ef68) returned 1 [0151.525] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff6a3140000, lpmodinfo=0x25ef5e0, cb=0x18 | out: lpmodinfo=0x25ef5e0*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0151.525] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.525] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0151.526] CoTaskMemFree (pv=0x698010) [0151.526] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.526] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0151.526] CoTaskMemFree (pv=0x698010) [0151.526] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25f17c0, cb=0x18 | out: lpmodinfo=0x25f17c0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0151.527] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.527] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0151.527] CoTaskMemFree (pv=0x698010) [0151.527] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.527] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0151.528] CoTaskMemFree (pv=0x698010) [0151.528] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x25f3968, cb=0x18 | out: lpmodinfo=0x25f3968*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0151.528] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.528] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0151.529] CoTaskMemFree (pv=0x698010) [0151.529] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.529] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0151.529] CoTaskMemFree (pv=0x698010) [0151.529] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x25f5b20, cb=0x18 | out: lpmodinfo=0x25f5b20*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0151.530] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.530] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0151.531] CoTaskMemFree (pv=0x698010) [0151.531] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.531] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0151.531] CoTaskMemFree (pv=0x698010) [0151.531] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x25f7cd8, cb=0x18 | out: lpmodinfo=0x25f7cd8*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0151.532] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.532] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0151.533] CoTaskMemFree (pv=0x698010) [0151.533] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.533] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0151.533] CoTaskMemFree (pv=0x698010) [0151.533] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x25f9ed8, cb=0x18 | out: lpmodinfo=0x25f9ed8*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0151.534] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.534] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0151.535] CoTaskMemFree (pv=0x698010) [0151.535] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.535] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0151.535] CoTaskMemFree (pv=0x698010) [0151.535] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b760000, lpmodinfo=0x25fc080, cb=0x18 | out: lpmodinfo=0x25fc080*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0151.536] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.536] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b760000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0151.537] CoTaskMemFree (pv=0x698010) [0151.537] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.537] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b760000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0151.538] CoTaskMemFree (pv=0x698010) [0151.538] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x25fe238, cb=0x18 | out: lpmodinfo=0x25fe238*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0151.539] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.539] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0151.540] CoTaskMemFree (pv=0x698010) [0151.540] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.540] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0151.541] CoTaskMemFree (pv=0x698010) [0151.541] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x26003e0, cb=0x18 | out: lpmodinfo=0x26003e0*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0151.542] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.542] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0151.543] CoTaskMemFree (pv=0x698010) [0151.543] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.543] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0151.544] CoTaskMemFree (pv=0x698010) [0151.544] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x2602620, cb=0x18 | out: lpmodinfo=0x2602620*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0151.545] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.545] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0151.546] CoTaskMemFree (pv=0x698010) [0151.546] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.546] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0151.547] CoTaskMemFree (pv=0x698010) [0151.547] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x26047f8, cb=0x18 | out: lpmodinfo=0x26047f8*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0151.549] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.549] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0151.550] CoTaskMemFree (pv=0x698010) [0151.550] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.550] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0151.551] CoTaskMemFree (pv=0x698010) [0151.551] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x26069c0, cb=0x18 | out: lpmodinfo=0x26069c0*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0151.552] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.552] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0151.554] CoTaskMemFree (pv=0x698010) [0151.554] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.554] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0151.555] CoTaskMemFree (pv=0x698010) [0151.555] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x2608b68, cb=0x18 | out: lpmodinfo=0x2608b68*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0151.556] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.556] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0151.557] CoTaskMemFree (pv=0x698010) [0151.558] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.558] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0151.559] CoTaskMemFree (pv=0x698010) [0151.559] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpmodinfo=0x260ad10, cb=0x18 | out: lpmodinfo=0x260ad10*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0151.560] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.561] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="coremessaging.dll") returned 0x11 [0151.562] CoTaskMemFree (pv=0x698010) [0151.562] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.562] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\coremessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0151.563] CoTaskMemFree (pv=0x698010) [0151.563] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8748f0000, lpmodinfo=0x260ced8, cb=0x18 | out: lpmodinfo=0x260ced8*(lpBaseOfDll=0x7ff8748f0000, SizeOfImage=0xcb000, EntryPoint=0x7ff8749187f0)) returned 1 [0151.565] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.565] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8748f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bfe.dll") returned 0x7 [0151.566] CoTaskMemFree (pv=0x698010) [0151.566] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.566] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8748f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bfe.dll" (normalized: "c:\\windows\\system32\\bfe.dll")) returned 0x1b [0151.568] CoTaskMemFree (pv=0x698010) [0151.568] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87eed0000, lpmodinfo=0x260f070, cb=0x18 | out: lpmodinfo=0x260f070*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0151.569] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.569] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0151.571] CoTaskMemFree (pv=0x698010) [0151.571] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.571] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0151.573] CoTaskMemFree (pv=0x698010) [0151.573] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b8b0000, lpmodinfo=0x2611218, cb=0x18 | out: lpmodinfo=0x2611218*(lpBaseOfDll=0x7ff87b8b0000, SizeOfImage=0x49000, EntryPoint=0x7ff87b8ba090)) returned 1 [0151.575] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.575] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b8b0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="AUTHZ.dll") returned 0x9 [0151.577] CoTaskMemFree (pv=0x698010) [0151.577] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.577] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b8b0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\AUTHZ.dll" (normalized: "c:\\windows\\system32\\authz.dll")) returned 0x1d [0151.579] CoTaskMemFree (pv=0x698010) [0151.579] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x26134d8, cb=0x18 | out: lpmodinfo=0x26134d8*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0151.580] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.580] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0151.582] CoTaskMemFree (pv=0x698010) [0151.582] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.582] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0151.584] CoTaskMemFree (pv=0x698010) [0151.584] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8788f0000, lpmodinfo=0x2615680, cb=0x18 | out: lpmodinfo=0x2615680*(lpBaseOfDll=0x7ff8788f0000, SizeOfImage=0x64000, EntryPoint=0x7ff878905ae0)) returned 1 [0151.586] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.586] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8788f0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0151.589] CoTaskMemFree (pv=0x698010) [0151.589] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.589] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8788f0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0151.591] CoTaskMemFree (pv=0x698010) [0151.591] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x2617828, cb=0x18 | out: lpmodinfo=0x2617828*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0151.593] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.593] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0151.594] CoTaskMemFree (pv=0x698010) [0151.594] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.594] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0151.596] CoTaskMemFree (pv=0x698010) [0151.596] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872460000, lpmodinfo=0x26199d0, cb=0x18 | out: lpmodinfo=0x26199d0*(lpBaseOfDll=0x7ff872460000, SizeOfImage=0xdd000, EntryPoint=0x7ff872495630)) returned 1 [0151.598] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.598] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872460000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="mpssvc.dll") returned 0xa [0151.600] CoTaskMemFree (pv=0x698010) [0151.600] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.600] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872460000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\mpssvc.dll" (normalized: "c:\\windows\\system32\\mpssvc.dll")) returned 0x1e [0151.601] CoTaskMemFree (pv=0x698010) [0151.601] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x261bb78, cb=0x18 | out: lpmodinfo=0x261bb78*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0151.603] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.603] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0151.606] CoTaskMemFree (pv=0x698010) [0151.606] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.606] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0151.608] CoTaskMemFree (pv=0x698010) [0151.608] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b030000, lpmodinfo=0x261dd30, cb=0x18 | out: lpmodinfo=0x261dd30*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0151.614] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.614] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b030000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0151.616] CoTaskMemFree (pv=0x698010) [0151.616] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.616] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b030000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0151.618] CoTaskMemFree (pv=0x698010) [0151.618] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87efa0000, lpmodinfo=0x261fed8, cb=0x18 | out: lpmodinfo=0x261fed8*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0151.620] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.620] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0151.622] CoTaskMemFree (pv=0x698010) [0151.622] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.622] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0151.625] CoTaskMemFree (pv=0x698010) [0151.625] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874fc0000, lpmodinfo=0x2622070, cb=0x18 | out: lpmodinfo=0x2622070*(lpBaseOfDll=0x7ff874fc0000, SizeOfImage=0x67000, EntryPoint=0x7ff874fc63e0)) returned 1 [0151.627] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.627] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874fc0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0151.630] CoTaskMemFree (pv=0x698010) [0151.630] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.630] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874fc0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0151.632] CoTaskMemFree (pv=0x698010) [0151.632] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b340000, lpmodinfo=0x2624228, cb=0x18 | out: lpmodinfo=0x2624228*(lpBaseOfDll=0x7ff87b340000, SizeOfImage=0x32000, EntryPoint=0x7ff87b352340)) returned 1 [0151.634] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.634] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b340000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="fwbase.dll") returned 0xa [0151.637] CoTaskMemFree (pv=0x698010) [0151.637] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.637] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b340000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")) returned 0x1e [0151.639] CoTaskMemFree (pv=0x698010) [0151.639] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872420000, lpmodinfo=0x26263d0, cb=0x18 | out: lpmodinfo=0x26263d0*(lpBaseOfDll=0x7ff872420000, SizeOfImage=0x35000, EntryPoint=0x7ff87242a270)) returned 1 [0151.641] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.641] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872420000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="FWPolicyIOMgr.dll") returned 0x11 [0151.644] CoTaskMemFree (pv=0x698010) [0151.644] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.644] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872420000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\FWPolicyIOMgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll")) returned 0x25 [0151.646] CoTaskMemFree (pv=0x698010) [0151.646] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875230000, lpmodinfo=0x2628598, cb=0x18 | out: lpmodinfo=0x2628598*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff875231b60)) returned 1 [0151.652] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.652] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875230000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0151.655] CoTaskMemFree (pv=0x698010) [0151.655] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.655] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875230000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0151.657] CoTaskMemFree (pv=0x698010) [0151.657] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpmodinfo=0x262a740, cb=0x18 | out: lpmodinfo=0x262a740*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0151.660] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.660] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0151.662] CoTaskMemFree (pv=0x698010) [0151.662] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.662] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0151.665] CoTaskMemFree (pv=0x698010) [0151.665] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872410000, lpmodinfo=0x262c8f8, cb=0x18 | out: lpmodinfo=0x262c8f8*(lpBaseOfDll=0x7ff872410000, SizeOfImage=0x9000, EntryPoint=0x7ff8724121d0)) returned 1 [0151.667] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.667] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872410000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="httpprxc.dll") returned 0xc [0151.670] CoTaskMemFree (pv=0x698010) [0151.670] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.670] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872410000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll")) returned 0x20 [0151.672] CoTaskMemFree (pv=0x698010) [0151.672] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878830000, lpmodinfo=0x262eab0, cb=0x18 | out: lpmodinfo=0x262eab0*(lpBaseOfDll=0x7ff878830000, SizeOfImage=0x55000, EntryPoint=0x7ff878833fb0)) returned 1 [0151.675] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.675] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878830000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="policymanager.dll") returned 0x11 [0151.678] CoTaskMemFree (pv=0x698010) [0151.678] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.678] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878830000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")) returned 0x25 [0151.680] CoTaskMemFree (pv=0x698010) [0151.680] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x2630c78, cb=0x18 | out: lpmodinfo=0x2630c78*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0151.683] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.683] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0151.687] CoTaskMemFree (pv=0x698010) [0151.687] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.687] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0151.690] CoTaskMemFree (pv=0x698010) [0151.690] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878e80000, lpmodinfo=0x2632e30, cb=0x18 | out: lpmodinfo=0x2632e30*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0151.693] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.693] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878e80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0151.696] CoTaskMemFree (pv=0x698010) [0151.696] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.696] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878e80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0151.699] CoTaskMemFree (pv=0x698010) [0151.699] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x2635210, cb=0x18 | out: lpmodinfo=0x2635210*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0151.702] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.702] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0151.705] CoTaskMemFree (pv=0x698010) [0151.705] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.705] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0151.708] CoTaskMemFree (pv=0x698010) [0151.708] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872400000, lpmodinfo=0x26373c8, cb=0x18 | out: lpmodinfo=0x26373c8*(lpBaseOfDll=0x7ff872400000, SizeOfImage=0xa000, EntryPoint=0x7ff872403070)) returned 1 [0151.711] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.711] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872400000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="adhapi.dll") returned 0xa [0151.714] CoTaskMemFree (pv=0x698010) [0151.714] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.714] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872400000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\adhapi.dll" (normalized: "c:\\windows\\system32\\adhapi.dll")) returned 0x1e [0151.717] CoTaskMemFree (pv=0x698010) [0151.717] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpmodinfo=0x2639570, cb=0x18 | out: lpmodinfo=0x2639570*(lpBaseOfDll=0x7ff87b5c0000, SizeOfImage=0x24000, EntryPoint=0x7ff87b5c3260)) returned 1 [0151.720] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.720] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="gpapi.dll") returned 0x9 [0151.724] CoTaskMemFree (pv=0x698010) [0151.724] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.724] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0151.727] CoTaskMemFree (pv=0x698010) [0151.727] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875480000, lpmodinfo=0x263b718, cb=0x18 | out: lpmodinfo=0x263b718*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0151.730] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.730] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875480000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0151.733] CoTaskMemFree (pv=0x698010) [0151.733] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.733] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875480000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0151.736] CoTaskMemFree (pv=0x698010) [0151.736] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875270000, lpmodinfo=0x263d8d0, cb=0x18 | out: lpmodinfo=0x263d8d0*(lpBaseOfDll=0x7ff875270000, SizeOfImage=0x16000, EntryPoint=0x7ff8752719f0)) returned 1 [0151.739] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.739] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875270000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0151.742] CoTaskMemFree (pv=0x698010) [0151.742] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.742] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875270000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0151.746] CoTaskMemFree (pv=0x698010) [0151.746] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875250000, lpmodinfo=0x263fa88, cb=0x18 | out: lpmodinfo=0x263fa88*(lpBaseOfDll=0x7ff875250000, SizeOfImage=0x1a000, EntryPoint=0x7ff875252430)) returned 1 [0151.749] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.749] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875250000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0151.754] CoTaskMemFree (pv=0x698010) [0151.754] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.754] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875250000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0151.757] CoTaskMemFree (pv=0x698010) [0151.757] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87be90000, lpmodinfo=0x2641c40, cb=0x18 | out: lpmodinfo=0x2641c40*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0151.764] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.764] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87be90000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0151.767] CoTaskMemFree (pv=0x698010) [0151.767] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.767] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87be90000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0151.770] CoTaskMemFree (pv=0x698010) [0151.770] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870fc0000, lpmodinfo=0x2643de8, cb=0x18 | out: lpmodinfo=0x2643de8*(lpBaseOfDll=0x7ff870fc0000, SizeOfImage=0xa000, EntryPoint=0x7ff870fc15c0)) returned 1 [0151.774] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.774] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870fc0000, lpBaseName=0x698010, nSize=0x800 | out: lpBaseName="wshqos.dll") returned 0xa [0151.777] CoTaskMemFree (pv=0x698010) [0151.777] CoTaskMemAlloc (cb=0x804) returned 0x698010 [0151.777] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870fc0000, lpFilename=0x698010, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wshqos.dll" (normalized: "c:\\windows\\system32\\wshqos.dll")) returned 0x1e [0151.781] CoTaskMemFree (pv=0x698010) [0151.781] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870e00000, lpmodinfo=0x2645f90, cb=0x18 | out: lpmodinfo=0x2645f90*(lpBaseOfDll=0x7ff870e00000, SizeOfImage=0x8000, EntryPoint=0x7ff870e010a0)) returned 1 [0151.785] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0151.785] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870e00000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wshtcpip.DLL") returned 0xc [0151.789] CoTaskMemFree (pv=0x6b2240) [0151.789] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0151.789] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870e00000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wshtcpip.DLL" (normalized: "c:\\windows\\system32\\wshtcpip.dll")) returned 0x20 [0151.793] CoTaskMemFree (pv=0x6b3340) [0151.793] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870df0000, lpmodinfo=0x2648148, cb=0x18 | out: lpmodinfo=0x2648148*(lpBaseOfDll=0x7ff870df0000, SizeOfImage=0x8000, EntryPoint=0x7ff870df1ab0)) returned 1 [0151.796] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0151.796] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870df0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wship6.dll") returned 0xa [0151.802] CoTaskMemFree (pv=0x6b3340) [0151.802] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0151.802] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870df0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wship6.dll" (normalized: "c:\\windows\\system32\\wship6.dll")) returned 0x1e [0151.806] CoTaskMemFree (pv=0x6b1140) [0151.806] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8750d0000, lpmodinfo=0x264a2f0, cb=0x18 | out: lpmodinfo=0x264a2f0*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0151.809] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0151.810] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0151.814] CoTaskMemFree (pv=0x6b2240) [0151.814] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0151.814] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0151.818] CoTaskMemFree (pv=0x6b19c0) [0151.818] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870d90000, lpmodinfo=0x264c498, cb=0x18 | out: lpmodinfo=0x264c498*(lpBaseOfDll=0x7ff870d90000, SizeOfImage=0x30000, EntryPoint=0x7ff870d9a670)) returned 1 [0151.822] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0151.822] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870d90000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="dps.dll") returned 0x7 [0151.826] CoTaskMemFree (pv=0x6b2240) [0151.826] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0151.826] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870d90000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dps.dll" (normalized: "c:\\windows\\system32\\dps.dll")) returned 0x1b [0151.830] CoTaskMemFree (pv=0x6b2240) [0151.830] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x264e630, cb=0x18 | out: lpmodinfo=0x264e630*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0151.834] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0151.834] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0151.838] CoTaskMemFree (pv=0x6b1140) [0151.838] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0151.838] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0151.842] CoTaskMemFree (pv=0x6b2240) [0151.842] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878230000, lpmodinfo=0x26507d8, cb=0x18 | out: lpmodinfo=0x26507d8*(lpBaseOfDll=0x7ff878230000, SizeOfImage=0xbf000, EntryPoint=0x7ff878251c50)) returned 1 [0151.846] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0151.846] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878230000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0151.851] CoTaskMemFree (pv=0x6b2ac0) [0151.851] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0151.851] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878230000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0151.855] CoTaskMemFree (pv=0x6b0040) [0151.855] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870b40000, lpmodinfo=0x2652990, cb=0x18 | out: lpmodinfo=0x2652990*(lpBaseOfDll=0x7ff870b40000, SizeOfImage=0x1d000, EntryPoint=0x7ff870b46190)) returned 1 [0151.858] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0151.858] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870b40000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wdi.dll") returned 0x7 [0151.862] CoTaskMemFree (pv=0x6b3340) [0151.862] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0151.862] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870b40000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wdi.dll" (normalized: "c:\\windows\\system32\\wdi.dll")) returned 0x1b [0151.867] CoTaskMemFree (pv=0x6b19c0) [0151.867] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870520000, lpmodinfo=0x2654b28, cb=0x18 | out: lpmodinfo=0x2654b28*(lpBaseOfDll=0x7ff870520000, SizeOfImage=0x166000, EntryPoint=0x7ff8705679f0)) returned 1 [0151.872] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0151.872] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870520000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="diagperf.dll") returned 0xc [0151.876] CoTaskMemFree (pv=0x6b2240) [0151.877] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0151.877] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870520000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\diagperf.dll" (normalized: "c:\\windows\\system32\\diagperf.dll")) returned 0x20 [0151.881] CoTaskMemFree (pv=0x6b2ac0) [0151.881] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870510000, lpmodinfo=0x2656ce0, cb=0x18 | out: lpmodinfo=0x2656ce0*(lpBaseOfDll=0x7ff870510000, SizeOfImage=0x9000, EntryPoint=0x7ff870511620)) returned 1 [0151.885] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0151.886] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870510000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="pnpts.dll") returned 0x9 [0151.890] CoTaskMemFree (pv=0x6b3340) [0151.890] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0151.890] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870510000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pnpts.dll" (normalized: "c:\\windows\\system32\\pnpts.dll")) returned 0x1d [0151.894] CoTaskMemFree (pv=0x6b19c0) [0151.894] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f6f0000, lpmodinfo=0x2658e88, cb=0x18 | out: lpmodinfo=0x2658e88*(lpBaseOfDll=0x7ff86f6f0000, SizeOfImage=0x1e000, EntryPoint=0x7ff86f6f5190)) returned 1 [0151.899] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0151.899] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f6f0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="radardt.dll") returned 0xb [0151.904] CoTaskMemFree (pv=0x6b1140) [0151.904] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0151.904] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f6f0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\radardt.dll" (normalized: "c:\\windows\\system32\\radardt.dll")) returned 0x1f [0151.910] CoTaskMemFree (pv=0x6b3340) [0151.910] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x265b030, cb=0x18 | out: lpmodinfo=0x265b030*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0151.914] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0151.914] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="POWRPROF.dll") returned 0xc [0151.918] CoTaskMemFree (pv=0x6b08c0) [0151.918] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0151.919] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\POWRPROF.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0151.923] CoTaskMemFree (pv=0x6b0040) [0151.923] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f690000, lpmodinfo=0x265d1e8, cb=0x18 | out: lpmodinfo=0x265d1e8*(lpBaseOfDll=0x7ff86f690000, SizeOfImage=0xc000, EntryPoint=0x7ff86f6916a0)) returned 1 [0151.926] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0151.927] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f690000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wfapigp.dll") returned 0xb [0151.931] CoTaskMemFree (pv=0x6b3340) [0151.931] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0151.931] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f690000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wfapigp.dll" (normalized: "c:\\windows\\system32\\wfapigp.dll")) returned 0x1f [0151.936] CoTaskMemFree (pv=0x6b1140) [0151.936] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff877aa0000, lpmodinfo=0x265f390, cb=0x18 | out: lpmodinfo=0x265f390*(lpBaseOfDll=0x7ff877aa0000, SizeOfImage=0x10e000, EntryPoint=0x7ff877aeeaa0)) returned 1 [0151.941] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0151.941] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff877aa0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="mrmcorer.dll") returned 0xc [0151.946] CoTaskMemFree (pv=0x6b1140) [0151.946] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0151.946] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff877aa0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mrmcorer.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")) returned 0x20 [0151.954] CoTaskMemFree (pv=0x6b08c0) [0151.954] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8764e0000, lpmodinfo=0x2661548, cb=0x18 | out: lpmodinfo=0x2661548*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0151.958] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0151.958] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0151.963] CoTaskMemFree (pv=0x6b0040) [0151.963] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0151.963] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0151.967] CoTaskMemFree (pv=0x6b0040) [0151.967] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c650000, lpmodinfo=0x2663700, cb=0x18 | out: lpmodinfo=0x2663700*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0151.972] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0151.972] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c650000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0151.977] CoTaskMemFree (pv=0x6b1140) [0151.977] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0151.977] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c650000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0151.982] CoTaskMemFree (pv=0x6b0040) [0151.982] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c760000, lpmodinfo=0x26658a8, cb=0x18 | out: lpmodinfo=0x26658a8*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0151.986] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0151.987] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c760000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0151.991] CoTaskMemFree (pv=0x6b2ac0) [0151.991] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0151.991] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c760000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0151.996] CoTaskMemFree (pv=0x6b2ac0) [0151.996] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fb50000, lpmodinfo=0x2667a70, cb=0x18 | out: lpmodinfo=0x2667a70*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0152.001] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.001] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0152.007] CoTaskMemFree (pv=0x6b0040) [0152.007] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.007] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0152.012] CoTaskMemFree (pv=0x6b2240) [0152.012] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x2669c18, cb=0x18 | out: lpmodinfo=0x2669c18*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0152.017] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.017] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0152.022] CoTaskMemFree (pv=0x6b0040) [0152.022] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.022] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0152.033] CoTaskMemFree (pv=0x6b19c0) [0152.034] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f350000, lpmodinfo=0x266bdc0, cb=0x18 | out: lpmodinfo=0x266bdc0*(lpBaseOfDll=0x7ff86f350000, SizeOfImage=0x37000, EntryPoint=0x7ff86f35a9e0)) returned 1 [0152.040] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.040] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f350000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="srumsvc.dll") returned 0xb [0152.047] CoTaskMemFree (pv=0x6b2ac0) [0152.047] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.047] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f350000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\srumsvc.dll" (normalized: "c:\\windows\\system32\\srumsvc.dll")) returned 0x1f [0152.053] CoTaskMemFree (pv=0x6b0040) [0152.053] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872f10000, lpmodinfo=0x266df68, cb=0x18 | out: lpmodinfo=0x266df68*(lpBaseOfDll=0x7ff872f10000, SizeOfImage=0x2f9000, EntryPoint=0x7ff872fd7280)) returned 1 [0152.058] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0152.058] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872f10000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ESENT.dll") returned 0x9 [0152.063] CoTaskMemFree (pv=0x6b1140) [0152.063] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.064] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872f10000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ESENT.dll" (normalized: "c:\\windows\\system32\\esent.dll")) returned 0x1d [0152.069] CoTaskMemFree (pv=0x6b08c0) [0152.069] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bab0000, lpmodinfo=0x2670110, cb=0x18 | out: lpmodinfo=0x2670110*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0152.074] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.074] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0152.079] CoTaskMemFree (pv=0x6b2ac0) [0152.079] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.080] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0152.085] CoTaskMemFree (pv=0x6b2240) [0152.085] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c060000, lpmodinfo=0x26722b8, cb=0x18 | out: lpmodinfo=0x26722b8*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0152.090] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.090] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c060000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="CRYPTBASE.DLL") returned 0xd [0152.096] CoTaskMemFree (pv=0x6b08c0) [0152.096] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.096] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c060000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.DLL" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0152.102] CoTaskMemFree (pv=0x6b0040) [0152.102] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86ef80000, lpmodinfo=0x2674470, cb=0x18 | out: lpmodinfo=0x2674470*(lpBaseOfDll=0x7ff86ef80000, SizeOfImage=0x14000, EntryPoint=0x7ff86ef85d60)) returned 1 [0152.107] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.107] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86ef80000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="nduprov.dll") returned 0xb [0152.114] CoTaskMemFree (pv=0x6b2240) [0152.114] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.114] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86ef80000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\nduprov.dll" (normalized: "c:\\windows\\system32\\nduprov.dll")) returned 0x1f [0152.119] CoTaskMemFree (pv=0x6b2240) [0152.119] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86ef60000, lpmodinfo=0x2676618, cb=0x18 | out: lpmodinfo=0x2676618*(lpBaseOfDll=0x7ff86ef60000, SizeOfImage=0x1b000, EntryPoint=0x7ff86ef6c6a0)) returned 1 [0152.125] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.125] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86ef60000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="eeprov.dll") returned 0xa [0152.130] CoTaskMemFree (pv=0x6b0040) [0152.130] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.130] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86ef60000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\eeprov.dll" (normalized: "c:\\windows\\system32\\eeprov.dll")) returned 0x1e [0152.136] CoTaskMemFree (pv=0x6b08c0) [0152.136] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87afe0000, lpmodinfo=0x2678bd8, cb=0x18 | out: lpmodinfo=0x2678bd8*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0152.141] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.141] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87afe0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0152.147] CoTaskMemFree (pv=0x6b0040) [0152.147] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.147] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87afe0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0152.152] CoTaskMemFree (pv=0x6b08c0) [0152.152] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86ef40000, lpmodinfo=0x267ad80, cb=0x18 | out: lpmodinfo=0x267ad80*(lpBaseOfDll=0x7ff86ef40000, SizeOfImage=0x19000, EntryPoint=0x7ff86ef4c2f0)) returned 1 [0152.158] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.158] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86ef40000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="appsruprov.dll") returned 0xe [0152.163] CoTaskMemFree (pv=0x6b19c0) [0152.164] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0152.164] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86ef40000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\appsruprov.dll" (normalized: "c:\\windows\\system32\\appsruprov.dll")) returned 0x22 [0152.170] CoTaskMemFree (pv=0x6b1140) [0152.170] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875860000, lpmodinfo=0x267cf38, cb=0x18 | out: lpmodinfo=0x267cf38*(lpBaseOfDll=0x7ff875860000, SizeOfImage=0x93000, EntryPoint=0x7ff875869680)) returned 1 [0152.176] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.176] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875860000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0152.181] CoTaskMemFree (pv=0x6b08c0) [0152.181] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.182] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875860000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0152.187] CoTaskMemFree (pv=0x6b0040) [0152.187] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86ef30000, lpmodinfo=0x267f0f0, cb=0x18 | out: lpmodinfo=0x267f0f0*(lpBaseOfDll=0x7ff86ef30000, SizeOfImage=0xe000, EntryPoint=0x7ff86ef33c90)) returned 1 [0152.193] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.193] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86ef30000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wpnsruprov.dll") returned 0xe [0152.198] CoTaskMemFree (pv=0x6b2240) [0152.199] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.199] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86ef30000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wpnsruprov.dll" (normalized: "c:\\windows\\system32\\wpnsruprov.dll")) returned 0x22 [0152.205] CoTaskMemFree (pv=0x6b2ac0) [0152.205] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8727c0000, lpmodinfo=0x26812a8, cb=0x18 | out: lpmodinfo=0x26812a8*(lpBaseOfDll=0x7ff8727c0000, SizeOfImage=0x40000, EntryPoint=0x7ff8727d6c60)) returned 1 [0152.212] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.212] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8727c0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0152.229] CoTaskMemFree (pv=0x6b2ac0) [0152.229] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.229] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8727c0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0152.235] CoTaskMemFree (pv=0x6b3340) [0152.235] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86ef20000, lpmodinfo=0x2683460, cb=0x18 | out: lpmodinfo=0x2683460*(lpBaseOfDll=0x7ff86ef20000, SizeOfImage=0xc000, EntryPoint=0x7ff86ef23ab0)) returned 1 [0152.241] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.241] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86ef20000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ncuprov.dll") returned 0xb [0152.282] CoTaskMemFree (pv=0x6b08c0) [0152.282] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.283] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86ef20000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ncuprov.dll" (normalized: "c:\\windows\\system32\\ncuprov.dll")) returned 0x1f [0152.289] CoTaskMemFree (pv=0x6b19c0) [0152.289] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874a90000, lpmodinfo=0x2685608, cb=0x18 | out: lpmodinfo=0x2685608*(lpBaseOfDll=0x7ff874a90000, SizeOfImage=0xe000, EntryPoint=0x7ff874a91460)) returned 1 [0152.295] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.295] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874a90000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0152.301] CoTaskMemFree (pv=0x6b2240) [0152.301] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.301] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874a90000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0152.307] CoTaskMemFree (pv=0x6b08c0) [0152.307] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878fa0000, lpmodinfo=0x26877c0, cb=0x18 | out: lpmodinfo=0x26877c0*(lpBaseOfDll=0x7ff878fa0000, SizeOfImage=0x15000, EntryPoint=0x7ff878fa3040)) returned 1 [0152.313] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.313] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878fa0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="energyprov.dll") returned 0xe [0152.321] CoTaskMemFree (pv=0x6b2ac0) [0152.321] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.321] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878fa0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\energyprov.dll" (normalized: "c:\\windows\\system32\\energyprov.dll")) returned 0x22 [0152.327] CoTaskMemFree (pv=0x6b19c0) [0152.327] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86ec50000, lpmodinfo=0x2689978, cb=0x18 | out: lpmodinfo=0x2689978*(lpBaseOfDll=0x7ff86ec50000, SizeOfImage=0x13000, EntryPoint=0x7ff86ec52570)) returned 1 [0152.333] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.333] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86ec50000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="srumapi.dll") returned 0xb [0152.339] CoTaskMemFree (pv=0x6b08c0) [0152.339] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.340] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86ec50000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\srumapi.dll" (normalized: "c:\\windows\\system32\\srumapi.dll")) returned 0x1f [0152.346] CoTaskMemFree (pv=0x6b3340) [0152.346] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpmodinfo=0x268bb20, cb=0x18 | out: lpmodinfo=0x268bb20*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0152.353] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.353] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0152.359] CoTaskMemFree (pv=0x6b0040) [0152.359] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.359] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0152.365] CoTaskMemFree (pv=0x6b19c0) [0152.366] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879c90000, lpmodinfo=0x268dcc8, cb=0x18 | out: lpmodinfo=0x268dcc8*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0152.372] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.372] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879c90000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0152.378] CoTaskMemFree (pv=0x6b0040) [0152.378] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.378] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879c90000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0152.384] CoTaskMemFree (pv=0x6b2ac0) [0152.384] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872970000, lpmodinfo=0x268fe80, cb=0x18 | out: lpmodinfo=0x268fe80*(lpBaseOfDll=0x7ff872970000, SizeOfImage=0x9c000, EntryPoint=0x7ff8729c96a0)) returned 1 [0152.391] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.391] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872970000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="efswrt.dll") returned 0xa [0152.397] CoTaskMemFree (pv=0x6b2ac0) [0152.397] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.398] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872970000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\efswrt.dll" (normalized: "c:\\windows\\system32\\efswrt.dll")) returned 0x1e [0152.404] CoTaskMemFree (pv=0x6b3340) [0152.404] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff876870000, lpmodinfo=0x2692028, cb=0x18 | out: lpmodinfo=0x2692028*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0152.410] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.410] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff876870000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0152.417] CoTaskMemFree (pv=0x6b2240) [0152.417] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.417] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff876870000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0152.426] CoTaskMemFree (pv=0x6b2240) [0152.426] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86dea0000, lpmodinfo=0x26941e0, cb=0x18 | out: lpmodinfo=0x26941e0*(lpBaseOfDll=0x7ff86dea0000, SizeOfImage=0x50000, EntryPoint=0x7ff86dea2580)) returned 1 [0152.432] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.433] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86dea0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="edputil.dll") returned 0xb [0152.439] CoTaskMemFree (pv=0x6b3340) [0152.439] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0152.439] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86dea0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll")) returned 0x1f [0152.446] CoTaskMemFree (pv=0x6b1140) [0152.446] CloseHandle (hObject=0x260) returned 1 [0152.446] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0152.446] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xcb8) returned 0x260 [0152.446] EnumProcessModules (in: hProcess=0x260, lphModule=0x2698200, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2698200, lpcbNeeded=0x14ef68) returned 1 [0152.455] EnumProcessModules (in: hProcess=0x260, lphModule=0x2698418, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x2698418, lpcbNeeded=0x14ef68) returned 1 [0152.464] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff76ec20000, lpmodinfo=0x2698888, cb=0x18 | out: lpmodinfo=0x2698888*(lpBaseOfDll=0x7ff76ec20000, SizeOfImage=0xca000, EntryPoint=0x7ff76ec221f0)) returned 1 [0152.464] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.465] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff76ec20000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="iexplore.exe") returned 0xc [0152.465] CoTaskMemFree (pv=0x6b19c0) [0152.465] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.466] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff76ec20000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\iexplore.exe" (normalized: "c:\\program files\\internet explorer\\iexplore.exe")) returned 0x2f [0152.466] CoTaskMemFree (pv=0x6b19c0) [0152.466] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x269aa90, cb=0x18 | out: lpmodinfo=0x269aa90*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0152.466] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.466] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0152.467] CoTaskMemFree (pv=0x6b08c0) [0152.467] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.467] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0152.467] CoTaskMemFree (pv=0x6b08c0) [0152.467] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x269cc38, cb=0x18 | out: lpmodinfo=0x269cc38*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0152.468] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.468] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0152.469] CoTaskMemFree (pv=0x6b19c0) [0152.469] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.469] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0152.470] CoTaskMemFree (pv=0x6b08c0) [0152.470] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x269edf0, cb=0x18 | out: lpmodinfo=0x269edf0*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0152.470] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.470] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0152.471] CoTaskMemFree (pv=0x6b3340) [0152.471] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.471] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0152.472] CoTaskMemFree (pv=0x6b3340) [0152.472] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87aa90000, lpmodinfo=0x26a0fa8, cb=0x18 | out: lpmodinfo=0x26a0fa8*(lpBaseOfDll=0x7ff87aa90000, SizeOfImage=0x79000, EntryPoint=0x7ff87aaafb90)) returned 1 [0152.473] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.473] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87aa90000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0152.474] CoTaskMemFree (pv=0x6b19c0) [0152.474] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.474] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87aa90000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0152.475] CoTaskMemFree (pv=0x6b19c0) [0152.475] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x26a31a8, cb=0x18 | out: lpmodinfo=0x26a31a8*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0152.476] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.476] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0152.477] CoTaskMemFree (pv=0x6b3340) [0152.477] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.477] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0152.478] CoTaskMemFree (pv=0x6b0040) [0152.478] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x26a5350, cb=0x18 | out: lpmodinfo=0x26a5350*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0152.479] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.479] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0152.480] CoTaskMemFree (pv=0x6b08c0) [0152.480] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.480] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0152.481] CoTaskMemFree (pv=0x6b19c0) [0152.481] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x26a74f8, cb=0x18 | out: lpmodinfo=0x26a74f8*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0152.482] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0152.482] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0152.483] CoTaskMemFree (pv=0x6b1140) [0152.483] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.483] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0152.484] CoTaskMemFree (pv=0x6b3340) [0152.484] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c650000, lpmodinfo=0x26a96a0, cb=0x18 | out: lpmodinfo=0x26a96a0*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0152.485] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.486] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c650000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0152.487] CoTaskMemFree (pv=0x6b3340) [0152.487] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0152.487] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c650000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0152.488] CoTaskMemFree (pv=0x6b1140) [0152.488] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x26ab8e0, cb=0x18 | out: lpmodinfo=0x26ab8e0*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0152.489] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.489] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0152.490] CoTaskMemFree (pv=0x6b0040) [0152.490] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.490] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0152.500] CoTaskMemFree (pv=0x6b3340) [0152.500] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x26ada88, cb=0x18 | out: lpmodinfo=0x26ada88*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0152.501] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.501] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0152.503] CoTaskMemFree (pv=0x6b2ac0) [0152.503] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.503] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0152.504] CoTaskMemFree (pv=0x6b19c0) [0152.504] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x26afc30, cb=0x18 | out: lpmodinfo=0x26afc30*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0152.506] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0152.506] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0152.507] CoTaskMemFree (pv=0x6b1140) [0152.507] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.507] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0152.509] CoTaskMemFree (pv=0x6b08c0) [0152.509] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x26b1e08, cb=0x18 | out: lpmodinfo=0x26b1e08*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0152.510] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.510] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0152.511] CoTaskMemFree (pv=0x6b08c0) [0152.511] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.512] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0152.513] CoTaskMemFree (pv=0x6b19c0) [0152.513] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x26b3fc0, cb=0x18 | out: lpmodinfo=0x26b3fc0*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0152.514] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.515] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0152.516] CoTaskMemFree (pv=0x6b19c0) [0152.517] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.517] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0152.518] CoTaskMemFree (pv=0x6b19c0) [0152.519] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8764e0000, lpmodinfo=0x26b6168, cb=0x18 | out: lpmodinfo=0x26b6168*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0152.521] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.521] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0152.522] CoTaskMemFree (pv=0x6b08c0) [0152.522] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.522] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0152.524] CoTaskMemFree (pv=0x6b08c0) [0152.524] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c760000, lpmodinfo=0x26b8320, cb=0x18 | out: lpmodinfo=0x26b8320*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0152.525] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.525] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c760000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0152.527] CoTaskMemFree (pv=0x6b08c0) [0152.527] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.527] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c760000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0152.528] CoTaskMemFree (pv=0x6b08c0) [0152.528] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x26ba4e8, cb=0x18 | out: lpmodinfo=0x26ba4e8*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0152.530] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.530] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0152.532] CoTaskMemFree (pv=0x6b3340) [0152.532] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.532] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0152.534] CoTaskMemFree (pv=0x6b0040) [0152.534] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fb50000, lpmodinfo=0x26bc7b8, cb=0x18 | out: lpmodinfo=0x26bc7b8*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0152.536] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.536] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0152.538] CoTaskMemFree (pv=0x6b2ac0) [0152.538] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.538] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0152.540] CoTaskMemFree (pv=0x6b19c0) [0152.540] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x26be960, cb=0x18 | out: lpmodinfo=0x26be960*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0152.542] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.542] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0152.544] CoTaskMemFree (pv=0x6b2240) [0152.544] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.545] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0152.546] CoTaskMemFree (pv=0x6b19c0) [0152.546] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x26c0b28, cb=0x18 | out: lpmodinfo=0x26c0b28*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0152.548] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0152.548] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0152.550] CoTaskMemFree (pv=0x6b1140) [0152.550] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.551] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0152.553] CoTaskMemFree (pv=0x6b2ac0) [0152.553] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x26c2ce0, cb=0x18 | out: lpmodinfo=0x26c2ce0*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0152.555] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.555] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0152.557] CoTaskMemFree (pv=0x6b3340) [0152.557] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.557] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0152.559] CoTaskMemFree (pv=0x6b2240) [0152.559] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpmodinfo=0x26c4e88, cb=0x18 | out: lpmodinfo=0x26c4e88*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0152.561] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.561] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0152.564] CoTaskMemFree (pv=0x6b2ac0) [0152.564] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.564] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0152.566] CoTaskMemFree (pv=0x6b0040) [0152.566] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8642b0000, lpmodinfo=0x26c7030, cb=0x18 | out: lpmodinfo=0x26c7030*(lpBaseOfDll=0x7ff8642b0000, SizeOfImage=0xccd000, EntryPoint=0x7ff8643fe880)) returned 1 [0152.568] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.568] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8642b0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="IEFRAME.dll") returned 0xb [0152.571] CoTaskMemFree (pv=0x6b3340) [0152.571] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.571] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8642b0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IEFRAME.dll" (normalized: "c:\\windows\\system32\\ieframe.dll")) returned 0x1f [0152.573] CoTaskMemFree (pv=0x6b2ac0) [0152.573] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpmodinfo=0x26c91d8, cb=0x18 | out: lpmodinfo=0x26c91d8*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0152.576] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.576] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0152.578] CoTaskMemFree (pv=0x6b2ac0) [0152.578] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.578] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0152.580] CoTaskMemFree (pv=0x6b08c0) [0152.581] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x26cb380, cb=0x18 | out: lpmodinfo=0x26cb380*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0152.583] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.583] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0152.585] CoTaskMemFree (pv=0x6b08c0) [0152.585] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0152.585] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0152.588] CoTaskMemFree (pv=0x6b1140) [0152.588] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d650000, lpmodinfo=0x26cd538, cb=0x18 | out: lpmodinfo=0x26cd538*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0152.590] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0152.590] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d650000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0152.592] CoTaskMemFree (pv=0x6b1140) [0152.592] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.593] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d650000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0152.595] CoTaskMemFree (pv=0x6b2240) [0152.595] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872050000, lpmodinfo=0x26cf6e0, cb=0x18 | out: lpmodinfo=0x26cf6e0*(lpBaseOfDll=0x7ff872050000, SizeOfImage=0x274000, EntryPoint=0x7ff8720c0400)) returned 1 [0152.597] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.597] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872050000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0152.600] CoTaskMemFree (pv=0x6b08c0) [0152.600] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.600] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872050000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")) returned 0x79 [0152.602] CoTaskMemFree (pv=0x6b3340) [0152.603] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff864240000, lpmodinfo=0x26d1948, cb=0x18 | out: lpmodinfo=0x26d1948*(lpBaseOfDll=0x7ff864240000, SizeOfImage=0x6d000, EntryPoint=0x7ff864254ce0)) returned 1 [0152.606] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.606] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff864240000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="IEShims.dll") returned 0xb [0152.609] CoTaskMemFree (pv=0x6b19c0) [0152.609] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.609] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff864240000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\IEShims.dll" (normalized: "c:\\program files\\internet explorer\\ieshims.dll")) returned 0x2e [0152.612] CoTaskMemFree (pv=0x6b19c0) [0152.612] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d530000, lpmodinfo=0x26d3b10, cb=0x18 | out: lpmodinfo=0x26d3b10*(lpBaseOfDll=0x7ff87d530000, SizeOfImage=0x10b000, EntryPoint=0x7ff87d552300)) returned 1 [0152.615] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.615] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d530000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="comdlg32.dll") returned 0xc [0152.618] CoTaskMemFree (pv=0x6b0040) [0152.618] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.618] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d530000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\comdlg32.dll" (normalized: "c:\\windows\\system32\\comdlg32.dll")) returned 0x20 [0152.620] CoTaskMemFree (pv=0x6b08c0) [0152.620] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87cdb0000, lpmodinfo=0x26d5cc8, cb=0x18 | out: lpmodinfo=0x26d5cc8*(lpBaseOfDll=0x7ff87cdb0000, SizeOfImage=0x86000, EntryPoint=0x7ff87cdbd8f0)) returned 1 [0152.623] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.623] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87cdb0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="FirewallAPI.dll") returned 0xf [0152.630] CoTaskMemFree (pv=0x6b2ac0) [0152.630] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.630] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87cdb0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0152.633] CoTaskMemFree (pv=0x6b0040) [0152.633] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d0a0000, lpmodinfo=0x26d7e80, cb=0x18 | out: lpmodinfo=0x26d7e80*(lpBaseOfDll=0x7ff87d0a0000, SizeOfImage=0x17000, EntryPoint=0x7ff87d0a1390)) returned 1 [0152.636] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.636] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d0a0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="NETAPI32.dll") returned 0xc [0152.639] CoTaskMemFree (pv=0x6b2ac0) [0152.639] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.639] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d0a0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NETAPI32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")) returned 0x20 [0152.643] CoTaskMemFree (pv=0x6b08c0) [0152.643] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8744e0000, lpmodinfo=0x26da038, cb=0x18 | out: lpmodinfo=0x26da038*(lpBaseOfDll=0x7ff8744e0000, SizeOfImage=0xc000, EntryPoint=0x7ff8744e1860)) returned 1 [0152.645] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.646] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8744e0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="DAVHLPR.DLL") returned 0xb [0152.649] CoTaskMemFree (pv=0x6b3340) [0152.649] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.649] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8744e0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DAVHLPR.DLL" (normalized: "c:\\windows\\system32\\davhlpr.dll")) returned 0x1f [0152.652] CoTaskMemFree (pv=0x6b2ac0) [0152.652] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b340000, lpmodinfo=0x26dc1e0, cb=0x18 | out: lpmodinfo=0x26dc1e0*(lpBaseOfDll=0x7ff87b340000, SizeOfImage=0x32000, EntryPoint=0x7ff87b352340)) returned 1 [0152.655] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.655] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b340000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="fwbase.dll") returned 0xa [0152.658] CoTaskMemFree (pv=0x6b08c0) [0152.658] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0152.658] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b340000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")) returned 0x1e [0152.665] CoTaskMemFree (pv=0x6b1140) [0152.665] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87af40000, lpmodinfo=0x26de5a0, cb=0x18 | out: lpmodinfo=0x26de5a0*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.669] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.669] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87af40000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0152.672] CoTaskMemFree (pv=0x6b08c0) [0152.672] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.672] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87af40000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0152.676] CoTaskMemFree (pv=0x6b3340) [0152.676] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870840000, lpmodinfo=0x26e0748, cb=0x18 | out: lpmodinfo=0x26e0748*(lpBaseOfDll=0x7ff870840000, SizeOfImage=0x1b8000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.679] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.679] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870840000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="urlmon.dll") returned 0xa [0152.685] CoTaskMemFree (pv=0x6b2240) [0152.685] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.685] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870840000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")) returned 0x1e [0152.688] CoTaskMemFree (pv=0x6b3340) [0152.688] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fbb0000, lpmodinfo=0x26e28f0, cb=0x18 | out: lpmodinfo=0x26e28f0*(lpBaseOfDll=0x7ff87fbb0000, SizeOfImage=0x15a000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.692] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.692] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fbb0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0152.695] CoTaskMemFree (pv=0x6b2240) [0152.695] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.695] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fbb0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0152.698] CoTaskMemFree (pv=0x6b08c0) [0152.698] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a590000, lpmodinfo=0x26e4a98, cb=0x18 | out: lpmodinfo=0x26e4a98*(lpBaseOfDll=0x7ff87a590000, SizeOfImage=0x22000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.701] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.702] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a590000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0152.705] CoTaskMemFree (pv=0x6b19c0) [0152.705] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.705] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a590000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0152.708] CoTaskMemFree (pv=0x6b08c0) [0152.709] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86ec80000, lpmodinfo=0x26e6c40, cb=0x18 | out: lpmodinfo=0x26e6c40*(lpBaseOfDll=0x7ff86ec80000, SizeOfImage=0x28e000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.712] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.712] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86ec80000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="WININET.dll") returned 0xb [0152.715] CoTaskMemFree (pv=0x6b2240) [0152.716] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.716] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86ec80000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WININET.dll" (normalized: "c:\\windows\\system32\\wininet.dll")) returned 0x1f [0152.719] CoTaskMemFree (pv=0x6b19c0) [0152.720] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x26e8de8, cb=0x18 | out: lpmodinfo=0x26e8de8*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.723] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.723] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0152.726] CoTaskMemFree (pv=0x6b08c0) [0152.726] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.726] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0152.730] CoTaskMemFree (pv=0x6b08c0) [0152.730] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c2a0000, lpmodinfo=0x26eaf90, cb=0x18 | out: lpmodinfo=0x26eaf90*(lpBaseOfDll=0x7ff86c2a0000, SizeOfImage=0xe000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.734] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.734] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c2a0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="tokenbinding.dll") returned 0x10 [0152.737] CoTaskMemFree (pv=0x6b0040) [0152.737] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0152.737] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c2a0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\tokenbinding.dll" (normalized: "c:\\windows\\system32\\tokenbinding.dll")) returned 0x24 [0152.741] CoTaskMemFree (pv=0x6b1140) [0152.741] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x26ed158, cb=0x18 | out: lpmodinfo=0x26ed158*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.744] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.744] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0152.748] CoTaskMemFree (pv=0x6b0040) [0152.748] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.748] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0152.752] CoTaskMemFree (pv=0x6b2240) [0152.754] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87eed0000, lpmodinfo=0x26ef300, cb=0x18 | out: lpmodinfo=0x26ef300*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.757] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.757] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0152.761] CoTaskMemFree (pv=0x6b2ac0) [0152.761] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.761] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0152.765] CoTaskMemFree (pv=0x6b3340) [0152.765] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874ab0000, lpmodinfo=0x26f14a8, cb=0x18 | out: lpmodinfo=0x26f14a8*(lpBaseOfDll=0x7ff874ab0000, SizeOfImage=0x15000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.769] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.769] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874ab0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0152.773] CoTaskMemFree (pv=0x6b19c0) [0152.773] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.773] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874ab0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0152.777] CoTaskMemFree (pv=0x6b2ac0) [0152.777] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875480000, lpmodinfo=0x26f3690, cb=0x18 | out: lpmodinfo=0x26f3690*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.781] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.781] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875480000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0152.784] CoTaskMemFree (pv=0x6b2240) [0152.785] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.785] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875480000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0152.789] CoTaskMemFree (pv=0x6b0040) [0152.789] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878b20000, lpmodinfo=0x26f5848, cb=0x18 | out: lpmodinfo=0x26f5848*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.792] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0152.792] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878b20000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="winhttp.dll") returned 0xb [0152.796] CoTaskMemFree (pv=0x6b1140) [0152.796] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.797] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878b20000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winhttp.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0152.800] CoTaskMemFree (pv=0x6b2ac0) [0152.800] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87be90000, lpmodinfo=0x26f79f0, cb=0x18 | out: lpmodinfo=0x26f79f0*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.805] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.805] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87be90000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0152.809] CoTaskMemFree (pv=0x6b08c0) [0152.809] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0152.809] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87be90000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0152.812] CoTaskMemFree (pv=0x6b1140) [0152.812] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8750d0000, lpmodinfo=0x26f9b98, cb=0x18 | out: lpmodinfo=0x26f9b98*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.816] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0152.816] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0152.820] CoTaskMemFree (pv=0x6b1140) [0152.820] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.820] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0152.825] CoTaskMemFree (pv=0x6b3340) [0152.826] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87efa0000, lpmodinfo=0x26fbd40, cb=0x18 | out: lpmodinfo=0x26fbd40*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.830] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.830] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0152.834] CoTaskMemFree (pv=0x6b08c0) [0152.834] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.834] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0152.839] CoTaskMemFree (pv=0x6b2ac0) [0152.839] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878ff0000, lpmodinfo=0x26fded8, cb=0x18 | out: lpmodinfo=0x26fded8*(lpBaseOfDll=0x7ff878ff0000, SizeOfImage=0x36000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.843] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0152.843] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878ff0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0152.847] CoTaskMemFree (pv=0x6b1140) [0152.848] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.848] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878ff0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0152.852] CoTaskMemFree (pv=0x6b2ac0) [0152.852] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b030000, lpmodinfo=0x2700080, cb=0x18 | out: lpmodinfo=0x2700080*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.856] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.857] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b030000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0152.861] CoTaskMemFree (pv=0x6b2ac0) [0152.861] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.862] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b030000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0152.866] CoTaskMemFree (pv=0x6b2240) [0152.866] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874830000, lpmodinfo=0x2702228, cb=0x18 | out: lpmodinfo=0x2702228*(lpBaseOfDll=0x7ff874830000, SizeOfImage=0xa000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.870] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.871] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874830000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0152.875] CoTaskMemFree (pv=0x6b19c0) [0152.875] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.875] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874830000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0152.880] CoTaskMemFree (pv=0x6b3340) [0152.880] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874fc0000, lpmodinfo=0x27043e0, cb=0x18 | out: lpmodinfo=0x27043e0*(lpBaseOfDll=0x7ff874fc0000, SizeOfImage=0x67000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.884] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.884] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874fc0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0152.889] CoTaskMemFree (pv=0x6b3340) [0152.889] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0152.889] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874fc0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0152.899] CoTaskMemFree (pv=0x6b2ac0) [0152.900] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c060000, lpmodinfo=0x2706598, cb=0x18 | out: lpmodinfo=0x2706598*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.904] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.904] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c060000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0152.910] CoTaskMemFree (pv=0x6b19c0) [0152.910] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.910] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c060000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0152.915] CoTaskMemFree (pv=0x6b2240) [0152.915] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff863f30000, lpmodinfo=0x2708750, cb=0x18 | out: lpmodinfo=0x2708750*(lpBaseOfDll=0x7ff863f30000, SizeOfImage=0x1b2000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.919] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.919] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff863f30000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ieapfltr.dll") returned 0xc [0152.924] CoTaskMemFree (pv=0x6b08c0) [0152.924] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0152.924] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff863f30000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ieapfltr.dll" (normalized: "c:\\windows\\system32\\ieapfltr.dll")) returned 0x20 [0152.928] CoTaskMemFree (pv=0x6b19c0) [0152.929] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bf40000, lpmodinfo=0x270a908, cb=0x18 | out: lpmodinfo=0x270a908*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.934] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.934] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0152.938] CoTaskMemFree (pv=0x6b08c0) [0152.938] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.938] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0152.944] CoTaskMemFree (pv=0x6b0040) [0152.944] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpmodinfo=0x270cab0, cb=0x18 | out: lpmodinfo=0x270cab0*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.949] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.949] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0152.956] CoTaskMemFree (pv=0x6b3340) [0152.956] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0152.956] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0152.962] CoTaskMemFree (pv=0x6b3340) [0152.962] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff863e70000, lpmodinfo=0x270ec58, cb=0x18 | out: lpmodinfo=0x270ec58*(lpBaseOfDll=0x7ff863e70000, SizeOfImage=0x94000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.968] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0152.968] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff863e70000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="IEUI.dll") returned 0x8 [0152.975] CoTaskMemFree (pv=0x6b0040) [0152.975] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.975] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff863e70000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IEUI.dll" (normalized: "c:\\windows\\system32\\ieui.dll")) returned 0x1c [0152.979] CoTaskMemFree (pv=0x6b08c0) [0152.979] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f5d0000, lpmodinfo=0x2710e00, cb=0x18 | out: lpmodinfo=0x2710e00*(lpBaseOfDll=0x7ff87f5d0000, SizeOfImage=0x6f000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.984] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0152.984] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f5d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="coml2.dll") returned 0x9 [0152.989] CoTaskMemFree (pv=0x6b1140) [0152.989] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0152.989] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f5d0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll")) returned 0x1d [0152.994] CoTaskMemFree (pv=0x6b08c0) [0152.994] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x2712fa8, cb=0x18 | out: lpmodinfo=0x2712fa8*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff864243ba0)) returned 1 [0152.999] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0152.999] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0153.004] CoTaskMemFree (pv=0x6b2240) [0153.004] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0153.004] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0153.009] CoTaskMemFree (pv=0x6b0040) [0153.009] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff865970000, lpmodinfo=0x2715150, cb=0x18 | out: lpmodinfo=0x2715150*(lpBaseOfDll=0x7ff865970000, SizeOfImage=0xac000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.015] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0153.015] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff865970000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ieproxy.dll") returned 0xb [0153.020] CoTaskMemFree (pv=0x6b1140) [0153.020] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0153.020] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff865970000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ieproxy.dll" (normalized: "c:\\windows\\system32\\ieproxy.dll")) returned 0x1f [0153.026] CoTaskMemFree (pv=0x6b19c0) [0153.026] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879920000, lpmodinfo=0x27172f8, cb=0x18 | out: lpmodinfo=0x27172f8*(lpBaseOfDll=0x7ff879920000, SizeOfImage=0x1b1000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.031] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0153.031] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879920000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="windowscodecs.dll") returned 0x11 [0153.036] CoTaskMemFree (pv=0x6b08c0) [0153.036] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0153.036] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879920000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windowscodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")) returned 0x25 [0153.042] CoTaskMemFree (pv=0x6b08c0) [0153.042] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e490000, lpmodinfo=0x27194c0, cb=0x18 | out: lpmodinfo=0x27194c0*(lpBaseOfDll=0x7ff86e490000, SizeOfImage=0x6a000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.048] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0153.048] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e490000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="oleacc.dll") returned 0xa [0153.053] CoTaskMemFree (pv=0x6b0040) [0153.053] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0153.053] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e490000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\oleacc.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")) returned 0x1e [0153.058] CoTaskMemFree (pv=0x6b2240) [0153.058] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e390000, lpmodinfo=0x271b668, cb=0x18 | out: lpmodinfo=0x271b668*(lpBaseOfDll=0x7ff86e390000, SizeOfImage=0x4a000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.064] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0153.064] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e390000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="dataexchange.dll") returned 0x10 [0153.069] CoTaskMemFree (pv=0x6b0040) [0153.069] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0153.069] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e390000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dataexchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll")) returned 0x24 [0153.074] CoTaskMemFree (pv=0x6b19c0) [0153.075] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a2e0000, lpmodinfo=0x271d830, cb=0x18 | out: lpmodinfo=0x271d830*(lpBaseOfDll=0x7ff87a2e0000, SizeOfImage=0x2a8000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.080] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0153.080] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a2e0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="d3d11.dll") returned 0x9 [0153.085] CoTaskMemFree (pv=0x6b08c0) [0153.085] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0153.085] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a2e0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll")) returned 0x1d [0153.090] CoTaskMemFree (pv=0x6b3340) [0153.091] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a6a0000, lpmodinfo=0x271f9d8, cb=0x18 | out: lpmodinfo=0x271f9d8*(lpBaseOfDll=0x7ff87a6a0000, SizeOfImage=0xe3000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.096] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0153.096] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a6a0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="dcomp.dll") returned 0x9 [0153.101] CoTaskMemFree (pv=0x6b1140) [0153.101] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0153.101] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a6a0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll")) returned 0x1d [0153.107] CoTaskMemFree (pv=0x6b1140) [0153.107] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a230000, lpmodinfo=0x2721f98, cb=0x18 | out: lpmodinfo=0x2721f98*(lpBaseOfDll=0x7ff87a230000, SizeOfImage=0xa2000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.113] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0153.113] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a230000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="dxgi.dll") returned 0x8 [0153.120] CoTaskMemFree (pv=0x6b2240) [0153.120] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0153.120] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a230000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")) returned 0x1c [0153.126] CoTaskMemFree (pv=0x6b2240) [0153.127] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpmodinfo=0x2724140, cb=0x18 | out: lpmodinfo=0x2724140*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.132] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0153.132] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0153.138] CoTaskMemFree (pv=0x6b2ac0) [0153.138] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0153.138] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0153.145] CoTaskMemFree (pv=0x6b2ac0) [0153.145] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86def0000, lpmodinfo=0x2726308, cb=0x18 | out: lpmodinfo=0x2726308*(lpBaseOfDll=0x7ff86def0000, SizeOfImage=0x4a0000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.150] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0153.151] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86def0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="explorerframe.dll") returned 0x11 [0153.156] CoTaskMemFree (pv=0x6b19c0) [0153.157] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0153.157] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86def0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\explorerframe.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll")) returned 0x25 [0153.163] CoTaskMemFree (pv=0x6b2240) [0153.163] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86dea0000, lpmodinfo=0x27284d0, cb=0x18 | out: lpmodinfo=0x27284d0*(lpBaseOfDll=0x7ff86dea0000, SizeOfImage=0x50000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.168] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0153.169] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86dea0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="edputil.dll") returned 0xb [0153.174] CoTaskMemFree (pv=0x6b1140) [0153.174] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0153.175] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86dea0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll")) returned 0x1f [0153.180] CoTaskMemFree (pv=0x6b2ac0) [0153.181] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff862360000, lpmodinfo=0x272a678, cb=0x18 | out: lpmodinfo=0x272a678*(lpBaseOfDll=0x7ff862360000, SizeOfImage=0x178d000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.186] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0153.187] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff862360000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="mshtml.dll") returned 0xa [0153.193] CoTaskMemFree (pv=0x6b2ac0) [0153.194] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0153.194] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff862360000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\mshtml.dll" (normalized: "c:\\windows\\system32\\mshtml.dll")) returned 0x1e [0153.200] CoTaskMemFree (pv=0x6b3340) [0153.200] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d170000, lpmodinfo=0x272c820, cb=0x18 | out: lpmodinfo=0x272c820*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.206] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0153.206] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d170000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0153.212] CoTaskMemFree (pv=0x6b08c0) [0153.212] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0153.212] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d170000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0153.227] CoTaskMemFree (pv=0x6b2ac0) [0153.227] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpmodinfo=0x272e9c8, cb=0x18 | out: lpmodinfo=0x272e9c8*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.233] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0153.233] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0153.239] CoTaskMemFree (pv=0x6b2ac0) [0153.239] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0153.239] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0153.246] CoTaskMemFree (pv=0x6b1140) [0153.246] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bc10000, lpmodinfo=0x2730b70, cb=0x18 | out: lpmodinfo=0x2730b70*(lpBaseOfDll=0x7ff87bc10000, SizeOfImage=0xa000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.252] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0153.252] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bc10000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="DPAPI.dll") returned 0x9 [0153.258] CoTaskMemFree (pv=0x6b3340) [0153.258] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0153.258] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bc10000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DPAPI.dll" (normalized: "c:\\windows\\system32\\dpapi.dll")) returned 0x1d [0153.265] CoTaskMemFree (pv=0x6b1140) [0153.265] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bab0000, lpmodinfo=0x2732d18, cb=0x18 | out: lpmodinfo=0x2732d18*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.271] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0153.272] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0153.278] CoTaskMemFree (pv=0x6b08c0) [0153.278] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0153.278] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0153.284] CoTaskMemFree (pv=0x6b19c0) [0153.284] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872540000, lpmodinfo=0x2734ec0, cb=0x18 | out: lpmodinfo=0x2734ec0*(lpBaseOfDll=0x7ff872540000, SizeOfImage=0x27a000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.290] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0153.291] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872540000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="msxml6.dll") returned 0xa [0153.297] CoTaskMemFree (pv=0x6b2ac0) [0153.297] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0153.297] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872540000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")) returned 0x1e [0153.304] CoTaskMemFree (pv=0x6b2ac0) [0153.304] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bb10000, lpmodinfo=0x2737068, cb=0x18 | out: lpmodinfo=0x2737068*(lpBaseOfDll=0x7ff87bb10000, SizeOfImage=0x7a000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.310] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0153.310] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bb10000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0153.316] CoTaskMemFree (pv=0x6b08c0) [0153.316] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0153.317] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bb10000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0153.323] CoTaskMemFree (pv=0x6b3340) [0153.323] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c8b0000, lpmodinfo=0x2739220, cb=0x18 | out: lpmodinfo=0x2739220*(lpBaseOfDll=0x7ff86c8b0000, SizeOfImage=0x14000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.329] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0153.329] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c8b0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0153.336] CoTaskMemFree (pv=0x6b1140) [0153.336] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0153.337] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c8b0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0153.345] CoTaskMemFree (pv=0x6b08c0) [0153.345] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c130000, lpmodinfo=0x273b3e8, cb=0x18 | out: lpmodinfo=0x273b3e8*(lpBaseOfDll=0x7ff87c130000, SizeOfImage=0x27000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.351] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0153.351] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c130000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0153.357] CoTaskMemFree (pv=0x6b19c0) [0153.357] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0153.358] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c130000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0153.364] CoTaskMemFree (pv=0x6b2240) [0153.364] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c0f0000, lpmodinfo=0x273d590, cb=0x18 | out: lpmodinfo=0x273d590*(lpBaseOfDll=0x7ff87c0f0000, SizeOfImage=0x3a000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.370] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0153.371] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c0f0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0153.377] CoTaskMemFree (pv=0x6b2ac0) [0153.377] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0153.378] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c0f0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0153.384] CoTaskMemFree (pv=0x6b2240) [0153.384] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c960000, lpmodinfo=0x273f738, cb=0x18 | out: lpmodinfo=0x273f738*(lpBaseOfDll=0x7ff86c960000, SizeOfImage=0x1e000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.391] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0153.391] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c960000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0153.398] CoTaskMemFree (pv=0x6b2240) [0153.398] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0153.398] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c960000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0153.405] CoTaskMemFree (pv=0x6b2240) [0153.405] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d340000, lpmodinfo=0x27418f0, cb=0x18 | out: lpmodinfo=0x27418f0*(lpBaseOfDll=0x7ff87d340000, SizeOfImage=0x55000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.411] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0153.412] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d340000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0153.419] CoTaskMemFree (pv=0x6b2ac0) [0153.419] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0153.420] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d340000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0153.426] CoTaskMemFree (pv=0x6b1140) [0153.426] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpmodinfo=0x2743aa8, cb=0x18 | out: lpmodinfo=0x2743aa8*(lpBaseOfDll=0x7ff87b5c0000, SizeOfImage=0x24000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.433] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0153.433] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="gpapi.dll") returned 0x9 [0153.518] CoTaskMemFree (pv=0x6b0040) [0153.518] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0153.518] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0153.525] CoTaskMemFree (pv=0x6b08c0) [0153.525] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879c90000, lpmodinfo=0x2745c50, cb=0x18 | out: lpmodinfo=0x2745c50*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.533] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0153.533] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879c90000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0153.539] CoTaskMemFree (pv=0x6b1140) [0153.539] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0153.539] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879c90000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0153.548] CoTaskMemFree (pv=0x6b08c0) [0153.548] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870dc0000, lpmodinfo=0x2747e08, cb=0x18 | out: lpmodinfo=0x2747e08*(lpBaseOfDll=0x7ff870dc0000, SizeOfImage=0xc000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.554] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0153.555] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870dc0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="Secur32.dll") returned 0xb [0153.561] CoTaskMemFree (pv=0x6b08c0) [0153.561] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0153.562] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870dc0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0153.569] CoTaskMemFree (pv=0x6b2ac0) [0153.569] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c2e0000, lpmodinfo=0x2749fb0, cb=0x18 | out: lpmodinfo=0x2749fb0*(lpBaseOfDll=0x7ff86c2e0000, SizeOfImage=0x3e000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.576] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0153.576] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c2e0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="MLANG.dll") returned 0x9 [0153.583] CoTaskMemFree (pv=0x6b19c0) [0153.583] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0153.583] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c2e0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MLANG.dll" (normalized: "c:\\windows\\system32\\mlang.dll")) returned 0x1d [0153.591] CoTaskMemFree (pv=0x6b08c0) [0153.591] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ab10000, lpmodinfo=0x274c158, cb=0x18 | out: lpmodinfo=0x274c158*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.597] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0153.597] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ab10000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0153.605] CoTaskMemFree (pv=0x6b0040) [0153.605] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0153.605] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ab10000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0153.613] CoTaskMemFree (pv=0x6b0040) [0153.613] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8615d0000, lpmodinfo=0x274e300, cb=0x18 | out: lpmodinfo=0x274e300*(lpBaseOfDll=0x7ff8615d0000, SizeOfImage=0x7000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.620] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0153.620] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8615d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="MSIMG32.dll") returned 0xb [0153.626] CoTaskMemFree (pv=0x6b1140) [0153.626] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0153.627] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8615d0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSIMG32.dll" (normalized: "c:\\windows\\system32\\msimg32.dll")) returned 0x1f [0153.634] CoTaskMemFree (pv=0x6b3340) [0153.634] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e7b0000, lpmodinfo=0x27504a8, cb=0x18 | out: lpmodinfo=0x27504a8*(lpBaseOfDll=0x7ff86e7b0000, SizeOfImage=0xf9000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.641] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0153.641] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e7b0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="SettingSyncCore.dll") returned 0x13 [0153.649] CoTaskMemFree (pv=0x6b1140) [0153.649] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0153.650] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e7b0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll")) returned 0x27 [0153.657] CoTaskMemFree (pv=0x6b2ac0) [0153.657] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bd20000, lpmodinfo=0x2752670, cb=0x18 | out: lpmodinfo=0x2752670*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.664] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0153.664] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0153.672] CoTaskMemFree (pv=0x6b08c0) [0153.672] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0153.672] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0153.680] CoTaskMemFree (pv=0x6b0040) [0153.680] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e8b0000, lpmodinfo=0x2754818, cb=0x18 | out: lpmodinfo=0x2754818*(lpBaseOfDll=0x7ff86e8b0000, SizeOfImage=0x15000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.687] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0153.687] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e8b0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="settingsyncpolicy.dll") returned 0x15 [0153.694] CoTaskMemFree (pv=0x6b2240) [0153.694] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0153.694] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e8b0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\settingsyncpolicy.dll" (normalized: "c:\\windows\\system32\\settingsyncpolicy.dll")) returned 0x29 [0153.702] CoTaskMemFree (pv=0x6b2240) [0153.702] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878830000, lpmodinfo=0x27569f0, cb=0x18 | out: lpmodinfo=0x27569f0*(lpBaseOfDll=0x7ff878830000, SizeOfImage=0x55000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.709] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0153.709] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878830000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="policymanager.dll") returned 0x11 [0153.717] CoTaskMemFree (pv=0x6b2ac0) [0153.717] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0153.717] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878830000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")) returned 0x25 [0153.725] CoTaskMemFree (pv=0x6b2ac0) [0153.725] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878e80000, lpmodinfo=0x2758bb8, cb=0x18 | out: lpmodinfo=0x2758bb8*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.732] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0153.732] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878e80000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0153.740] CoTaskMemFree (pv=0x6b19c0) [0153.741] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0153.741] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878e80000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0153.749] CoTaskMemFree (pv=0x6b2240) [0153.749] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e6e0000, lpmodinfo=0x275ad80, cb=0x18 | out: lpmodinfo=0x275ad80*(lpBaseOfDll=0x7ff86e6e0000, SizeOfImage=0xce000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.756] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0153.756] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e6e0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="TokenBroker.dll") returned 0xf [0153.764] CoTaskMemFree (pv=0x6b08c0) [0153.764] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0153.764] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e6e0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll")) returned 0x23 [0153.771] CoTaskMemFree (pv=0x6b1140) [0153.771] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff876870000, lpmodinfo=0x275cf38, cb=0x18 | out: lpmodinfo=0x275cf38*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.779] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0153.779] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff876870000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0153.786] CoTaskMemFree (pv=0x6b1140) [0153.786] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0153.786] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff876870000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0153.794] CoTaskMemFree (pv=0x6b0040) [0153.794] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ad00000, lpmodinfo=0x275f0f0, cb=0x18 | out: lpmodinfo=0x275f0f0*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.801] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0153.802] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0153.810] CoTaskMemFree (pv=0x6b2ac0) [0153.811] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0153.811] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0153.818] CoTaskMemFree (pv=0x6b0040) [0153.818] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875450000, lpmodinfo=0x27612a8, cb=0x18 | out: lpmodinfo=0x27612a8*(lpBaseOfDll=0x7ff875450000, SizeOfImage=0x28000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.826] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0153.826] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875450000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="IDStore.dll") returned 0xb [0153.834] CoTaskMemFree (pv=0x6b08c0) [0153.834] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0153.834] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875450000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll")) returned 0x1f [0153.842] CoTaskMemFree (pv=0x6b3340) [0153.842] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87aca0000, lpmodinfo=0x2763450, cb=0x18 | out: lpmodinfo=0x2763450*(lpBaseOfDll=0x7ff87aca0000, SizeOfImage=0x1c000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.851] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0153.851] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87aca0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="SAMLIB.dll") returned 0xa [0153.859] CoTaskMemFree (pv=0x6b19c0) [0153.859] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0153.859] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87aca0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SAMLIB.dll" (normalized: "c:\\windows\\system32\\samlib.dll")) returned 0x1e [0153.867] CoTaskMemFree (pv=0x6b19c0) [0153.868] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff861500000, lpmodinfo=0x27655f8, cb=0x18 | out: lpmodinfo=0x27655f8*(lpBaseOfDll=0x7ff861500000, SizeOfImage=0xc5000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.876] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0153.876] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff861500000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="msfeeds.dll") returned 0xb [0153.884] CoTaskMemFree (pv=0x6b08c0) [0153.884] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0153.885] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff861500000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msfeeds.dll" (normalized: "c:\\windows\\system32\\msfeeds.dll")) returned 0x1f [0153.893] CoTaskMemFree (pv=0x6b19c0) [0153.893] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875230000, lpmodinfo=0x27677a0, cb=0x18 | out: lpmodinfo=0x27677a0*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.901] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0153.901] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875230000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0153.909] CoTaskMemFree (pv=0x6b19c0) [0153.909] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0153.909] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875230000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0153.917] CoTaskMemFree (pv=0x6b2ac0) [0153.917] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpmodinfo=0x2769948, cb=0x18 | out: lpmodinfo=0x2769948*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.926] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0153.926] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0153.934] CoTaskMemFree (pv=0x6b2ac0) [0153.934] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0153.934] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0153.947] CoTaskMemFree (pv=0x6b19c0) [0153.947] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8614e0000, lpmodinfo=0x276bb00, cb=0x18 | out: lpmodinfo=0x276bb00*(lpBaseOfDll=0x7ff8614e0000, SizeOfImage=0x16000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.957] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0153.958] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8614e0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="msfeedsbs.dll") returned 0xd [0153.966] CoTaskMemFree (pv=0x6b19c0) [0153.966] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0153.966] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8614e0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msfeedsbs.dll" (normalized: "c:\\windows\\system32\\msfeedsbs.dll")) returned 0x21 [0153.974] CoTaskMemFree (pv=0x6b3340) [0153.974] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878230000, lpmodinfo=0x276dcb8, cb=0x18 | out: lpmodinfo=0x276dcb8*(lpBaseOfDll=0x7ff878230000, SizeOfImage=0xbf000, EntryPoint=0x7ff864243ba0)) returned 1 [0153.984] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0153.984] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878230000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0153.993] CoTaskMemFree (pv=0x6b0040) [0153.993] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0153.993] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878230000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0154.002] CoTaskMemFree (pv=0x6b2ac0) [0154.002] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c480000, lpmodinfo=0x257ccb0, cb=0x18 | out: lpmodinfo=0x257ccb0*(lpBaseOfDll=0x7ff87c480000, SizeOfImage=0x99000, EntryPoint=0x7ff864243ba0)) returned 1 [0154.010] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.010] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c480000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="sxs.dll") returned 0x7 [0154.018] CoTaskMemFree (pv=0x6b1140) [0154.018] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.019] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c480000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0154.029] CoTaskMemFree (pv=0x6b3340) [0154.029] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd10000, lpmodinfo=0x257ee48, cb=0x18 | out: lpmodinfo=0x257ee48*(lpBaseOfDll=0x7ff87fd10000, SizeOfImage=0x1c000, EntryPoint=0x7ff864243ba0)) returned 1 [0154.037] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.037] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd10000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="imagehlp.dll") returned 0xc [0154.046] CoTaskMemFree (pv=0x6b1140) [0154.046] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.046] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd10000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\imagehlp.dll" (normalized: "c:\\windows\\system32\\imagehlp.dll")) returned 0x20 [0154.055] CoTaskMemFree (pv=0x6b3340) [0154.055] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872970000, lpmodinfo=0x2581000, cb=0x18 | out: lpmodinfo=0x2581000*(lpBaseOfDll=0x7ff872970000, SizeOfImage=0x9c000, EntryPoint=0x7ff864243ba0)) returned 1 [0154.064] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.064] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872970000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="efswrt.dll") returned 0xa [0154.072] CoTaskMemFree (pv=0x6b0040) [0154.072] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.072] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872970000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\efswrt.dll" (normalized: "c:\\windows\\system32\\efswrt.dll")) returned 0x1e [0154.081] CoTaskMemFree (pv=0x6b2ac0) [0154.081] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8727c0000, lpmodinfo=0x25831a8, cb=0x18 | out: lpmodinfo=0x25831a8*(lpBaseOfDll=0x7ff8727c0000, SizeOfImage=0x40000, EntryPoint=0x7ff864243ba0)) returned 1 [0154.090] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.090] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8727c0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0154.099] CoTaskMemFree (pv=0x6b0040) [0154.099] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.099] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8727c0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0154.108] CoTaskMemFree (pv=0x6b08c0) [0154.108] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874a90000, lpmodinfo=0x2585360, cb=0x18 | out: lpmodinfo=0x2585360*(lpBaseOfDll=0x7ff874a90000, SizeOfImage=0xe000, EntryPoint=0x7ff864243ba0)) returned 1 [0154.116] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.116] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874a90000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0154.125] CoTaskMemFree (pv=0x6b1140) [0154.125] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.125] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874a90000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0154.134] CoTaskMemFree (pv=0x6b2240) [0154.134] CloseHandle (hObject=0x260) returned 1 [0154.135] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0154.135] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x12c) returned 0x0 [0154.135] EnumProcesses (in: lpidProcess=0x2589d30, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x2589d30, lpcbNeeded=0x14ee58) returned 1 [0154.142] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x14eab0, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0154.145] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x378) returned 0x260 [0154.145] EnumProcessModules (in: hProcess=0x260, lphModule=0x258aa38, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x258aa38, lpcbNeeded=0x14ef68) returned 1 [0154.150] EnumProcessModules (in: hProcess=0x260, lphModule=0x258ac50, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x258ac50, lpcbNeeded=0x14ef68) returned 1 [0154.157] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff6a3140000, lpmodinfo=0x258b0c0, cb=0x18 | out: lpmodinfo=0x258b0c0*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0154.157] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.157] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0154.158] CoTaskMemFree (pv=0x6b2ac0) [0154.158] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.158] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0154.158] CoTaskMemFree (pv=0x6b08c0) [0154.158] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x258d2a0, cb=0x18 | out: lpmodinfo=0x258d2a0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0154.159] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.159] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0154.159] CoTaskMemFree (pv=0x6b1140) [0154.159] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.159] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0154.160] CoTaskMemFree (pv=0x6b1140) [0154.160] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x258f448, cb=0x18 | out: lpmodinfo=0x258f448*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0154.160] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.160] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0154.161] CoTaskMemFree (pv=0x6b08c0) [0154.161] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.161] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0154.162] CoTaskMemFree (pv=0x6b3340) [0154.162] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x2591600, cb=0x18 | out: lpmodinfo=0x2591600*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0154.162] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.163] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0154.163] CoTaskMemFree (pv=0x6b1140) [0154.163] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.164] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0154.165] CoTaskMemFree (pv=0x6b2240) [0154.166] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x25937b8, cb=0x18 | out: lpmodinfo=0x25937b8*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0154.166] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.167] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0154.167] CoTaskMemFree (pv=0x6b2ac0) [0154.168] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.168] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0154.168] CoTaskMemFree (pv=0x6b19c0) [0154.169] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x25959b8, cb=0x18 | out: lpmodinfo=0x25959b8*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0154.169] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.169] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0154.170] CoTaskMemFree (pv=0x6b0040) [0154.170] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.170] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0154.171] CoTaskMemFree (pv=0x6b2ac0) [0154.171] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b760000, lpmodinfo=0x2597b60, cb=0x18 | out: lpmodinfo=0x2597b60*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0154.172] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.172] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b760000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0154.174] CoTaskMemFree (pv=0x6b2ac0) [0154.174] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.174] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b760000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0154.175] CoTaskMemFree (pv=0x6b2240) [0154.175] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x2599d18, cb=0x18 | out: lpmodinfo=0x2599d18*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0154.176] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.176] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0154.177] CoTaskMemFree (pv=0x6b0040) [0154.177] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.177] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0154.178] CoTaskMemFree (pv=0x6b2240) [0154.178] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x259bec0, cb=0x18 | out: lpmodinfo=0x259bec0*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0154.179] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.179] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0154.180] CoTaskMemFree (pv=0x6b1140) [0154.180] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.181] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0154.182] CoTaskMemFree (pv=0x6b19c0) [0154.182] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x259e100, cb=0x18 | out: lpmodinfo=0x259e100*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0154.183] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.183] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0154.184] CoTaskMemFree (pv=0x6b19c0) [0154.184] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.184] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0154.186] CoTaskMemFree (pv=0x6b08c0) [0154.186] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x25a02d8, cb=0x18 | out: lpmodinfo=0x25a02d8*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0154.187] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.187] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0154.188] CoTaskMemFree (pv=0x6b08c0) [0154.188] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.188] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0154.189] CoTaskMemFree (pv=0x6b1140) [0154.189] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x25a24a0, cb=0x18 | out: lpmodinfo=0x25a24a0*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0154.190] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.190] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0154.192] CoTaskMemFree (pv=0x6b0040) [0154.192] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.192] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0154.193] CoTaskMemFree (pv=0x6b19c0) [0154.193] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x25a4648, cb=0x18 | out: lpmodinfo=0x25a4648*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0154.195] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.195] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0154.196] CoTaskMemFree (pv=0x6b3340) [0154.197] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.197] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0154.198] CoTaskMemFree (pv=0x6b19c0) [0154.198] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8798c0000, lpmodinfo=0x25a67f0, cb=0x18 | out: lpmodinfo=0x25a67f0*(lpBaseOfDll=0x7ff8798c0000, SizeOfImage=0xb000, EntryPoint=0x7ff8798c1cd0)) returned 1 [0154.200] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.200] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8798c0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="lmhsvc.dll") returned 0xa [0154.201] CoTaskMemFree (pv=0x6b19c0) [0154.202] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.202] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8798c0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\lmhsvc.dll" (normalized: "c:\\windows\\system32\\lmhsvc.dll")) returned 0x1e [0154.203] CoTaskMemFree (pv=0x6b08c0) [0154.203] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87eed0000, lpmodinfo=0x25a8998, cb=0x18 | out: lpmodinfo=0x25a8998*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0154.205] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.205] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0154.206] CoTaskMemFree (pv=0x6b2240) [0154.207] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.207] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0154.208] CoTaskMemFree (pv=0x6b2ac0) [0154.209] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8798b0000, lpmodinfo=0x25aab40, cb=0x18 | out: lpmodinfo=0x25aab40*(lpBaseOfDll=0x7ff8798b0000, SizeOfImage=0x9000, EntryPoint=0x7ff8798b19a0)) returned 1 [0154.210] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.210] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8798b0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="nrpsrv.DLL") returned 0xa [0154.212] CoTaskMemFree (pv=0x6b3340) [0154.212] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.212] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8798b0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nrpsrv.DLL" (normalized: "c:\\windows\\system32\\nrpsrv.dll")) returned 0x1e [0154.214] CoTaskMemFree (pv=0x6b08c0) [0154.214] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878960000, lpmodinfo=0x25acce8, cb=0x18 | out: lpmodinfo=0x25acce8*(lpBaseOfDll=0x7ff878960000, SizeOfImage=0x1b1000, EntryPoint=0x7ff8789b3690)) returned 1 [0154.216] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.216] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878960000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wevtsvc.dll") returned 0xb [0154.232] CoTaskMemFree (pv=0x6b19c0) [0154.233] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.233] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878960000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wevtsvc.dll" (normalized: "c:\\windows\\system32\\wevtsvc.dll")) returned 0x1f [0154.235] CoTaskMemFree (pv=0x6b2240) [0154.235] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x25aefa8, cb=0x18 | out: lpmodinfo=0x25aefa8*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0154.236] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.236] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0154.238] CoTaskMemFree (pv=0x6b0040) [0154.238] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.238] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0154.240] CoTaskMemFree (pv=0x6b1140) [0154.240] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x25b1150, cb=0x18 | out: lpmodinfo=0x25b1150*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0154.242] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.242] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="sspicli.dll") returned 0xb [0154.244] CoTaskMemFree (pv=0x6b2240) [0154.244] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.244] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0154.246] CoTaskMemFree (pv=0x6b1140) [0154.246] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x25b32f8, cb=0x18 | out: lpmodinfo=0x25b32f8*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0154.248] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.248] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0154.251] CoTaskMemFree (pv=0x6b3340) [0154.251] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.251] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0154.253] CoTaskMemFree (pv=0x6b1140) [0154.253] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87be90000, lpmodinfo=0x25b54b0, cb=0x18 | out: lpmodinfo=0x25b54b0*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0154.255] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.255] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87be90000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0154.257] CoTaskMemFree (pv=0x6b19c0) [0154.257] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.257] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87be90000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0154.260] CoTaskMemFree (pv=0x6b0040) [0154.260] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpmodinfo=0x25b7658, cb=0x18 | out: lpmodinfo=0x25b7658*(lpBaseOfDll=0x7ff87b5c0000, SizeOfImage=0x24000, EntryPoint=0x7ff87b5c3260)) returned 1 [0154.262] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.263] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="gpapi.dll") returned 0x9 [0154.265] CoTaskMemFree (pv=0x6b3340) [0154.265] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.265] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0154.267] CoTaskMemFree (pv=0x6b3340) [0154.267] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bab0000, lpmodinfo=0x25b9800, cb=0x18 | out: lpmodinfo=0x25b9800*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0154.269] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.270] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0154.272] CoTaskMemFree (pv=0x6b2ac0) [0154.272] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.272] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0154.274] CoTaskMemFree (pv=0x6b08c0) [0154.274] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875b50000, lpmodinfo=0x25bb9a8, cb=0x18 | out: lpmodinfo=0x25bb9a8*(lpBaseOfDll=0x7ff875b50000, SizeOfImage=0x10b000, EntryPoint=0x7ff875b92610)) returned 1 [0154.276] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.276] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875b50000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="audiosrv.dll") returned 0xc [0154.279] CoTaskMemFree (pv=0x6b0040) [0154.279] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.279] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875b50000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\audiosrv.dll" (normalized: "c:\\windows\\system32\\audiosrv.dll")) returned 0x20 [0154.281] CoTaskMemFree (pv=0x6b2ac0) [0154.282] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x25bdb60, cb=0x18 | out: lpmodinfo=0x25bdb60*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0154.284] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.284] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0154.287] CoTaskMemFree (pv=0x6b2ac0) [0154.287] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.287] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0154.289] CoTaskMemFree (pv=0x6b19c0) [0154.290] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878090000, lpmodinfo=0x25bfd18, cb=0x18 | out: lpmodinfo=0x25bfd18*(lpBaseOfDll=0x7ff878090000, SizeOfImage=0x70000, EntryPoint=0x7ff8780b2960)) returned 1 [0154.292] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.292] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878090000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="MMDevAPI.DLL") returned 0xc [0154.294] CoTaskMemFree (pv=0x6b2240) [0154.294] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.295] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878090000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\MMDevAPI.DLL" (normalized: "c:\\windows\\system32\\mmdevapi.dll")) returned 0x20 [0154.297] CoTaskMemFree (pv=0x6b0040) [0154.297] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87afe0000, lpmodinfo=0x25c1ed0, cb=0x18 | out: lpmodinfo=0x25c1ed0*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0154.299] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.300] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87afe0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0154.302] CoTaskMemFree (pv=0x6b2ac0) [0154.302] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.303] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87afe0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0154.305] CoTaskMemFree (pv=0x6b3340) [0154.305] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x25c4078, cb=0x18 | out: lpmodinfo=0x25c4078*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0154.308] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.308] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0154.310] CoTaskMemFree (pv=0x6b08c0) [0154.310] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.311] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0154.313] CoTaskMemFree (pv=0x6b2ac0) [0154.314] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ab10000, lpmodinfo=0x25c6230, cb=0x18 | out: lpmodinfo=0x25c6230*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0154.316] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.316] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ab10000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0154.319] CoTaskMemFree (pv=0x6b0040) [0154.319] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.319] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ab10000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0154.323] CoTaskMemFree (pv=0x6b2240) [0154.323] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875ae0000, lpmodinfo=0x25c83d8, cb=0x18 | out: lpmodinfo=0x25c83d8*(lpBaseOfDll=0x7ff875ae0000, SizeOfImage=0x5d000, EntryPoint=0x7ff875af2bf0)) returned 1 [0154.326] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.326] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875ae0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="dhcpcore.dll") returned 0xc [0154.328] CoTaskMemFree (pv=0x6b3340) [0154.329] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.329] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875ae0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcore.dll" (normalized: "c:\\windows\\system32\\dhcpcore.dll")) returned 0x20 [0154.332] CoTaskMemFree (pv=0x6b2240) [0154.332] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b030000, lpmodinfo=0x25ca590, cb=0x18 | out: lpmodinfo=0x25ca590*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0154.335] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.335] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b030000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0154.337] CoTaskMemFree (pv=0x6b1140) [0154.337] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.338] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b030000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0154.340] CoTaskMemFree (pv=0x6b2ac0) [0154.341] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87efa0000, lpmodinfo=0x25cc738, cb=0x18 | out: lpmodinfo=0x25cc738*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0154.344] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.344] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0154.346] CoTaskMemFree (pv=0x6b1140) [0154.346] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.347] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0154.349] CoTaskMemFree (pv=0x6b19c0) [0154.350] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87cdb0000, lpmodinfo=0x25ce8d0, cb=0x18 | out: lpmodinfo=0x25ce8d0*(lpBaseOfDll=0x7ff87cdb0000, SizeOfImage=0x86000, EntryPoint=0x7ff87cdbd8f0)) returned 1 [0154.352] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.353] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87cdb0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="firewallapi.dll") returned 0xf [0154.356] CoTaskMemFree (pv=0x6b2240) [0154.356] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.356] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87cdb0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\firewallapi.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0154.359] CoTaskMemFree (pv=0x6b2240) [0154.361] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b340000, lpmodinfo=0x25d0ca0, cb=0x18 | out: lpmodinfo=0x25d0ca0*(lpBaseOfDll=0x7ff87b340000, SizeOfImage=0x32000, EntryPoint=0x7ff87b352340)) returned 1 [0154.364] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.364] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b340000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="fwbase.dll") returned 0xa [0154.367] CoTaskMemFree (pv=0x6b19c0) [0154.367] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.367] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b340000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")) returned 0x1e [0154.370] CoTaskMemFree (pv=0x6b0040) [0154.370] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x25d2e48, cb=0x18 | out: lpmodinfo=0x25d2e48*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0154.373] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.373] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0154.376] CoTaskMemFree (pv=0x6b3340) [0154.376] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.377] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0154.380] CoTaskMemFree (pv=0x6b19c0) [0154.380] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpmodinfo=0x25d4ff0, cb=0x18 | out: lpmodinfo=0x25d4ff0*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0154.383] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.383] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="winsta.dll") returned 0xa [0154.386] CoTaskMemFree (pv=0x6b2ac0) [0154.386] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.387] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0154.390] CoTaskMemFree (pv=0x6b1140) [0154.390] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ad00000, lpmodinfo=0x25d7198, cb=0x18 | out: lpmodinfo=0x25d7198*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0154.394] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.394] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0154.397] CoTaskMemFree (pv=0x6b08c0) [0154.397] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.397] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0154.400] CoTaskMemFree (pv=0x6b1140) [0154.400] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8754c0000, lpmodinfo=0x25d9350, cb=0x18 | out: lpmodinfo=0x25d9350*(lpBaseOfDll=0x7ff8754c0000, SizeOfImage=0x99000, EntryPoint=0x7ff8754da090)) returned 1 [0154.404] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.404] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8754c0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wcmsvc.dll") returned 0xa [0154.407] CoTaskMemFree (pv=0x6b2240) [0154.408] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.408] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8754c0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wcmsvc.dll" (normalized: "c:\\windows\\system32\\wcmsvc.dll")) returned 0x1e [0154.411] CoTaskMemFree (pv=0x6b0040) [0154.411] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d170000, lpmodinfo=0x25db4f8, cb=0x18 | out: lpmodinfo=0x25db4f8*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0154.414] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.414] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d170000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0154.418] CoTaskMemFree (pv=0x6b1140) [0154.418] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.418] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d170000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0154.421] CoTaskMemFree (pv=0x6b3340) [0154.421] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpmodinfo=0x25dd6a0, cb=0x18 | out: lpmodinfo=0x25dd6a0*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0154.425] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.425] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0154.429] CoTaskMemFree (pv=0x6b3340) [0154.429] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.429] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0154.433] CoTaskMemFree (pv=0x6b19c0) [0154.433] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x25df848, cb=0x18 | out: lpmodinfo=0x25df848*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0154.437] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.437] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0154.441] CoTaskMemFree (pv=0x6b2240) [0154.441] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.441] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0154.445] CoTaskMemFree (pv=0x6b19c0) [0154.445] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875480000, lpmodinfo=0x25e1a00, cb=0x18 | out: lpmodinfo=0x25e1a00*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0154.449] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.449] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875480000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0154.453] CoTaskMemFree (pv=0x6b3340) [0154.453] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.453] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875480000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0154.457] CoTaskMemFree (pv=0x6b0040) [0154.457] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8752e0000, lpmodinfo=0x25e3bb8, cb=0x18 | out: lpmodinfo=0x25e3bb8*(lpBaseOfDll=0x7ff8752e0000, SizeOfImage=0x38000, EntryPoint=0x7ff8752e68f0)) returned 1 [0154.460] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.460] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8752e0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wcmcsp.dll") returned 0xa [0154.466] CoTaskMemFree (pv=0x6b1140) [0154.466] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.467] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8752e0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wcmcsp.dll" (normalized: "c:\\windows\\system32\\wcmcsp.dll")) returned 0x1e [0154.471] CoTaskMemFree (pv=0x6b2240) [0154.471] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875d20000, lpmodinfo=0x25e5d60, cb=0x18 | out: lpmodinfo=0x25e5d60*(lpBaseOfDll=0x7ff875d20000, SizeOfImage=0x11000, EntryPoint=0x7ff875d23320)) returned 1 [0154.475] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.475] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875d20000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="WMICLNT.dll") returned 0xb [0154.479] CoTaskMemFree (pv=0x6b2240) [0154.479] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.479] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875d20000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WMICLNT.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")) returned 0x1f [0154.483] CoTaskMemFree (pv=0x6b2240) [0154.483] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8752d0000, lpmodinfo=0x25e7f08, cb=0x18 | out: lpmodinfo=0x25e7f08*(lpBaseOfDll=0x7ff8752d0000, SizeOfImage=0xe000, EntryPoint=0x7ff8752d2e50)) returned 1 [0154.487] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.488] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8752d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="cmintegrator.dll") returned 0x10 [0154.491] CoTaskMemFree (pv=0x6b2ac0) [0154.498] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.499] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8752d0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cmintegrator.dll" (normalized: "c:\\windows\\system32\\cmintegrator.dll")) returned 0x24 [0154.503] CoTaskMemFree (pv=0x6b19c0) [0154.503] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875270000, lpmodinfo=0x25ea0d0, cb=0x18 | out: lpmodinfo=0x25ea0d0*(lpBaseOfDll=0x7ff875270000, SizeOfImage=0x16000, EntryPoint=0x7ff8752719f0)) returned 1 [0154.507] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.509] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875270000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0154.513] CoTaskMemFree (pv=0x6b2ac0) [0154.513] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.514] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875270000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0154.517] CoTaskMemFree (pv=0x6b08c0) [0154.517] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875250000, lpmodinfo=0x25ec288, cb=0x18 | out: lpmodinfo=0x25ec288*(lpBaseOfDll=0x7ff875250000, SizeOfImage=0x1a000, EntryPoint=0x7ff875252430)) returned 1 [0154.522] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.522] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875250000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0154.526] CoTaskMemFree (pv=0x6b2240) [0154.526] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.526] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875250000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0154.530] CoTaskMemFree (pv=0x6b2240) [0154.531] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8786b0000, lpmodinfo=0x25ee440, cb=0x18 | out: lpmodinfo=0x25ee440*(lpBaseOfDll=0x7ff8786b0000, SizeOfImage=0x18000, EntryPoint=0x7ff8786b5910)) returned 1 [0154.534] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.535] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8786b0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="nlaapi.dll") returned 0xa [0154.539] CoTaskMemFree (pv=0x6b2ac0) [0154.539] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.539] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8786b0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0154.543] CoTaskMemFree (pv=0x6b1140) [0154.543] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8750e0000, lpmodinfo=0x25f05e8, cb=0x18 | out: lpmodinfo=0x25f05e8*(lpBaseOfDll=0x7ff8750e0000, SizeOfImage=0x48000, EntryPoint=0x7ff8750ea1e0)) returned 1 [0154.551] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.552] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8750e0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="dhcpcore6.dll") returned 0xd [0154.556] CoTaskMemFree (pv=0x6b19c0) [0154.556] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.556] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8750e0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dhcpcore6.dll" (normalized: "c:\\windows\\system32\\dhcpcore6.dll")) returned 0x21 [0154.561] CoTaskMemFree (pv=0x6b2ac0) [0154.562] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8750d0000, lpmodinfo=0x25f27a0, cb=0x18 | out: lpmodinfo=0x25f27a0*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0154.566] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.566] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0154.571] CoTaskMemFree (pv=0x6b2240) [0154.571] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.571] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0154.576] CoTaskMemFree (pv=0x6b1140) [0154.576] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c060000, lpmodinfo=0x25f4948, cb=0x18 | out: lpmodinfo=0x25f4948*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0154.580] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.580] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c060000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0154.585] CoTaskMemFree (pv=0x6b19c0) [0154.585] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.585] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c060000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0154.590] CoTaskMemFree (pv=0x6b1140) [0154.590] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff866b90000, lpmodinfo=0x25f6b00, cb=0x18 | out: lpmodinfo=0x25f6b00*(lpBaseOfDll=0x7ff866b90000, SizeOfImage=0x1b8000, EntryPoint=0x7ff866b95550)) returned 1 [0154.594] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.595] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff866b90000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="WMALFXGFXDSP.dll") returned 0x10 [0154.599] CoTaskMemFree (pv=0x6b3340) [0154.599] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.599] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff866b90000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WMALFXGFXDSP.dll" (normalized: "c:\\windows\\system32\\wmalfxgfxdsp.dll")) returned 0x24 [0154.604] CoTaskMemFree (pv=0x6b1140) [0154.604] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpmodinfo=0x25f8cc8, cb=0x18 | out: lpmodinfo=0x25f8cc8*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0154.608] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.609] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0154.613] CoTaskMemFree (pv=0x6b3340) [0154.613] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.613] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0154.618] CoTaskMemFree (pv=0x6b1140) [0154.618] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874590000, lpmodinfo=0x25fae70, cb=0x18 | out: lpmodinfo=0x25fae70*(lpBaseOfDll=0x7ff874590000, SizeOfImage=0x10d000, EntryPoint=0x7ff8745bf420)) returned 1 [0154.670] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.670] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874590000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="mfplat.DLL") returned 0xa [0154.675] CoTaskMemFree (pv=0x6b2240) [0154.675] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.675] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874590000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\mfplat.DLL" (normalized: "c:\\windows\\system32\\mfplat.dll")) returned 0x1e [0154.679] CoTaskMemFree (pv=0x6b08c0) [0154.679] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874560000, lpmodinfo=0x25fd018, cb=0x18 | out: lpmodinfo=0x25fd018*(lpBaseOfDll=0x7ff874560000, SizeOfImage=0x2b000, EntryPoint=0x7ff87456c3c0)) returned 1 [0154.684] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.684] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874560000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="RTWorkQ.DLL") returned 0xb [0154.689] CoTaskMemFree (pv=0x6b1140) [0154.689] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.689] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874560000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RTWorkQ.DLL" (normalized: "c:\\windows\\system32\\rtworkq.dll")) returned 0x1f [0154.694] CoTaskMemFree (pv=0x6b2240) [0154.694] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878df0000, lpmodinfo=0x25ff1c0, cb=0x18 | out: lpmodinfo=0x25ff1c0*(lpBaseOfDll=0x7ff878df0000, SizeOfImage=0x4a000, EntryPoint=0x7ff878dfac30)) returned 1 [0154.698] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.699] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878df0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="deviceaccess.dll") returned 0x10 [0154.704] CoTaskMemFree (pv=0x6b2240) [0154.705] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.705] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878df0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")) returned 0x24 [0154.710] CoTaskMemFree (pv=0x6b19c0) [0154.710] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff867de0000, lpmodinfo=0x2601388, cb=0x18 | out: lpmodinfo=0x2601388*(lpBaseOfDll=0x7ff867de0000, SizeOfImage=0x88000, EntryPoint=0x7ff867df4510)) returned 1 [0154.714] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.715] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff867de0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="audioses.dll") returned 0xc [0154.719] CoTaskMemFree (pv=0x6b2240) [0154.720] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.720] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff867de0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\audioses.dll" (normalized: "c:\\windows\\system32\\audioses.dll")) returned 0x20 [0154.724] CoTaskMemFree (pv=0x6b0040) [0154.725] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff876870000, lpmodinfo=0x2603540, cb=0x18 | out: lpmodinfo=0x2603540*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0154.729] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.729] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff876870000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0154.734] CoTaskMemFree (pv=0x6b0040) [0154.734] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.734] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff876870000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0154.739] CoTaskMemFree (pv=0x6b2ac0) [0154.740] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff865460000, lpmodinfo=0x26056f8, cb=0x18 | out: lpmodinfo=0x26056f8*(lpBaseOfDll=0x7ff865460000, SizeOfImage=0x33000, EntryPoint=0x7ff86546ae20)) returned 1 [0154.745] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.745] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff865460000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wscsvc.dll") returned 0xa [0154.750] CoTaskMemFree (pv=0x6b2ac0) [0154.750] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.750] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff865460000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wscsvc.dll" (normalized: "c:\\windows\\system32\\wscsvc.dll")) returned 0x1e [0154.755] CoTaskMemFree (pv=0x6b08c0) [0154.755] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpmodinfo=0x26078a0, cb=0x18 | out: lpmodinfo=0x26078a0*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0154.760] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.760] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0154.766] CoTaskMemFree (pv=0x6b0040) [0154.766] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.766] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0154.772] CoTaskMemFree (pv=0x6b19c0) [0154.772] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86efa0000, lpmodinfo=0x2609a58, cb=0x18 | out: lpmodinfo=0x2609a58*(lpBaseOfDll=0x7ff86efa0000, SizeOfImage=0x11000, EntryPoint=0x7ff86efa2fc0)) returned 1 [0154.777] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.777] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86efa0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0154.782] CoTaskMemFree (pv=0x6b1140) [0154.782] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.783] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86efa0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0154.788] CoTaskMemFree (pv=0x6b2240) [0154.788] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870c70000, lpmodinfo=0x260bc18, cb=0x18 | out: lpmodinfo=0x260bc18*(lpBaseOfDll=0x7ff870c70000, SizeOfImage=0x7f000, EntryPoint=0x7ff870c87110)) returned 1 [0154.793] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.793] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870c70000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wbemcomn.dll") returned 0xc [0154.798] CoTaskMemFree (pv=0x6b0040) [0154.798] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.798] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870c70000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")) returned 0x20 [0154.803] CoTaskMemFree (pv=0x6b08c0) [0154.803] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e970000, lpmodinfo=0x260ddd0, cb=0x18 | out: lpmodinfo=0x260ddd0*(lpBaseOfDll=0x7ff86e970000, SizeOfImage=0x14000, EntryPoint=0x7ff86e971800)) returned 1 [0154.809] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.809] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e970000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0154.814] CoTaskMemFree (pv=0x6b19c0) [0154.814] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.815] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e970000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0154.820] CoTaskMemFree (pv=0x6b3340) [0154.820] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e990000, lpmodinfo=0x260ff88, cb=0x18 | out: lpmodinfo=0x260ff88*(lpBaseOfDll=0x7ff86e990000, SizeOfImage=0xf6000, EntryPoint=0x7ff86e9c9590)) returned 1 [0154.825] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.825] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e990000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="fastprox.dll") returned 0xc [0154.831] CoTaskMemFree (pv=0x6b08c0) [0154.831] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.831] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e990000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0154.836] CoTaskMemFree (pv=0x6b08c0) [0154.836] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878b20000, lpmodinfo=0x2612148, cb=0x18 | out: lpmodinfo=0x2612148*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0154.842] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.843] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878b20000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="WINHTTP.dll") returned 0xb [0154.848] CoTaskMemFree (pv=0x6b0040) [0154.848] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.848] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878b20000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINHTTP.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0154.854] CoTaskMemFree (pv=0x6b3340) [0154.854] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bd20000, lpmodinfo=0x2614708, cb=0x18 | out: lpmodinfo=0x2614708*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0154.859] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.859] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0154.866] CoTaskMemFree (pv=0x6b19c0) [0154.866] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.866] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0154.872] CoTaskMemFree (pv=0x6b08c0) [0154.872] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x26168b0, cb=0x18 | out: lpmodinfo=0x26168b0*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0154.877] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.878] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0154.883] CoTaskMemFree (pv=0x6b3340) [0154.883] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.883] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0154.889] CoTaskMemFree (pv=0x6b0040) [0154.889] CloseHandle (hObject=0x260) returned 1 [0154.890] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0154.890] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x108c) returned 0x260 [0154.890] EnumProcessModules (in: hProcess=0x260, lphModule=0x261a4b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x261a4b0, lpcbNeeded=0x14ef68) returned 1 [0154.891] GetModuleInformation (in: hProcess=0x260, hModule=0xaf0000, lpmodinfo=0x261a720, cb=0x18 | out: lpmodinfo=0x261a720*(lpBaseOfDll=0xaf0000, SizeOfImage=0x17000, EntryPoint=0xaf14a1)) returned 1 [0154.891] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.891] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xaf0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="pidgin.exe") returned 0xa [0154.892] CoTaskMemFree (pv=0x6b2240) [0154.892] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.892] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xaf0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Journal\\pidgin.exe" (normalized: "c:\\program files\\windows journal\\pidgin.exe")) returned 0x2b [0154.892] CoTaskMemFree (pv=0x6b1140) [0154.892] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x261c918, cb=0x18 | out: lpmodinfo=0x261c918*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0154.893] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.893] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0154.893] CoTaskMemFree (pv=0x6b0040) [0154.893] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.893] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0154.894] CoTaskMemFree (pv=0x6b3340) [0154.894] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x261eac0, cb=0x18 | out: lpmodinfo=0x261eac0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0154.895] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.895] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0154.895] CoTaskMemFree (pv=0x6b19c0) [0154.895] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.895] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0154.896] CoTaskMemFree (pv=0x6b08c0) [0154.896] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x2620c68, cb=0x18 | out: lpmodinfo=0x2620c68*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0154.897] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.897] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0154.897] CoTaskMemFree (pv=0x6b2ac0) [0154.898] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.898] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0154.899] CoTaskMemFree (pv=0x6b2ac0) [0154.899] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x2622e20, cb=0x18 | out: lpmodinfo=0x2622e20*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0154.899] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.900] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0154.900] CoTaskMemFree (pv=0x6b08c0) [0154.900] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.900] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0154.901] CoTaskMemFree (pv=0x6b1140) [0154.901] CloseHandle (hObject=0x260) returned 1 [0154.901] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0154.901] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x6cc) returned 0x260 [0154.902] EnumProcessModules (in: hProcess=0x260, lphModule=0x2625538, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2625538, lpcbNeeded=0x14ef68) returned 1 [0154.910] EnumProcessModules (in: hProcess=0x260, lphModule=0x2625750, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x2625750, lpcbNeeded=0x14ef68) returned 1 [0154.919] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff767d70000, lpmodinfo=0x2625bc0, cb=0x18 | out: lpmodinfo=0x2625bc0*(lpBaseOfDll=0x7ff767d70000, SizeOfImage=0x2a9000, EntryPoint=0x7ff767d92188)) returned 1 [0154.919] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.919] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff767d70000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="OfficeClickToRun.exe") returned 0x14 [0154.920] CoTaskMemFree (pv=0x6b2240) [0154.920] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.920] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff767d70000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeClickToRun.exe" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\officeclicktorun.exe")) returned 0x4e [0154.921] CoTaskMemFree (pv=0x6b08c0) [0154.921] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2627e18, cb=0x18 | out: lpmodinfo=0x2627e18*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0154.921] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.921] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0154.922] CoTaskMemFree (pv=0x6b3340) [0154.922] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.922] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0154.923] CoTaskMemFree (pv=0x6b2240) [0154.923] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x2629fc0, cb=0x18 | out: lpmodinfo=0x2629fc0*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0154.923] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.923] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0154.924] CoTaskMemFree (pv=0x6b19c0) [0154.924] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.924] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0154.925] CoTaskMemFree (pv=0x6b2ac0) [0154.925] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x262c178, cb=0x18 | out: lpmodinfo=0x262c178*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0154.926] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.926] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0154.926] CoTaskMemFree (pv=0x6b1140) [0154.926] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.927] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0154.927] CoTaskMemFree (pv=0x6b2240) [0154.927] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x262e330, cb=0x18 | out: lpmodinfo=0x262e330*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0154.928] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.928] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0154.929] CoTaskMemFree (pv=0x6b2240) [0154.929] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.929] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0154.930] CoTaskMemFree (pv=0x6b3340) [0154.930] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x2630540, cb=0x18 | out: lpmodinfo=0x2630540*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0154.931] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.931] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0154.932] CoTaskMemFree (pv=0x6b3340) [0154.932] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.932] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0154.933] CoTaskMemFree (pv=0x6b1140) [0154.933] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x26326e8, cb=0x18 | out: lpmodinfo=0x26326e8*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0154.934] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.934] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0154.935] CoTaskMemFree (pv=0x6b1140) [0154.935] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.935] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0154.936] CoTaskMemFree (pv=0x6b3340) [0154.936] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x2634890, cb=0x18 | out: lpmodinfo=0x2634890*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0154.937] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.937] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0154.938] CoTaskMemFree (pv=0x6b1140) [0154.938] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.938] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0154.939] CoTaskMemFree (pv=0x6b08c0) [0154.939] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpmodinfo=0x2636a38, cb=0x18 | out: lpmodinfo=0x2636a38*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0154.940] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.940] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0154.941] CoTaskMemFree (pv=0x6b1140) [0154.941] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.941] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0154.942] CoTaskMemFree (pv=0x6b08c0) [0154.942] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x2638c78, cb=0x18 | out: lpmodinfo=0x2638c78*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0154.943] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.943] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0154.944] CoTaskMemFree (pv=0x6b0040) [0154.944] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.944] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0154.945] CoTaskMemFree (pv=0x6b3340) [0154.946] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x263ae20, cb=0x18 | out: lpmodinfo=0x263ae20*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0154.947] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.947] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0154.948] CoTaskMemFree (pv=0x6b2240) [0154.948] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.949] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0154.950] CoTaskMemFree (pv=0x6b19c0) [0154.950] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x263cff8, cb=0x18 | out: lpmodinfo=0x263cff8*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0154.951] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.951] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0154.953] CoTaskMemFree (pv=0x6b2ac0) [0154.953] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.953] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0154.954] CoTaskMemFree (pv=0x6b19c0) [0154.954] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x263f1a0, cb=0x18 | out: lpmodinfo=0x263f1a0*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0154.956] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.956] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0154.957] CoTaskMemFree (pv=0x6b2ac0) [0154.957] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.957] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0154.959] CoTaskMemFree (pv=0x6b08c0) [0154.959] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x2641348, cb=0x18 | out: lpmodinfo=0x2641348*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0154.961] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.961] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0154.963] CoTaskMemFree (pv=0x6b2240) [0154.963] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.963] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0154.964] CoTaskMemFree (pv=0x6b0040) [0154.964] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d340000, lpmodinfo=0x2643500, cb=0x18 | out: lpmodinfo=0x2643500*(lpBaseOfDll=0x7ff87d340000, SizeOfImage=0x55000, EntryPoint=0x7ff87d357970)) returned 1 [0154.966] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.966] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d340000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0154.967] CoTaskMemFree (pv=0x6b3340) [0154.968] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.968] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d340000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0154.970] CoTaskMemFree (pv=0x6b19c0) [0154.970] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpmodinfo=0x26456b8, cb=0x18 | out: lpmodinfo=0x26456b8*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0154.971] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0154.971] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0154.973] CoTaskMemFree (pv=0x6b0040) [0154.973] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.973] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0154.975] CoTaskMemFree (pv=0x6b3340) [0154.975] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d170000, lpmodinfo=0x2647860, cb=0x18 | out: lpmodinfo=0x2647860*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0154.976] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.976] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d170000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0154.978] CoTaskMemFree (pv=0x6b1140) [0154.978] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0154.978] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d170000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0154.980] CoTaskMemFree (pv=0x6b2240) [0154.980] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87eed0000, lpmodinfo=0x2649b20, cb=0x18 | out: lpmodinfo=0x2649b20*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0154.983] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0154.983] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0154.985] CoTaskMemFree (pv=0x6b3340) [0154.985] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0154.985] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0154.987] CoTaskMemFree (pv=0x6b1140) [0154.987] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87efb0000, lpmodinfo=0x264bcc8, cb=0x18 | out: lpmodinfo=0x264bcc8*(lpBaseOfDll=0x7ff87efb0000, SizeOfImage=0x429000, EntryPoint=0x7ff87efd8740)) returned 1 [0154.989] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.989] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87efb0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0154.990] CoTaskMemFree (pv=0x6b08c0) [0154.991] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0154.991] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87efb0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0154.993] CoTaskMemFree (pv=0x6b19c0) [0154.993] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x264de80, cb=0x18 | out: lpmodinfo=0x264de80*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0154.995] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0154.995] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="CFGMGR32.dll") returned 0xc [0154.996] CoTaskMemFree (pv=0x6b08c0) [0154.996] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0154.997] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CFGMGR32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0154.999] CoTaskMemFree (pv=0x6b2ac0) [0154.999] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8723e0000, lpmodinfo=0x2650038, cb=0x18 | out: lpmodinfo=0x2650038*(lpBaseOfDll=0x7ff8723e0000, SizeOfImage=0x17000, EntryPoint=0x7ff8723ec440)) returned 1 [0155.001] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.001] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8723e0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="VCRUNTIME140.dll") returned 0x10 [0155.003] CoTaskMemFree (pv=0x6b1140) [0155.003] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0155.003] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8723e0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\VCRUNTIME140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\vcruntime140.dll")) returned 0x4a [0155.005] CoTaskMemFree (pv=0x6b0040) [0155.005] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872340000, lpmodinfo=0x2652248, cb=0x18 | out: lpmodinfo=0x2652248*(lpBaseOfDll=0x7ff872340000, SizeOfImage=0x9e000, EntryPoint=0x7ff872389d40)) returned 1 [0155.007] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.007] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872340000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="MSVCP140.dll") returned 0xc [0155.009] CoTaskMemFree (pv=0x6b08c0) [0155.009] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0155.009] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872340000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\MSVCP140.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\msvcp140.dll")) returned 0x46 [0155.012] CoTaskMemFree (pv=0x6b3340) [0155.012] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b760000, lpmodinfo=0x2654448, cb=0x18 | out: lpmodinfo=0x2654448*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0155.014] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.014] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b760000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0155.016] CoTaskMemFree (pv=0x6b19c0) [0155.016] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.016] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b760000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0155.019] CoTaskMemFree (pv=0x6b1140) [0155.019] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872300000, lpmodinfo=0x2656600, cb=0x18 | out: lpmodinfo=0x2656600*(lpBaseOfDll=0x7ff872300000, SizeOfImage=0x33000, EntryPoint=0x7ff8723021f0)) returned 1 [0155.021] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.021] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872300000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="RstrtMgr.DLL") returned 0xc [0155.023] CoTaskMemFree (pv=0x6b1140) [0155.023] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.023] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872300000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\RstrtMgr.DLL" (normalized: "c:\\windows\\system32\\rstrtmgr.dll")) returned 0x20 [0155.025] CoTaskMemFree (pv=0x6b1140) [0155.025] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fb50000, lpmodinfo=0x26587b8, cb=0x18 | out: lpmodinfo=0x26587b8*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0155.028] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.029] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0155.031] CoTaskMemFree (pv=0x6b19c0) [0155.031] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.031] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0155.034] CoTaskMemFree (pv=0x6b19c0) [0155.034] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ad00000, lpmodinfo=0x265a960, cb=0x18 | out: lpmodinfo=0x265a960*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0155.036] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0155.036] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0155.039] CoTaskMemFree (pv=0x6b2240) [0155.039] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.039] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0155.042] CoTaskMemFree (pv=0x6b2ac0) [0155.042] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8722d0000, lpmodinfo=0x265cb18, cb=0x18 | out: lpmodinfo=0x265cb18*(lpBaseOfDll=0x7ff8722d0000, SizeOfImage=0x2a000, EntryPoint=0x7ff8722d5b40)) returned 1 [0155.044] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.044] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8722d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ApiClient.dll") returned 0xd [0155.046] CoTaskMemFree (pv=0x6b1140) [0155.046] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.047] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8722d0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\ApiClient.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\apiclient.dll")) returned 0x47 [0155.049] CoTaskMemFree (pv=0x6b19c0) [0155.049] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875480000, lpmodinfo=0x265ed18, cb=0x18 | out: lpmodinfo=0x265ed18*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0155.052] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0155.052] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875480000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0155.055] CoTaskMemFree (pv=0x6b0040) [0155.055] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0155.055] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875480000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0155.058] CoTaskMemFree (pv=0x6b3340) [0155.058] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878fc0000, lpmodinfo=0x2660ed0, cb=0x18 | out: lpmodinfo=0x2660ed0*(lpBaseOfDll=0x7ff878fc0000, SizeOfImage=0x29000, EntryPoint=0x7ff878fcca00)) returned 1 [0155.061] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.061] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878fc0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="Cabinet.dll") returned 0xb [0155.064] CoTaskMemFree (pv=0x6b1140) [0155.064] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.064] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878fc0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")) returned 0x1f [0155.067] CoTaskMemFree (pv=0x6b19c0) [0155.067] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c130000, lpmodinfo=0x2663078, cb=0x18 | out: lpmodinfo=0x2663078*(lpBaseOfDll=0x7ff87c130000, SizeOfImage=0x27000, EntryPoint=0x7ff87c140aa0)) returned 1 [0155.069] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0155.070] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c130000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0155.072] CoTaskMemFree (pv=0x6b2240) [0155.073] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0155.073] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c130000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0155.075] CoTaskMemFree (pv=0x6b2240) [0155.075] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x2665220, cb=0x18 | out: lpmodinfo=0x2665220*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0155.078] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.078] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0155.081] CoTaskMemFree (pv=0x6b1140) [0155.081] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0155.081] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0155.084] CoTaskMemFree (pv=0x6b3340) [0155.084] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c0f0000, lpmodinfo=0x26673c8, cb=0x18 | out: lpmodinfo=0x26673c8*(lpBaseOfDll=0x7ff87c0f0000, SizeOfImage=0x3a000, EntryPoint=0x7ff87c0f8d20)) returned 1 [0155.087] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0155.087] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c0f0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0155.090] CoTaskMemFree (pv=0x6b3340) [0155.090] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.090] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c0f0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0155.093] CoTaskMemFree (pv=0x6b08c0) [0155.093] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c060000, lpmodinfo=0x2669570, cb=0x18 | out: lpmodinfo=0x2669570*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0155.096] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0155.096] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c060000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="CRYPTBASE.DLL") returned 0xd [0155.098] CoTaskMemFree (pv=0x6b0040) [0155.099] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.099] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c060000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.DLL" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0155.101] CoTaskMemFree (pv=0x6b08c0) [0155.101] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872050000, lpmodinfo=0x266b940, cb=0x18 | out: lpmodinfo=0x266b940*(lpBaseOfDll=0x7ff872050000, SizeOfImage=0x274000, EntryPoint=0x7ff8720c0400)) returned 1 [0155.104] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.104] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872050000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="Comctl32.dll") returned 0xc [0155.107] CoTaskMemFree (pv=0x6b1140) [0155.107] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.108] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872050000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\Comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")) returned 0x79 [0155.111] CoTaskMemFree (pv=0x6b2ac0) [0155.111] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff871d40000, lpmodinfo=0x266dba8, cb=0x18 | out: lpmodinfo=0x266dba8*(lpBaseOfDll=0x7ff871d40000, SizeOfImage=0x304000, EntryPoint=0x7ff871de6094)) returned 1 [0155.114] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0155.114] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff871d40000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="mso20win32client.dll") returned 0x14 [0155.117] CoTaskMemFree (pv=0x6b2240) [0155.117] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0155.117] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff871d40000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\mso20win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\mso20win32client.dll")) returned 0x4e [0155.121] CoTaskMemFree (pv=0x6b3340) [0155.121] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8718c0000, lpmodinfo=0x266fdc8, cb=0x18 | out: lpmodinfo=0x266fdc8*(lpBaseOfDll=0x7ff8718c0000, SizeOfImage=0x478000, EntryPoint=0x7ff871939154)) returned 1 [0155.129] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0155.129] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8718c0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="mso30win32client.dll") returned 0x14 [0155.132] CoTaskMemFree (pv=0x6b3340) [0155.133] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.133] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8718c0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\mso30win32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\mso30win32client.dll")) returned 0x4e [0155.136] CoTaskMemFree (pv=0x6b2ac0) [0155.136] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870fd0000, lpmodinfo=0x2671fe8, cb=0x18 | out: lpmodinfo=0x2671fe8*(lpBaseOfDll=0x7ff870fd0000, SizeOfImage=0x8eb000, EntryPoint=0x7ff8710d5a48)) returned 1 [0155.139] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.139] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870fd0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="mso40uiwin32client.dll") returned 0x16 [0155.142] CoTaskMemFree (pv=0x6b1140) [0155.142] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0155.142] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870fd0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\mso40uiwin32client.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\mso40uiwin32client.dll")) returned 0x50 [0155.146] CoTaskMemFree (pv=0x6b0040) [0155.146] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870e10000, lpmodinfo=0x2674210, cb=0x18 | out: lpmodinfo=0x2674210*(lpBaseOfDll=0x7ff870e10000, SizeOfImage=0x1a9000, EntryPoint=0x7ff870e64060)) returned 1 [0155.149] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0155.149] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870e10000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0155.152] CoTaskMemFree (pv=0x6b2240) [0155.153] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.153] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870e10000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll")) returned 0x70 [0155.156] CoTaskMemFree (pv=0x6b19c0) [0155.156] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x2676460, cb=0x18 | out: lpmodinfo=0x2676460*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0155.159] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0155.159] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0155.172] CoTaskMemFree (pv=0x6b0040) [0155.172] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.172] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0155.175] CoTaskMemFree (pv=0x6b19c0) [0155.176] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872ad0000, lpmodinfo=0x2678628, cb=0x18 | out: lpmodinfo=0x2678628*(lpBaseOfDll=0x7ff872ad0000, SizeOfImage=0x33a000, EntryPoint=0x7ff872ad8520)) returned 1 [0155.179] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0155.179] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872ad0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="msi.dll") returned 0x7 [0155.183] CoTaskMemFree (pv=0x6b0040) [0155.183] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0155.183] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872ad0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll")) returned 0x1b [0155.186] CoTaskMemFree (pv=0x6b3340) [0155.186] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d650000, lpmodinfo=0x267a7c0, cb=0x18 | out: lpmodinfo=0x267a7c0*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0155.190] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.190] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d650000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0155.193] CoTaskMemFree (pv=0x6b1140) [0155.193] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.193] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d650000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0155.197] CoTaskMemFree (pv=0x6b2ac0) [0155.197] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c760000, lpmodinfo=0x267c968, cb=0x18 | out: lpmodinfo=0x267c968*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0155.200] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.201] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c760000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0155.204] CoTaskMemFree (pv=0x6b08c0) [0155.204] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0155.204] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c760000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0155.215] CoTaskMemFree (pv=0x6b3340) [0155.215] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c650000, lpmodinfo=0x267eb30, cb=0x18 | out: lpmodinfo=0x267eb30*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0155.233] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.234] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c650000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0155.237] CoTaskMemFree (pv=0x6b2ac0) [0155.238] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.238] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c650000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0155.242] CoTaskMemFree (pv=0x6b19c0) [0155.242] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x2680cd8, cb=0x18 | out: lpmodinfo=0x2680cd8*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0155.245] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.246] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0155.249] CoTaskMemFree (pv=0x6b1140) [0155.249] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0155.250] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0155.253] CoTaskMemFree (pv=0x6b2240) [0155.254] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x2682e90, cb=0x18 | out: lpmodinfo=0x2682e90*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0155.257] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.257] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0155.263] CoTaskMemFree (pv=0x6b2ac0) [0155.263] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0155.263] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0155.267] CoTaskMemFree (pv=0x6b0040) [0155.267] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879030000, lpmodinfo=0x2685038, cb=0x18 | out: lpmodinfo=0x2685038*(lpBaseOfDll=0x7ff879030000, SizeOfImage=0x545000, EntryPoint=0x7ff8791ca450)) returned 1 [0155.271] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.271] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879030000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="d2d1.dll") returned 0x8 [0155.275] CoTaskMemFree (pv=0x6b2ac0) [0155.275] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.275] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879030000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll")) returned 0x1c [0155.279] CoTaskMemFree (pv=0x6b2ac0) [0155.279] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpmodinfo=0x26871e0, cb=0x18 | out: lpmodinfo=0x26871e0*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0155.283] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.284] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0155.288] CoTaskMemFree (pv=0x6b2ac0) [0155.288] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.288] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0155.292] CoTaskMemFree (pv=0x6b2ac0) [0155.292] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878ff0000, lpmodinfo=0x2689388, cb=0x18 | out: lpmodinfo=0x2689388*(lpBaseOfDll=0x7ff878ff0000, SizeOfImage=0x36000, EntryPoint=0x7ff879000070)) returned 1 [0155.296] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.298] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878ff0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0155.302] CoTaskMemFree (pv=0x6b19c0) [0155.302] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0155.302] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878ff0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0155.306] CoTaskMemFree (pv=0x6b0040) [0155.306] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a230000, lpmodinfo=0x268b530, cb=0x18 | out: lpmodinfo=0x268b530*(lpBaseOfDll=0x7ff87a230000, SizeOfImage=0xa2000, EntryPoint=0x7ff87a250a40)) returned 1 [0155.310] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.310] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a230000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="dxgi.dll") returned 0x8 [0155.314] CoTaskMemFree (pv=0x6b08c0) [0155.314] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.314] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a230000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")) returned 0x1c [0155.318] CoTaskMemFree (pv=0x6b08c0) [0155.318] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870dc0000, lpmodinfo=0x268d6d8, cb=0x18 | out: lpmodinfo=0x268d6d8*(lpBaseOfDll=0x7ff870dc0000, SizeOfImage=0xc000, EntryPoint=0x7ff870dc35c0)) returned 1 [0155.322] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0155.322] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870dc0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="Secur32.dll") returned 0xb [0155.327] CoTaskMemFree (pv=0x6b0040) [0155.327] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.327] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870dc0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0155.331] CoTaskMemFree (pv=0x6b1140) [0155.331] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x268f880, cb=0x18 | out: lpmodinfo=0x268f880*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0155.335] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.335] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="SSPICLI.DLL") returned 0xb [0155.339] CoTaskMemFree (pv=0x6b08c0) [0155.339] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.340] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SSPICLI.DLL" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0155.344] CoTaskMemFree (pv=0x6b2ac0) [0155.344] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870d80000, lpmodinfo=0x2691a28, cb=0x18 | out: lpmodinfo=0x2691a28*(lpBaseOfDll=0x7ff870d80000, SizeOfImage=0xa000, EntryPoint=0x7ff870d81350)) returned 1 [0155.348] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0155.349] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870d80000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0155.353] CoTaskMemFree (pv=0x6b2240) [0155.353] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.353] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870d80000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0155.358] CoTaskMemFree (pv=0x6b08c0) [0155.358] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpmodinfo=0x2693bd0, cb=0x18 | out: lpmodinfo=0x2693bd0*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0155.362] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0155.362] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0155.368] CoTaskMemFree (pv=0x6b2240) [0155.369] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.369] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0155.373] CoTaskMemFree (pv=0x6b08c0) [0155.373] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870260000, lpmodinfo=0x2695d78, cb=0x18 | out: lpmodinfo=0x2695d78*(lpBaseOfDll=0x7ff870260000, SizeOfImage=0x105000, EntryPoint=0x7ff87026dae8)) returned 1 [0155.377] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0155.378] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870260000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="StreamServer.dll") returned 0x10 [0155.382] CoTaskMemFree (pv=0x6b3340) [0155.382] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0155.382] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870260000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\StreamServer.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\streamserver.dll")) returned 0x4a [0155.387] CoTaskMemFree (pv=0x6b0040) [0155.387] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8701d0000, lpmodinfo=0x2697f88, cb=0x18 | out: lpmodinfo=0x2697f88*(lpBaseOfDll=0x7ff8701d0000, SizeOfImage=0x82000, EntryPoint=0x7ff870221550)) returned 1 [0155.391] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.391] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8701d0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="msdelta.dll") returned 0xb [0155.396] CoTaskMemFree (pv=0x6b08c0) [0155.396] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0155.396] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8701d0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msdelta.dll" (normalized: "c:\\windows\\system32\\msdelta.dll")) returned 0x1f [0155.400] CoTaskMemFree (pv=0x6b2240) [0155.401] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bf40000, lpmodinfo=0x269a130, cb=0x18 | out: lpmodinfo=0x269a130*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0155.405] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0155.406] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="cryptsp.dll") returned 0xb [0155.410] CoTaskMemFree (pv=0x6b3340) [0155.411] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0155.411] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cryptsp.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0155.416] CoTaskMemFree (pv=0x6b2240) [0155.416] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpmodinfo=0x269c2d8, cb=0x18 | out: lpmodinfo=0x269c2d8*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0155.420] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.421] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0155.425] CoTaskMemFree (pv=0x6b19c0) [0155.426] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0155.426] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0155.431] CoTaskMemFree (pv=0x6b3340) [0155.431] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870150000, lpmodinfo=0x269e480, cb=0x18 | out: lpmodinfo=0x269e480*(lpBaseOfDll=0x7ff870150000, SizeOfImage=0x75000, EntryPoint=0x7ff87017d4f0)) returned 1 [0155.436] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0155.436] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870150000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="AppVIsvApi.dll") returned 0xe [0155.442] CoTaskMemFree (pv=0x6b2240) [0155.442] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.443] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870150000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppVIsvApi.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvapi.dll")) returned 0x48 [0155.447] CoTaskMemFree (pv=0x6b19c0) [0155.448] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d0a0000, lpmodinfo=0x26a0688, cb=0x18 | out: lpmodinfo=0x26a0688*(lpBaseOfDll=0x7ff87d0a0000, SizeOfImage=0x17000, EntryPoint=0x7ff87d0a1390)) returned 1 [0155.452] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.453] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d0a0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="NETAPI32.dll") returned 0xc [0155.458] CoTaskMemFree (pv=0x6b2ac0) [0155.458] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0155.458] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d0a0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NETAPI32.dll" (normalized: "c:\\windows\\system32\\netapi32.dll")) returned 0x20 [0155.464] CoTaskMemFree (pv=0x6b3340) [0155.464] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870010000, lpmodinfo=0x26a2840, cb=0x18 | out: lpmodinfo=0x26a2840*(lpBaseOfDll=0x7ff870010000, SizeOfImage=0x13f000, EntryPoint=0x7ff8700705e4)) returned 1 [0155.469] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0155.469] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870010000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="APPVPOLICY.dll") returned 0xe [0155.475] CoTaskMemFree (pv=0x6b3340) [0155.475] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0155.475] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870010000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\APPVPOLICY.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvpolicy.dll")) returned 0x48 [0155.480] CoTaskMemFree (pv=0x6b3340) [0155.481] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86ff60000, lpmodinfo=0x26a4a48, cb=0x18 | out: lpmodinfo=0x26a4a48*(lpBaseOfDll=0x7ff86ff60000, SizeOfImage=0xa6000, EntryPoint=0x7ff86ffaefec)) returned 1 [0155.486] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0155.487] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86ff60000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="MSVCP120.dll") returned 0xc [0155.500] CoTaskMemFree (pv=0x6b3340) [0155.500] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0155.501] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86ff60000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\MSVCP120.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\msvcp120.dll")) returned 0x46 [0155.506] CoTaskMemFree (pv=0x6b2240) [0155.506] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86fe70000, lpmodinfo=0x26a6c48, cb=0x18 | out: lpmodinfo=0x26a6c48*(lpBaseOfDll=0x7ff86fe70000, SizeOfImage=0xef000, EntryPoint=0x7ff86fe929cc)) returned 1 [0155.511] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0155.511] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86fe70000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="MSVCR120.dll") returned 0xc [0155.517] CoTaskMemFree (pv=0x6b0040) [0155.517] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.518] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86fe70000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\MSVCR120.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\msvcr120.dll")) returned 0x46 [0155.523] CoTaskMemFree (pv=0x6b08c0) [0155.523] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bd20000, lpmodinfo=0x26a8e48, cb=0x18 | out: lpmodinfo=0x26a8e48*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0155.527] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0155.528] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0155.533] CoTaskMemFree (pv=0x6b2240) [0155.533] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.533] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0155.538] CoTaskMemFree (pv=0x6b08c0) [0155.538] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpmodinfo=0x26aaff0, cb=0x18 | out: lpmodinfo=0x26aaff0*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0155.543] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.544] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="NETUTILS.DLL") returned 0xc [0155.549] CoTaskMemFree (pv=0x6b2ac0) [0155.549] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.549] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NETUTILS.DLL" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0155.554] CoTaskMemFree (pv=0x6b08c0) [0155.554] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875a10000, lpmodinfo=0x26ad1a8, cb=0x18 | out: lpmodinfo=0x26ad1a8*(lpBaseOfDll=0x7ff875a10000, SizeOfImage=0x19000, EntryPoint=0x7ff875a14520)) returned 1 [0155.559] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.560] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875a10000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="SAMCLI.DLL") returned 0xa [0155.565] CoTaskMemFree (pv=0x6b2ac0) [0155.565] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0155.565] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875a10000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SAMCLI.DLL" (normalized: "c:\\windows\\system32\\samcli.dll")) returned 0x1e [0155.572] CoTaskMemFree (pv=0x6b2240) [0155.572] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86fd80000, lpmodinfo=0x26af768, cb=0x18 | out: lpmodinfo=0x26af768*(lpBaseOfDll=0x7ff86fd80000, SizeOfImage=0xea000, EntryPoint=0x7ff86fdeca10)) returned 1 [0155.577] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0155.578] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86fd80000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="AppVOrchestration.dll") returned 0x15 [0155.583] CoTaskMemFree (pv=0x6b2240) [0155.583] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.583] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86fd80000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppVOrchestration.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvorchestration.dll")) returned 0x4f [0155.590] CoTaskMemFree (pv=0x6b1140) [0155.590] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86fd40000, lpmodinfo=0x26b1988, cb=0x18 | out: lpmodinfo=0x26b1988*(lpBaseOfDll=0x7ff86fd40000, SizeOfImage=0x36000, EntryPoint=0x7ff86fd4daa0)) returned 1 [0155.596] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.596] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86fd40000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="AppVIsvStreamingManager.dll") returned 0x1b [0155.602] CoTaskMemFree (pv=0x6b08c0) [0155.602] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.602] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86fd40000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppVIsvStreamingManager.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstreamingmanager.dll")) returned 0x55 [0155.608] CoTaskMemFree (pv=0x6b2ac0) [0155.608] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86fc10000, lpmodinfo=0x26b3bc0, cb=0x18 | out: lpmodinfo=0x26b3bc0*(lpBaseOfDll=0x7ff86fc10000, SizeOfImage=0x12f000, EntryPoint=0x7ff86fc6f2a4)) returned 1 [0155.613] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.613] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86fc10000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="APPVMANIFEST.dll") returned 0x10 [0155.619] CoTaskMemFree (pv=0x6b1140) [0155.619] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.619] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86fc10000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\APPVMANIFEST.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvmanifest.dll")) returned 0x4a [0155.627] CoTaskMemFree (pv=0x6b19c0) [0155.628] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86fb60000, lpmodinfo=0x26b5dd0, cb=0x18 | out: lpmodinfo=0x26b5dd0*(lpBaseOfDll=0x7ff86fb60000, SizeOfImage=0xa2000, EntryPoint=0x7ff86fba988c)) returned 1 [0155.633] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.633] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86fb60000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="AppVCatalog.dll") returned 0xf [0155.639] CoTaskMemFree (pv=0x6b1140) [0155.639] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.639] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86fb60000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppVCatalog.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvcatalog.dll")) returned 0x49 [0155.644] CoTaskMemFree (pv=0x6b1140) [0155.644] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86fad0000, lpmodinfo=0x26b7fd8, cb=0x18 | out: lpmodinfo=0x26b7fd8*(lpBaseOfDll=0x7ff86fad0000, SizeOfImage=0x8d000, EntryPoint=0x7ff86fb10cc4)) returned 1 [0155.650] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.650] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86fad0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="AppVIsvVirtualization.dll") returned 0x19 [0155.656] CoTaskMemFree (pv=0x6b08c0) [0155.656] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.656] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86fad0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppVIsvVirtualization.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvvirtualization.dll")) returned 0x53 [0155.663] CoTaskMemFree (pv=0x6b19c0) [0155.663] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87eec0000, lpmodinfo=0x26ba208, cb=0x18 | out: lpmodinfo=0x26ba208*(lpBaseOfDll=0x7ff87eec0000, SizeOfImage=0x8000, EntryPoint=0x7ff87eec10b0)) returned 1 [0155.669] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.669] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87eec0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="PSAPI.DLL") returned 0x9 [0155.675] CoTaskMemFree (pv=0x6b08c0) [0155.675] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.675] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87eec0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PSAPI.DLL" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0155.681] CoTaskMemFree (pv=0x6b19c0) [0155.681] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f8c0000, lpmodinfo=0x26bc3b0, cb=0x18 | out: lpmodinfo=0x26bc3b0*(lpBaseOfDll=0x7ff86f8c0000, SizeOfImage=0x20a000, EntryPoint=0x7ff86f9bb0a0)) returned 1 [0155.687] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.687] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f8c0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="AppVIntegration.dll") returned 0x13 [0155.693] CoTaskMemFree (pv=0x6b08c0) [0155.693] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.693] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f8c0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppVIntegration.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvintegration.dll")) returned 0x4d [0155.699] CoTaskMemFree (pv=0x6b2ac0) [0155.699] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f760000, lpmodinfo=0x26be5c8, cb=0x18 | out: lpmodinfo=0x26be5c8*(lpBaseOfDll=0x7ff86f760000, SizeOfImage=0x15a000, EntryPoint=0x7ff86f81565c)) returned 1 [0155.705] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.705] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f760000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="AppVIsvSubsystemController.dll") returned 0x1e [0155.711] CoTaskMemFree (pv=0x6b1140) [0155.711] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.712] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f760000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppVIsvSubsystemController.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystemcontroller.dll")) returned 0x58 [0155.718] CoTaskMemFree (pv=0x6b2ac0) [0155.718] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f710000, lpmodinfo=0x26c0810, cb=0x18 | out: lpmodinfo=0x26c0810*(lpBaseOfDll=0x7ff86f710000, SizeOfImage=0x4d000, EntryPoint=0x7ff86f72792c)) returned 1 [0155.724] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.724] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f710000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="APPVFILESYSTEMMETADATA.dll") returned 0x1a [0155.731] CoTaskMemFree (pv=0x6b19c0) [0155.731] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.731] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f710000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\APPVFILESYSTEMMETADATA.dll" (normalized: "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvfilesystemmetadata.dll")) returned 0x54 [0155.737] CoTaskMemFree (pv=0x6b1140) [0155.737] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x26c2a48, cb=0x18 | out: lpmodinfo=0x26c2a48*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0155.743] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.743] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0155.749] CoTaskMemFree (pv=0x6b19c0) [0155.749] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.749] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0155.755] CoTaskMemFree (pv=0x6b08c0) [0155.755] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8727c0000, lpmodinfo=0x26c4bf0, cb=0x18 | out: lpmodinfo=0x26c4bf0*(lpBaseOfDll=0x7ff8727c0000, SizeOfImage=0x40000, EntryPoint=0x7ff8727d6c60)) returned 1 [0155.761] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0155.761] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8727c0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0155.769] CoTaskMemFree (pv=0x6b2240) [0155.769] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.770] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8727c0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0155.776] CoTaskMemFree (pv=0x6b2ac0) [0155.776] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874a90000, lpmodinfo=0x26c6da8, cb=0x18 | out: lpmodinfo=0x26c6da8*(lpBaseOfDll=0x7ff874a90000, SizeOfImage=0xe000, EntryPoint=0x7ff874a91460)) returned 1 [0155.782] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.782] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874a90000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0155.788] CoTaskMemFree (pv=0x6b19c0) [0155.788] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.789] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874a90000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0155.795] CoTaskMemFree (pv=0x6b2ac0) [0155.795] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86efa0000, lpmodinfo=0x26c8f60, cb=0x18 | out: lpmodinfo=0x26c8f60*(lpBaseOfDll=0x7ff86efa0000, SizeOfImage=0x11000, EntryPoint=0x7ff86efa2fc0)) returned 1 [0155.802] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0155.802] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86efa0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0155.808] CoTaskMemFree (pv=0x6b0040) [0155.808] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.809] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86efa0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0155.816] CoTaskMemFree (pv=0x6b19c0) [0155.816] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870c70000, lpmodinfo=0x26cb120, cb=0x18 | out: lpmodinfo=0x26cb120*(lpBaseOfDll=0x7ff870c70000, SizeOfImage=0x7f000, EntryPoint=0x7ff870c87110)) returned 1 [0155.822] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0155.822] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870c70000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wbemcomn.dll") returned 0xc [0155.829] CoTaskMemFree (pv=0x6b0040) [0155.829] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.829] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870c70000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")) returned 0x20 [0155.858] CoTaskMemFree (pv=0x6b19c0) [0155.858] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e970000, lpmodinfo=0x26cd2d8, cb=0x18 | out: lpmodinfo=0x26cd2d8*(lpBaseOfDll=0x7ff86e970000, SizeOfImage=0x14000, EntryPoint=0x7ff86e971800)) returned 1 [0155.864] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0155.864] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e970000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0155.872] CoTaskMemFree (pv=0x6b3340) [0155.872] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.872] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e970000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0155.879] CoTaskMemFree (pv=0x6b19c0) [0155.879] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e990000, lpmodinfo=0x26cf490, cb=0x18 | out: lpmodinfo=0x26cf490*(lpBaseOfDll=0x7ff86e990000, SizeOfImage=0xf6000, EntryPoint=0x7ff86e9c9590)) returned 1 [0155.885] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0155.885] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e990000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="fastprox.dll") returned 0xc [0155.908] CoTaskMemFree (pv=0x6b08c0) [0155.908] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0155.908] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e990000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\fastprox.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0155.914] CoTaskMemFree (pv=0x6b1140) [0155.914] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d640000, lpmodinfo=0x26d1650, cb=0x18 | out: lpmodinfo=0x26d1650*(lpBaseOfDll=0x7ff87d640000, SizeOfImage=0x7000, EntryPoint=0x0)) returned 1 [0155.921] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.921] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d640000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="Normaliz.dll") returned 0xc [0155.927] CoTaskMemFree (pv=0x6b19c0) [0155.928] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.928] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d640000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Normaliz.dll" (normalized: "c:\\windows\\system32\\normaliz.dll")) returned 0x20 [0155.935] CoTaskMemFree (pv=0x6b2ac0) [0155.935] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878b20000, lpmodinfo=0x26d3808, cb=0x18 | out: lpmodinfo=0x26d3808*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0155.947] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0155.948] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878b20000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="WINHTTP.dll") returned 0xb [0155.955] CoTaskMemFree (pv=0x6b2240) [0155.955] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.956] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878b20000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINHTTP.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0155.963] CoTaskMemFree (pv=0x6b2ac0) [0155.963] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87efa0000, lpmodinfo=0x26d59b0, cb=0x18 | out: lpmodinfo=0x26d59b0*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0155.971] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0155.971] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0155.978] CoTaskMemFree (pv=0x6b3340) [0155.978] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0155.979] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0155.988] CoTaskMemFree (pv=0x6b2ac0) [0155.988] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875270000, lpmodinfo=0x26d7b48, cb=0x18 | out: lpmodinfo=0x26d7b48*(lpBaseOfDll=0x7ff875270000, SizeOfImage=0x16000, EntryPoint=0x7ff8752719f0)) returned 1 [0155.995] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0155.995] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875270000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0156.002] CoTaskMemFree (pv=0x6b19c0) [0156.002] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.003] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875270000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0156.010] CoTaskMemFree (pv=0x6b19c0) [0156.010] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875250000, lpmodinfo=0x26d9d00, cb=0x18 | out: lpmodinfo=0x26d9d00*(lpBaseOfDll=0x7ff875250000, SizeOfImage=0x1a000, EntryPoint=0x7ff875252430)) returned 1 [0156.017] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.017] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875250000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0156.026] CoTaskMemFree (pv=0x6b1140) [0156.026] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.026] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875250000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0156.034] CoTaskMemFree (pv=0x6b0040) [0156.035] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874ab0000, lpmodinfo=0x26dbeb8, cb=0x18 | out: lpmodinfo=0x26dbeb8*(lpBaseOfDll=0x7ff874ab0000, SizeOfImage=0x15000, EntryPoint=0x7ff874ab2dc0)) returned 1 [0156.042] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.042] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874ab0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0156.049] CoTaskMemFree (pv=0x6b08c0) [0156.049] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.049] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874ab0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0156.066] CoTaskMemFree (pv=0x6b19c0) [0156.066] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870840000, lpmodinfo=0x26de0a0, cb=0x18 | out: lpmodinfo=0x26de0a0*(lpBaseOfDll=0x7ff870840000, SizeOfImage=0x1b8000, EntryPoint=0x7ff8708ae630)) returned 1 [0156.074] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.075] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870840000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="urlmon.dll") returned 0xa [0156.082] CoTaskMemFree (pv=0x6b2ac0) [0156.082] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.082] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870840000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")) returned 0x1e [0156.089] CoTaskMemFree (pv=0x6b2240) [0156.089] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8764e0000, lpmodinfo=0x26e0248, cb=0x18 | out: lpmodinfo=0x26e0248*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0156.096] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.096] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0156.115] CoTaskMemFree (pv=0x6b0040) [0156.115] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.115] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0156.122] CoTaskMemFree (pv=0x6b08c0) [0156.122] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86ec80000, lpmodinfo=0x26e2400, cb=0x18 | out: lpmodinfo=0x26e2400*(lpBaseOfDll=0x7ff86ec80000, SizeOfImage=0x28e000, EntryPoint=0x7ff86ed50f00)) returned 1 [0156.129] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.129] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86ec80000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="WININET.dll") returned 0xb [0156.137] CoTaskMemFree (pv=0x6b1140) [0156.137] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.137] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86ec80000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WININET.dll" (normalized: "c:\\windows\\system32\\wininet.dll")) returned 0x1f [0156.145] CoTaskMemFree (pv=0x6b3340) [0156.145] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b030000, lpmodinfo=0x26e45a8, cb=0x18 | out: lpmodinfo=0x26e45a8*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0156.160] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.160] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b030000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0156.168] CoTaskMemFree (pv=0x6b2240) [0156.169] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.169] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b030000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0156.177] CoTaskMemFree (pv=0x6b19c0) [0156.178] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87be90000, lpmodinfo=0x26e6750, cb=0x18 | out: lpmodinfo=0x26e6750*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0156.185] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.185] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87be90000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0156.206] CoTaskMemFree (pv=0x6b2ac0) [0156.207] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.207] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87be90000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0156.215] CoTaskMemFree (pv=0x6b08c0) [0156.215] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8750d0000, lpmodinfo=0x26e88f8, cb=0x18 | out: lpmodinfo=0x26e88f8*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0156.232] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.233] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0156.240] CoTaskMemFree (pv=0x6b2240) [0156.240] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.241] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0156.254] CoTaskMemFree (pv=0x6b2240) [0156.254] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86d180000, lpmodinfo=0x26eaaa0, cb=0x18 | out: lpmodinfo=0x26eaaa0*(lpBaseOfDll=0x7ff86d180000, SizeOfImage=0x80000, EntryPoint=0x7ff86d1ad280)) returned 1 [0156.262] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.262] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86d180000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0156.269] CoTaskMemFree (pv=0x6b1140) [0156.269] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.269] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86d180000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")) returned 0x1d [0156.278] CoTaskMemFree (pv=0x6b19c0) [0156.279] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874830000, lpmodinfo=0x26ecc48, cb=0x18 | out: lpmodinfo=0x26ecc48*(lpBaseOfDll=0x7ff874830000, SizeOfImage=0xa000, EntryPoint=0x7ff8748314c0)) returned 1 [0156.295] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.296] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874830000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0156.304] CoTaskMemFree (pv=0x6b2ac0) [0156.304] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.304] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874830000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0156.312] CoTaskMemFree (pv=0x6b08c0) [0156.312] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874fc0000, lpmodinfo=0x26eee00, cb=0x18 | out: lpmodinfo=0x26eee00*(lpBaseOfDll=0x7ff874fc0000, SizeOfImage=0x67000, EntryPoint=0x7ff874fc63e0)) returned 1 [0156.320] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.320] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874fc0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0156.328] CoTaskMemFree (pv=0x6b0040) [0156.328] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.328] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874fc0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0156.343] CoTaskMemFree (pv=0x6b19c0) [0156.343] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bb10000, lpmodinfo=0x26f0fb8, cb=0x18 | out: lpmodinfo=0x26f0fb8*(lpBaseOfDll=0x7ff87bb10000, SizeOfImage=0x7a000, EntryPoint=0x7ff87bb31a50)) returned 1 [0156.351] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.351] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bb10000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0156.359] CoTaskMemFree (pv=0x6b19c0) [0156.360] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.360] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bb10000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0156.368] CoTaskMemFree (pv=0x6b19c0) [0156.368] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c8b0000, lpmodinfo=0x26f3170, cb=0x18 | out: lpmodinfo=0x26f3170*(lpBaseOfDll=0x7ff86c8b0000, SizeOfImage=0x14000, EntryPoint=0x7ff86c8b3710)) returned 1 [0156.390] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.390] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c8b0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0156.398] CoTaskMemFree (pv=0x6b19c0) [0156.399] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.399] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c8b0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0156.407] CoTaskMemFree (pv=0x6b0040) [0156.407] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c960000, lpmodinfo=0x26f5338, cb=0x18 | out: lpmodinfo=0x26f5338*(lpBaseOfDll=0x7ff86c960000, SizeOfImage=0x1e000, EntryPoint=0x7ff86c96ef80)) returned 1 [0156.415] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.415] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c960000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0156.426] CoTaskMemFree (pv=0x6b1140) [0156.426] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.426] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c960000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0156.434] CoTaskMemFree (pv=0x6b2240) [0156.435] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872800000, lpmodinfo=0x26f74f0, cb=0x18 | out: lpmodinfo=0x26f74f0*(lpBaseOfDll=0x7ff872800000, SizeOfImage=0x162000, EntryPoint=0x7ff872851b30)) returned 1 [0156.443] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.443] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872800000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="webservices.dll") returned 0xf [0156.451] CoTaskMemFree (pv=0x6b3340) [0156.451] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.452] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872800000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\webservices.dll" (normalized: "c:\\windows\\system32\\webservices.dll")) returned 0x23 [0156.467] CoTaskMemFree (pv=0x6b0040) [0156.467] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bc10000, lpmodinfo=0x26f96a8, cb=0x18 | out: lpmodinfo=0x26f96a8*(lpBaseOfDll=0x7ff87bc10000, SizeOfImage=0xa000, EntryPoint=0x7ff87bc11830)) returned 1 [0156.475] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.475] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bc10000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="DPAPI.DLL") returned 0x9 [0156.485] CoTaskMemFree (pv=0x6b19c0) [0156.485] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.485] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bc10000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DPAPI.DLL" (normalized: "c:\\windows\\system32\\dpapi.dll")) returned 0x1d [0156.501] CoTaskMemFree (pv=0x6b08c0) [0156.501] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872540000, lpmodinfo=0x26fb850, cb=0x18 | out: lpmodinfo=0x26fb850*(lpBaseOfDll=0x7ff872540000, SizeOfImage=0x27a000, EntryPoint=0x7ff87255a7a0)) returned 1 [0156.513] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.513] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872540000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="msxml6.dll") returned 0xa [0156.522] CoTaskMemFree (pv=0x6b0040) [0156.522] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.522] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872540000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")) returned 0x1e [0156.531] CoTaskMemFree (pv=0x6b2ac0) [0156.531] CloseHandle (hObject=0x260) returned 1 [0156.531] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0156.532] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1180) returned 0x260 [0156.532] EnumProcessModules (in: hProcess=0x260, lphModule=0x2700058, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2700058, lpcbNeeded=0x14ef68) returned 1 [0156.532] GetModuleInformation (in: hProcess=0x260, hModule=0xaf0000, lpmodinfo=0x27002c8, cb=0x18 | out: lpmodinfo=0x27002c8*(lpBaseOfDll=0xaf0000, SizeOfImage=0x17000, EntryPoint=0xaf14a1)) returned 1 [0156.533] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.533] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xaf0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="mxslipstream.exe") returned 0x10 [0156.533] CoTaskMemFree (pv=0x6b2240) [0156.533] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.534] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xaf0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Journal\\mxslipstream.exe" (normalized: "c:\\program files\\windows journal\\mxslipstream.exe")) returned 0x31 [0156.534] CoTaskMemFree (pv=0x6b19c0) [0156.534] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x27024e0, cb=0x18 | out: lpmodinfo=0x27024e0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0156.535] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.535] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0156.535] CoTaskMemFree (pv=0x6b08c0) [0156.535] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.535] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0156.536] CoTaskMemFree (pv=0x6b3340) [0156.536] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x2704688, cb=0x18 | out: lpmodinfo=0x2704688*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0156.536] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.536] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0156.537] CoTaskMemFree (pv=0x6b08c0) [0156.537] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.537] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0156.538] CoTaskMemFree (pv=0x6b08c0) [0156.538] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x2706830, cb=0x18 | out: lpmodinfo=0x2706830*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0156.538] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.539] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0156.539] CoTaskMemFree (pv=0x6b2240) [0156.539] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.540] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0156.548] CoTaskMemFree (pv=0x6b2ac0) [0156.549] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x27089e8, cb=0x18 | out: lpmodinfo=0x27089e8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0156.549] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.549] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0156.550] CoTaskMemFree (pv=0x6b08c0) [0156.550] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.550] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0156.551] CoTaskMemFree (pv=0x6b2ac0) [0156.551] CloseHandle (hObject=0x260) returned 1 [0156.552] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0156.552] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x294) returned 0x260 [0156.552] EnumProcessModules (in: hProcess=0x260, lphModule=0x270b100, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x270b100, lpcbNeeded=0x14ef68) returned 1 [0156.554] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff6a3140000, lpmodinfo=0x270b370, cb=0x18 | out: lpmodinfo=0x270b370*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0156.555] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.555] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0156.555] CoTaskMemFree (pv=0x6b0040) [0156.555] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.555] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0156.556] CoTaskMemFree (pv=0x6b0040) [0156.556] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x270d550, cb=0x18 | out: lpmodinfo=0x270d550*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0156.556] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.557] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0156.557] CoTaskMemFree (pv=0x6b2240) [0156.557] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.557] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0156.558] CoTaskMemFree (pv=0x6b2ac0) [0156.558] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x270f6f8, cb=0x18 | out: lpmodinfo=0x270f6f8*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0156.559] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.559] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0156.560] CoTaskMemFree (pv=0x6b2240) [0156.560] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.560] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0156.561] CoTaskMemFree (pv=0x6b0040) [0156.561] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x27118b0, cb=0x18 | out: lpmodinfo=0x27118b0*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0156.561] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.561] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0156.562] CoTaskMemFree (pv=0x6b08c0) [0156.562] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.562] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0156.563] CoTaskMemFree (pv=0x6b19c0) [0156.563] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x2713a68, cb=0x18 | out: lpmodinfo=0x2713a68*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0156.563] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.564] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0156.564] CoTaskMemFree (pv=0x6b0040) [0156.564] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.564] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0156.565] CoTaskMemFree (pv=0x6b1140) [0156.565] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x2715c68, cb=0x18 | out: lpmodinfo=0x2715c68*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0156.566] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.566] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0156.567] CoTaskMemFree (pv=0x6b19c0) [0156.567] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.567] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0156.568] CoTaskMemFree (pv=0x6b1140) [0156.568] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b760000, lpmodinfo=0x2717e10, cb=0x18 | out: lpmodinfo=0x2717e10*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0156.569] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.569] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b760000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0156.569] CoTaskMemFree (pv=0x6b08c0) [0156.569] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.569] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b760000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0156.570] CoTaskMemFree (pv=0x6b0040) [0156.570] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b4a0000, lpmodinfo=0x2719fc8, cb=0x18 | out: lpmodinfo=0x2719fc8*(lpBaseOfDll=0x7ff87b4a0000, SizeOfImage=0x17000, EntryPoint=0x7ff87b4a6180)) returned 1 [0156.571] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.571] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b4a0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="rpcepmap.dll") returned 0xc [0156.572] CoTaskMemFree (pv=0x6b1140) [0156.572] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.573] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b4a0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\rpcepmap.dll" (normalized: "c:\\windows\\system32\\rpcepmap.dll")) returned 0x20 [0156.574] CoTaskMemFree (pv=0x6b19c0) [0156.574] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x271c180, cb=0x18 | out: lpmodinfo=0x271c180*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0156.575] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.575] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="sspicli.dll") returned 0xb [0156.576] CoTaskMemFree (pv=0x6b0040) [0156.576] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.576] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0156.577] CoTaskMemFree (pv=0x6b1140) [0156.577] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b480000, lpmodinfo=0x271e3c0, cb=0x18 | out: lpmodinfo=0x271e3c0*(lpBaseOfDll=0x7ff87b480000, SizeOfImage=0x13000, EntryPoint=0x7ff87b481b60)) returned 1 [0156.578] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.578] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b480000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="RpcRtRemote.dll") returned 0xf [0156.579] CoTaskMemFree (pv=0x6b1140) [0156.579] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.579] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b480000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RpcRtRemote.dll" (normalized: "c:\\windows\\system32\\rpcrtremote.dll")) returned 0x23 [0156.581] CoTaskMemFree (pv=0x6b2240) [0156.581] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b4c0000, lpmodinfo=0x2720578, cb=0x18 | out: lpmodinfo=0x2720578*(lpBaseOfDll=0x7ff87b4c0000, SizeOfImage=0xe3000, EntryPoint=0x7ff87b51e0b0)) returned 1 [0156.582] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.582] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b4c0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="rpcss.dll") returned 0x9 [0156.587] CoTaskMemFree (pv=0x6b0040) [0156.587] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.588] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b4c0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")) returned 0x1d [0156.589] CoTaskMemFree (pv=0x6b19c0) [0156.589] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x2722720, cb=0x18 | out: lpmodinfo=0x2722720*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0156.591] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.591] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0156.592] CoTaskMemFree (pv=0x6b19c0) [0156.592] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.593] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0156.594] CoTaskMemFree (pv=0x6b2240) [0156.594] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x27248c8, cb=0x18 | out: lpmodinfo=0x27248c8*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0156.595] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.595] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0156.597] CoTaskMemFree (pv=0x6b3340) [0156.597] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.597] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0156.599] CoTaskMemFree (pv=0x6b2240) [0156.599] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x2726a70, cb=0x18 | out: lpmodinfo=0x2726a70*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0156.600] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.600] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0156.602] CoTaskMemFree (pv=0x6b08c0) [0156.602] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.602] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0156.603] CoTaskMemFree (pv=0x6b0040) [0156.603] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87eed0000, lpmodinfo=0x2728c48, cb=0x18 | out: lpmodinfo=0x2728c48*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0156.605] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.605] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0156.607] CoTaskMemFree (pv=0x6b3340) [0156.607] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.607] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0156.609] CoTaskMemFree (pv=0x6b1140) [0156.609] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87be90000, lpmodinfo=0x272adf0, cb=0x18 | out: lpmodinfo=0x272adf0*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0156.610] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.610] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87be90000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0156.612] CoTaskMemFree (pv=0x6b1140) [0156.612] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.612] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87be90000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0156.614] CoTaskMemFree (pv=0x6b2240) [0156.614] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x272cf98, cb=0x18 | out: lpmodinfo=0x272cf98*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0156.616] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.616] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0156.618] CoTaskMemFree (pv=0x6b1140) [0156.618] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.618] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0156.620] CoTaskMemFree (pv=0x6b08c0) [0156.620] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87cdb0000, lpmodinfo=0x272f268, cb=0x18 | out: lpmodinfo=0x272f268*(lpBaseOfDll=0x7ff87cdb0000, SizeOfImage=0x86000, EntryPoint=0x7ff87cdbd8f0)) returned 1 [0156.623] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.623] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87cdb0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="FirewallAPI.dll") returned 0xf [0156.625] CoTaskMemFree (pv=0x6b3340) [0156.625] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.625] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87cdb0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FirewallAPI.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0156.627] CoTaskMemFree (pv=0x6b19c0) [0156.627] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b340000, lpmodinfo=0x2731420, cb=0x18 | out: lpmodinfo=0x2731420*(lpBaseOfDll=0x7ff87b340000, SizeOfImage=0x32000, EntryPoint=0x7ff87b352340)) returned 1 [0156.629] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.629] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b340000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="fwbase.dll") returned 0xa [0156.631] CoTaskMemFree (pv=0x6b08c0) [0156.631] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.631] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b340000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")) returned 0x1e [0156.633] CoTaskMemFree (pv=0x6b08c0) [0156.633] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x27335c8, cb=0x18 | out: lpmodinfo=0x27335c8*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0156.635] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.635] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0156.637] CoTaskMemFree (pv=0x6b3340) [0156.637] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.637] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0156.639] CoTaskMemFree (pv=0x6b3340) [0156.640] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x2735790, cb=0x18 | out: lpmodinfo=0x2735790*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0156.642] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.642] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0156.644] CoTaskMemFree (pv=0x6b3340) [0156.644] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.644] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0156.646] CoTaskMemFree (pv=0x6b2ac0) [0156.647] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x2737938, cb=0x18 | out: lpmodinfo=0x2737938*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0156.649] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.649] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0156.651] CoTaskMemFree (pv=0x6b2240) [0156.651] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.651] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0156.654] CoTaskMemFree (pv=0x6b19c0) [0156.654] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875b40000, lpmodinfo=0x2739af0, cb=0x18 | out: lpmodinfo=0x2739af0*(lpBaseOfDll=0x7ff875b40000, SizeOfImage=0x10000, EntryPoint=0x7ff875b42c60)) returned 1 [0156.656] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.656] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875b40000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="usermgrcli.dll") returned 0xe [0156.661] CoTaskMemFree (pv=0x6b19c0) [0156.661] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.662] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875b40000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")) returned 0x22 [0156.664] CoTaskMemFree (pv=0x6b2240) [0156.664] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874fc0000, lpmodinfo=0x273bca8, cb=0x18 | out: lpmodinfo=0x273bca8*(lpBaseOfDll=0x7ff874fc0000, SizeOfImage=0x67000, EntryPoint=0x7ff874fc63e0)) returned 1 [0156.666] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.666] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874fc0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0156.668] CoTaskMemFree (pv=0x6b1140) [0156.668] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.669] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874fc0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0156.671] CoTaskMemFree (pv=0x6b2240) [0156.671] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x273de60, cb=0x18 | out: lpmodinfo=0x273de60*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0156.673] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.674] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0156.676] CoTaskMemFree (pv=0x6b3340) [0156.676] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.676] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0156.679] CoTaskMemFree (pv=0x6b19c0) [0156.679] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873ae0000, lpmodinfo=0x2740008, cb=0x18 | out: lpmodinfo=0x2740008*(lpBaseOfDll=0x7ff873ae0000, SizeOfImage=0x1b000, EntryPoint=0x7ff873aeaf40)) returned 1 [0156.681] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.681] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873ae0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="capauthz.dll") returned 0xc [0156.683] CoTaskMemFree (pv=0x6b08c0) [0156.683] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.684] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873ae0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll")) returned 0x20 [0156.686] CoTaskMemFree (pv=0x6b2240) [0156.686] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ad00000, lpmodinfo=0x27421c0, cb=0x18 | out: lpmodinfo=0x27421c0*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0156.690] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.690] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0156.692] CoTaskMemFree (pv=0x6b08c0) [0156.692] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.693] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0156.714] CoTaskMemFree (pv=0x6b2240) [0156.714] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpmodinfo=0x2744378, cb=0x18 | out: lpmodinfo=0x2744378*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0156.717] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.717] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0156.720] CoTaskMemFree (pv=0x6b3340) [0156.720] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.721] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0156.724] CoTaskMemFree (pv=0x6b3340) [0156.724] CloseHandle (hObject=0x260) returned 1 [0156.724] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0156.724] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xca8) returned 0x260 [0156.724] EnumProcessModules (in: hProcess=0x260, lphModule=0x2747210, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2747210, lpcbNeeded=0x14ef68) returned 1 [0156.725] GetModuleInformation (in: hProcess=0x260, hModule=0x13c0000, lpmodinfo=0x2747480, cb=0x18 | out: lpmodinfo=0x2747480*(lpBaseOfDll=0x13c0000, SizeOfImage=0x17000, EntryPoint=0x13c14a1)) returned 1 [0156.725] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.726] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x13c0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="back.exe") returned 0x8 [0156.726] CoTaskMemFree (pv=0x6b2ac0) [0156.727] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.727] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x13c0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Reference Assemblies\\back.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\back.exe")) returned 0x34 [0156.727] CoTaskMemFree (pv=0x6b3340) [0156.727] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2749690, cb=0x18 | out: lpmodinfo=0x2749690*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0156.728] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.728] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0156.728] CoTaskMemFree (pv=0x6b1140) [0156.728] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.729] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0156.729] CoTaskMemFree (pv=0x6b2ac0) [0156.730] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x274b838, cb=0x18 | out: lpmodinfo=0x274b838*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0156.730] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.731] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0156.731] CoTaskMemFree (pv=0x6b2ac0) [0156.731] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.732] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0156.732] CoTaskMemFree (pv=0x6b3340) [0156.733] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x274d9e0, cb=0x18 | out: lpmodinfo=0x274d9e0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0156.733] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.734] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0156.734] CoTaskMemFree (pv=0x6b2ac0) [0156.735] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.735] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0156.736] CoTaskMemFree (pv=0x6b2ac0) [0156.736] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x274fb98, cb=0x18 | out: lpmodinfo=0x274fb98*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0156.737] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.737] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0156.738] CoTaskMemFree (pv=0x6b2240) [0156.738] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.738] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0156.739] CoTaskMemFree (pv=0x6b2240) [0156.739] CloseHandle (hObject=0x260) returned 1 [0156.739] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0156.739] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1124) returned 0x260 [0156.740] EnumProcessModules (in: hProcess=0x260, lphModule=0x27522b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x27522b0, lpcbNeeded=0x14ef68) returned 1 [0156.740] GetModuleInformation (in: hProcess=0x260, hModule=0xf60000, lpmodinfo=0x2752520, cb=0x18 | out: lpmodinfo=0x2752520*(lpBaseOfDll=0xf60000, SizeOfImage=0x17000, EntryPoint=0xf614a1)) returned 1 [0156.741] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.741] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xf60000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ccv_server.exe") returned 0xe [0156.741] CoTaskMemFree (pv=0x6b1140) [0156.741] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.741] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xf60000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\ccv_server.exe" (normalized: "c:\\program files (x86)\\windows media player\\ccv_server.exe")) returned 0x3a [0156.742] CoTaskMemFree (pv=0x6b08c0) [0156.742] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2754740, cb=0x18 | out: lpmodinfo=0x2754740*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0156.742] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.743] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0156.743] CoTaskMemFree (pv=0x6b08c0) [0156.743] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.743] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0156.744] CoTaskMemFree (pv=0x6b08c0) [0156.744] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x27568e8, cb=0x18 | out: lpmodinfo=0x27568e8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0156.744] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.745] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0156.745] CoTaskMemFree (pv=0x6b3340) [0156.745] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.745] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0156.746] CoTaskMemFree (pv=0x6b08c0) [0156.746] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x2758a90, cb=0x18 | out: lpmodinfo=0x2758a90*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0156.747] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.747] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0156.748] CoTaskMemFree (pv=0x6b1140) [0156.748] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.748] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0156.749] CoTaskMemFree (pv=0x6b2ac0) [0156.749] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x275ac48, cb=0x18 | out: lpmodinfo=0x275ac48*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0156.750] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.750] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0156.751] CoTaskMemFree (pv=0x6b1140) [0156.751] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.751] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0156.752] CoTaskMemFree (pv=0x6b08c0) [0156.752] CloseHandle (hObject=0x260) returned 1 [0156.753] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0156.753] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xef4) returned 0x0 [0156.753] EnumProcesses (in: lpidProcess=0x275d360, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x275d360, lpcbNeeded=0x14ee58) returned 1 [0156.759] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x14eab0, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0156.762] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x67c) returned 0x260 [0156.762] EnumProcessModules (in: hProcess=0x260, lphModule=0x275e068, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x275e068, lpcbNeeded=0x14ef68) returned 1 [0156.771] GetModuleInformation (in: hProcess=0x260, hModule=0xe40000, lpmodinfo=0x275e2d8, cb=0x18 | out: lpmodinfo=0x275e2d8*(lpBaseOfDll=0xe40000, SizeOfImage=0xe000, EntryPoint=0xe44887)) returned 1 [0156.773] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.773] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xe40000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="SkypeHost.exe") returned 0xd [0156.775] CoTaskMemFree (pv=0x6b08c0) [0156.775] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.775] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xe40000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\\SkypeHost.exe" (normalized: "c:\\program files\\windowsapps\\microsoft.messaging_1.10.22012.0_x86__8wekyb3d8bbwe\\skypehost.exe")) returned 0x5e [0156.777] CoTaskMemFree (pv=0x6b0040) [0156.777] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2760540, cb=0x18 | out: lpmodinfo=0x2760540*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0156.778] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.778] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0156.781] CoTaskMemFree (pv=0x6b08c0) [0156.781] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.781] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0156.783] CoTaskMemFree (pv=0x6b3340) [0156.783] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x27626e8, cb=0x18 | out: lpmodinfo=0x27626e8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0156.786] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.786] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0156.789] CoTaskMemFree (pv=0x6b1140) [0156.789] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.790] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0156.793] CoTaskMemFree (pv=0x6b2ac0) [0156.793] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x2764890, cb=0x18 | out: lpmodinfo=0x2764890*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0156.796] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.796] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0156.799] CoTaskMemFree (pv=0x6b08c0) [0156.799] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.799] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0156.802] CoTaskMemFree (pv=0x6b2ac0) [0156.802] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x2766a48, cb=0x18 | out: lpmodinfo=0x2766a48*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0156.805] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.806] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0156.809] CoTaskMemFree (pv=0x6b2ac0) [0156.809] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.810] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0156.814] CoTaskMemFree (pv=0x6b2240) [0156.814] CloseHandle (hObject=0x260) returned 1 [0156.814] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0156.814] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x107c) returned 0x260 [0156.814] EnumProcessModules (in: hProcess=0x260, lphModule=0x2769160, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2769160, lpcbNeeded=0x14ef68) returned 1 [0156.815] GetModuleInformation (in: hProcess=0x260, hModule=0x340000, lpmodinfo=0x27693d0, cb=0x18 | out: lpmodinfo=0x27693d0*(lpBaseOfDll=0x340000, SizeOfImage=0x17000, EntryPoint=0x3414a1)) returned 1 [0156.815] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.815] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x340000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="outlook.exe") returned 0xb [0156.816] CoTaskMemFree (pv=0x6b08c0) [0156.816] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.816] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x340000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsPowerShell\\outlook.exe" (normalized: "c:\\program files\\windowspowershell\\outlook.exe")) returned 0x2e [0156.817] CoTaskMemFree (pv=0x6b19c0) [0156.817] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x276b5d0, cb=0x18 | out: lpmodinfo=0x276b5d0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0156.817] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.818] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0156.818] CoTaskMemFree (pv=0x6b19c0) [0156.818] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.818] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0156.819] CoTaskMemFree (pv=0x6b1140) [0156.819] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x276d778, cb=0x18 | out: lpmodinfo=0x276d778*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0156.820] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.820] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0156.820] CoTaskMemFree (pv=0x6b1140) [0156.820] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.821] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0156.821] CoTaskMemFree (pv=0x6b19c0) [0156.822] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x276f920, cb=0x18 | out: lpmodinfo=0x276f920*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0156.822] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.823] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0156.823] CoTaskMemFree (pv=0x6b2ac0) [0156.824] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.824] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0156.825] CoTaskMemFree (pv=0x6b2ac0) [0156.825] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x2771ad8, cb=0x18 | out: lpmodinfo=0x2771ad8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0156.826] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.826] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0156.827] CoTaskMemFree (pv=0x6b0040) [0156.827] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.827] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0156.828] CoTaskMemFree (pv=0x6b08c0) [0156.828] CloseHandle (hObject=0x260) returned 1 [0156.828] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0156.828] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1140) returned 0x260 [0156.829] EnumProcessModules (in: hProcess=0x260, lphModule=0x27741f0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x27741f0, lpcbNeeded=0x14ef68) returned 1 [0156.829] GetModuleInformation (in: hProcess=0x260, hModule=0xf0000, lpmodinfo=0x2774460, cb=0x18 | out: lpmodinfo=0x2774460*(lpBaseOfDll=0xf0000, SizeOfImage=0x17000, EntryPoint=0xf14a1)) returned 1 [0156.830] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.830] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xf0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="creditservice.exe") returned 0x11 [0156.830] CoTaskMemFree (pv=0x6b08c0) [0156.830] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.830] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xf0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Portable Devices\\creditservice.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\creditservice.exe")) returned 0x41 [0156.831] CoTaskMemFree (pv=0x6b0040) [0156.831] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2776698, cb=0x18 | out: lpmodinfo=0x2776698*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0156.831] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.832] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0156.832] CoTaskMemFree (pv=0x6b2240) [0156.833] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.833] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0156.834] CoTaskMemFree (pv=0x6b2ac0) [0156.834] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x2778840, cb=0x18 | out: lpmodinfo=0x2778840*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0156.834] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.834] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0156.835] CoTaskMemFree (pv=0x6b19c0) [0156.835] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.835] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0156.836] CoTaskMemFree (pv=0x6b08c0) [0156.836] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x277a9e8, cb=0x18 | out: lpmodinfo=0x277a9e8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0156.837] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.837] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0156.838] CoTaskMemFree (pv=0x6b08c0) [0156.842] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.842] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0156.843] CoTaskMemFree (pv=0x6b3340) [0156.843] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x258e738, cb=0x18 | out: lpmodinfo=0x258e738*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0156.844] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0156.844] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0156.845] CoTaskMemFree (pv=0x6b08c0) [0156.845] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.845] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0156.845] CoTaskMemFree (pv=0x6b0040) [0156.845] CloseHandle (hObject=0x260) returned 1 [0156.846] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0156.846] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1074) returned 0x260 [0156.846] EnumProcessModules (in: hProcess=0x260, lphModule=0x2590e50, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2590e50, lpcbNeeded=0x14ef68) returned 1 [0156.847] GetModuleInformation (in: hProcess=0x260, hModule=0xf80000, lpmodinfo=0x25910c0, cb=0x18 | out: lpmodinfo=0x25910c0*(lpBaseOfDll=0xf80000, SizeOfImage=0x17000, EntryPoint=0xf814a1)) returned 1 [0156.847] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.847] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xf80000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="operamail.exe") returned 0xd [0156.848] CoTaskMemFree (pv=0x6b2240) [0156.848] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.848] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xf80000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Multimedia Platform\\operamail.exe" (normalized: "c:\\program files\\windows multimedia platform\\operamail.exe")) returned 0x3a [0156.849] CoTaskMemFree (pv=0x6b2240) [0156.849] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25932e0, cb=0x18 | out: lpmodinfo=0x25932e0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0156.849] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.850] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0156.850] CoTaskMemFree (pv=0x6b3340) [0156.851] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0156.851] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0156.851] CoTaskMemFree (pv=0x6b3340) [0156.852] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x2595488, cb=0x18 | out: lpmodinfo=0x2595488*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0156.852] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.853] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0156.853] CoTaskMemFree (pv=0x6b2ac0) [0156.853] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.854] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0156.854] CoTaskMemFree (pv=0x6b19c0) [0156.854] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x2597630, cb=0x18 | out: lpmodinfo=0x2597630*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0156.855] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.855] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0156.856] CoTaskMemFree (pv=0x6b19c0) [0156.856] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.856] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0156.857] CoTaskMemFree (pv=0x6b19c0) [0156.857] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x25997e8, cb=0x18 | out: lpmodinfo=0x25997e8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0156.858] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.858] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0156.859] CoTaskMemFree (pv=0x6b1140) [0156.859] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.859] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0156.860] CoTaskMemFree (pv=0x6b19c0) [0156.860] CloseHandle (hObject=0x260) returned 1 [0156.860] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0156.860] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11b4) returned 0x260 [0156.860] EnumProcessModules (in: hProcess=0x260, lphModule=0x259bf00, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x259bf00, lpcbNeeded=0x14ef68) returned 1 [0156.861] GetModuleInformation (in: hProcess=0x260, hModule=0x1240000, lpmodinfo=0x259c170, cb=0x18 | out: lpmodinfo=0x259c170*(lpBaseOfDll=0x1240000, SizeOfImage=0x17000, EntryPoint=0x12414a1)) returned 1 [0156.861] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.862] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x1240000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="utg2.exe") returned 0x8 [0156.862] CoTaskMemFree (pv=0x6b2ac0) [0156.862] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.863] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x1240000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\MSBuild\\utg2.exe" (normalized: "c:\\program files (x86)\\msbuild\\utg2.exe")) returned 0x27 [0156.863] CoTaskMemFree (pv=0x6b2240) [0156.863] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x259e360, cb=0x18 | out: lpmodinfo=0x259e360*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0156.864] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.864] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0156.864] CoTaskMemFree (pv=0x6b2240) [0156.865] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.865] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0156.865] CoTaskMemFree (pv=0x6b1140) [0156.865] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x25a0508, cb=0x18 | out: lpmodinfo=0x25a0508*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0156.866] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.866] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0156.867] CoTaskMemFree (pv=0x6b19c0) [0156.867] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0156.867] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0156.868] CoTaskMemFree (pv=0x6b19c0) [0156.868] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x25a26b0, cb=0x18 | out: lpmodinfo=0x25a26b0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0156.868] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0156.869] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0156.869] CoTaskMemFree (pv=0x6b2ac0) [0156.870] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0156.870] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0156.870] CoTaskMemFree (pv=0x6b0040) [0156.870] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x25a4868, cb=0x18 | out: lpmodinfo=0x25a4868*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0156.871] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0156.871] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0156.872] CoTaskMemFree (pv=0x6b2240) [0156.872] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0156.872] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0156.873] CoTaskMemFree (pv=0x6b1140) [0156.873] CloseHandle (hObject=0x260) returned 1 [0156.873] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0156.874] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa00) returned 0x260 [0156.874] EnumProcessModules (in: hProcess=0x260, lphModule=0x25a6f80, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25a6f80, lpcbNeeded=0x14ef68) returned 1 [0156.980] EnumProcessModules (in: hProcess=0x260, lphModule=0x25a7198, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x25a7198, lpcbNeeded=0x14ef68) returned 1 [0157.055] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff764c40000, lpmodinfo=0x25a7608, cb=0x18 | out: lpmodinfo=0x25a7608*(lpBaseOfDll=0x7ff764c40000, SizeOfImage=0x203000, EntryPoint=0x7ff764ca9e80)) returned 1 [0157.056] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0157.057] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff764c40000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ShellExperienceHost.exe") returned 0x17 [0157.058] CoTaskMemFree (pv=0x6b2240) [0157.058] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0157.059] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff764c40000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe" (normalized: "c:\\windows\\systemapps\\shellexperiencehost_cw5n1h2txyewy\\shellexperiencehost.exe")) returned 0x4f [0157.061] CoTaskMemFree (pv=0x6b3340) [0157.061] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25a9860, cb=0x18 | out: lpmodinfo=0x25a9860*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0157.063] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0157.063] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0157.065] CoTaskMemFree (pv=0x6b3340) [0157.065] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0157.066] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0157.068] CoTaskMemFree (pv=0x6b2240) [0157.068] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x25aba08, cb=0x18 | out: lpmodinfo=0x25aba08*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0157.070] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0157.070] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0157.072] CoTaskMemFree (pv=0x6b2240) [0157.073] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0157.073] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0157.075] CoTaskMemFree (pv=0x6b3340) [0157.076] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x25adbc0, cb=0x18 | out: lpmodinfo=0x25adbc0*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0157.078] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0157.079] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0157.083] CoTaskMemFree (pv=0x6b2240) [0157.083] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0157.083] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0157.086] CoTaskMemFree (pv=0x6b1140) [0157.086] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x25afd78, cb=0x18 | out: lpmodinfo=0x25afd78*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0157.089] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0157.090] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0157.095] CoTaskMemFree (pv=0x6b2ac0) [0157.095] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0157.097] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0157.104] CoTaskMemFree (pv=0x6b19c0) [0157.104] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x25b1f78, cb=0x18 | out: lpmodinfo=0x25b1f78*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0157.107] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0157.108] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0157.111] CoTaskMemFree (pv=0x6b19c0) [0157.111] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0157.112] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0157.115] CoTaskMemFree (pv=0x6b2ac0) [0157.116] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x25b4120, cb=0x18 | out: lpmodinfo=0x25b4120*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0157.119] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0157.119] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0157.123] CoTaskMemFree (pv=0x6b08c0) [0157.123] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0157.124] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0157.128] CoTaskMemFree (pv=0x6b3340) [0157.128] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x25b62c8, cb=0x18 | out: lpmodinfo=0x25b62c8*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0157.133] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0157.133] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0157.138] CoTaskMemFree (pv=0x6b3340) [0157.138] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0157.138] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0157.142] CoTaskMemFree (pv=0x6b1140) [0157.142] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpmodinfo=0x25b84a0, cb=0x18 | out: lpmodinfo=0x25b84a0*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0157.147] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0157.147] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0157.152] CoTaskMemFree (pv=0x6b1140) [0157.152] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0157.152] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0157.157] CoTaskMemFree (pv=0x6b2ac0) [0157.158] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x25ba6e0, cb=0x18 | out: lpmodinfo=0x25ba6e0*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0157.162] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0157.162] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0157.168] CoTaskMemFree (pv=0x6b08c0) [0157.168] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0157.168] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0157.173] CoTaskMemFree (pv=0x6b19c0) [0157.174] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x25bc888, cb=0x18 | out: lpmodinfo=0x25bc888*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0157.179] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0157.179] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0157.186] CoTaskMemFree (pv=0x6b0040) [0157.186] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0157.186] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0157.192] CoTaskMemFree (pv=0x6b2240) [0157.192] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x25bea30, cb=0x18 | out: lpmodinfo=0x25bea30*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0157.198] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0157.198] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0157.205] CoTaskMemFree (pv=0x6b3340) [0157.205] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0157.205] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0157.211] CoTaskMemFree (pv=0x6b1140) [0157.211] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff877bb0000, lpmodinfo=0x25c0bd8, cb=0x18 | out: lpmodinfo=0x25c0bd8*(lpBaseOfDll=0x7ff877bb0000, SizeOfImage=0x6a000, EntryPoint=0x7ff877bb9d60)) returned 1 [0157.231] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0157.231] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff877bb0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wincorlib.DLL") returned 0xd [0157.238] CoTaskMemFree (pv=0x6b0040) [0157.238] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0157.238] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff877bb0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wincorlib.DLL" (normalized: "c:\\windows\\system32\\wincorlib.dll")) returned 0x21 [0157.245] CoTaskMemFree (pv=0x6b1140) [0157.245] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x25c2d90, cb=0x18 | out: lpmodinfo=0x25c2d90*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0157.251] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0157.252] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0157.259] CoTaskMemFree (pv=0x6b2240) [0157.259] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0157.259] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0157.266] CoTaskMemFree (pv=0x6b1140) [0157.266] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpmodinfo=0x25c4f48, cb=0x18 | out: lpmodinfo=0x25c4f48*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0157.273] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0157.273] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0157.280] CoTaskMemFree (pv=0x6b3340) [0157.281] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0157.281] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0157.289] CoTaskMemFree (pv=0x6b1140) [0157.289] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x25c70f0, cb=0x18 | out: lpmodinfo=0x25c70f0*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0157.296] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0157.297] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0157.304] CoTaskMemFree (pv=0x6b19c0) [0157.305] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0157.305] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0157.312] CoTaskMemFree (pv=0x6b08c0) [0157.312] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8769b0000, lpmodinfo=0x25c92b8, cb=0x18 | out: lpmodinfo=0x25c92b8*(lpBaseOfDll=0x7ff8769b0000, SizeOfImage=0x1039000, EntryPoint=0x7ff876dcb6f0)) returned 1 [0157.321] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0157.322] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8769b0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="Windows.UI.Xaml.dll") returned 0x13 [0157.330] CoTaskMemFree (pv=0x6b19c0) [0157.330] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0157.330] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8769b0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.Xaml.dll" (normalized: "c:\\windows\\system32\\windows.ui.xaml.dll")) returned 0x27 [0157.339] CoTaskMemFree (pv=0x6b2ac0) [0157.339] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff876870000, lpmodinfo=0x25cb598, cb=0x18 | out: lpmodinfo=0x25cb598*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0157.347] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0157.347] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff876870000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0157.356] CoTaskMemFree (pv=0x6b1140) [0157.356] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0157.356] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff876870000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0157.364] CoTaskMemFree (pv=0x6b1140) [0157.364] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpmodinfo=0x25cd750, cb=0x18 | out: lpmodinfo=0x25cd750*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0157.372] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0157.373] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="CoreMessaging.dll") returned 0x11 [0157.382] CoTaskMemFree (pv=0x6b3340) [0157.382] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0157.382] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0157.391] CoTaskMemFree (pv=0x6b0040) [0157.391] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a130000, lpmodinfo=0x25cf918, cb=0x18 | out: lpmodinfo=0x25cf918*(lpBaseOfDll=0x7ff87a130000, SizeOfImage=0x67000, EntryPoint=0x7ff87a14e710)) returned 1 [0157.401] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0157.401] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a130000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="Bcp47Langs.dll") returned 0xe [0157.410] CoTaskMemFree (pv=0x6b0040) [0157.410] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0157.410] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a130000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Bcp47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")) returned 0x22 [0157.419] CoTaskMemFree (pv=0x6b1140) [0157.419] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8764e0000, lpmodinfo=0x25d1ad0, cb=0x18 | out: lpmodinfo=0x25d1ad0*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0157.428] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0157.428] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0157.706] CoTaskMemFree (pv=0x6b08c0) [0157.706] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0157.706] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0157.716] CoTaskMemFree (pv=0x6b0040) [0157.716] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c650000, lpmodinfo=0x25d3c88, cb=0x18 | out: lpmodinfo=0x25d3c88*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0157.729] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0157.729] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c650000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0157.740] CoTaskMemFree (pv=0x6b1140) [0157.740] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0157.740] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c650000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0157.750] CoTaskMemFree (pv=0x6b0040) [0157.750] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c760000, lpmodinfo=0x25d5e30, cb=0x18 | out: lpmodinfo=0x25d5e30*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0157.764] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0157.764] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c760000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0157.774] CoTaskMemFree (pv=0x6b08c0) [0157.774] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0157.774] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c760000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0157.786] CoTaskMemFree (pv=0x6b19c0) [0157.786] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x25d7ff8, cb=0x18 | out: lpmodinfo=0x25d7ff8*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0157.796] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0157.796] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0157.808] CoTaskMemFree (pv=0x6b1140) [0157.808] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0157.808] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0157.819] CoTaskMemFree (pv=0x6b2ac0) [0157.819] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x25da1b0, cb=0x18 | out: lpmodinfo=0x25da1b0*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0157.834] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0157.836] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0157.848] CoTaskMemFree (pv=0x6b3340) [0157.848] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0157.848] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0157.859] CoTaskMemFree (pv=0x6b19c0) [0157.860] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fb50000, lpmodinfo=0x25dc368, cb=0x18 | out: lpmodinfo=0x25dc368*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0157.870] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0157.871] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0157.884] CoTaskMemFree (pv=0x6b2ac0) [0157.884] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0157.884] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0157.896] CoTaskMemFree (pv=0x6b2ac0) [0157.897] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x25de510, cb=0x18 | out: lpmodinfo=0x25de510*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0157.909] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0157.909] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0157.921] CoTaskMemFree (pv=0x6b19c0) [0157.921] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0157.921] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0157.936] CoTaskMemFree (pv=0x6b2240) [0157.936] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x25e06c8, cb=0x18 | out: lpmodinfo=0x25e06c8*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0157.948] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0157.949] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0157.962] CoTaskMemFree (pv=0x6b2ac0) [0157.962] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0157.962] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0157.976] CoTaskMemFree (pv=0x6b2240) [0157.976] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpmodinfo=0x25e2870, cb=0x18 | out: lpmodinfo=0x25e2870*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0157.990] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0157.990] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0158.006] CoTaskMemFree (pv=0x6b19c0) [0158.006] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0158.007] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0158.020] CoTaskMemFree (pv=0x6b2ac0) [0158.021] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x25e4a38, cb=0x18 | out: lpmodinfo=0x25e4a38*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0158.035] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0158.035] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0158.049] CoTaskMemFree (pv=0x6b3340) [0158.049] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0158.049] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0158.063] CoTaskMemFree (pv=0x6b19c0) [0158.063] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879c90000, lpmodinfo=0x25e6be0, cb=0x18 | out: lpmodinfo=0x25e6be0*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0158.076] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0158.076] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879c90000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0158.091] CoTaskMemFree (pv=0x6b2240) [0158.091] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0158.091] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879c90000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0158.105] CoTaskMemFree (pv=0x6b08c0) [0158.105] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87af40000, lpmodinfo=0x25e8d98, cb=0x18 | out: lpmodinfo=0x25e8d98*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0158.119] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0158.119] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87af40000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0158.133] CoTaskMemFree (pv=0x6b2240) [0158.134] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0158.134] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87af40000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0158.149] CoTaskMemFree (pv=0x6b19c0) [0158.149] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a590000, lpmodinfo=0x25eaf40, cb=0x18 | out: lpmodinfo=0x25eaf40*(lpBaseOfDll=0x7ff87a590000, SizeOfImage=0x22000, EntryPoint=0x7ff87a591a40)) returned 1 [0158.163] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0158.163] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a590000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0158.178] CoTaskMemFree (pv=0x6b0040) [0158.178] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0158.178] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a590000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0158.242] CoTaskMemFree (pv=0x6b2ac0) [0158.242] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a230000, lpmodinfo=0x25ed300, cb=0x18 | out: lpmodinfo=0x25ed300*(lpBaseOfDll=0x7ff87a230000, SizeOfImage=0xa2000, EntryPoint=0x7ff87a250a40)) returned 1 [0158.256] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0158.257] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a230000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="dxgi.dll") returned 0x8 [0158.271] CoTaskMemFree (pv=0x6b3340) [0158.272] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0158.272] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a230000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")) returned 0x1c [0158.288] CoTaskMemFree (pv=0x6b3340) [0158.288] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86b510000, lpmodinfo=0x25ef4a8, cb=0x18 | out: lpmodinfo=0x25ef4a8*(lpBaseOfDll=0x7ff86b510000, SizeOfImage=0x896000, EntryPoint=0x7ff86b69e200)) returned 1 [0158.302] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0158.303] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86b510000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="StartUI.dll") returned 0xb [0158.319] CoTaskMemFree (pv=0x6b19c0) [0158.319] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0158.319] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86b510000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\StartUI.dll" (normalized: "c:\\windows\\systemapps\\shellexperiencehost_cw5n1h2txyewy\\startui.dll")) returned 0x43 [0158.334] CoTaskMemFree (pv=0x6b1140) [0158.334] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d650000, lpmodinfo=0x25f1698, cb=0x18 | out: lpmodinfo=0x25f1698*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0158.350] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0158.351] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d650000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0158.366] CoTaskMemFree (pv=0x6b2ac0) [0158.366] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0158.367] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d650000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0158.383] CoTaskMemFree (pv=0x6b19c0) [0158.383] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8740b0000, lpmodinfo=0x25f3840, cb=0x18 | out: lpmodinfo=0x25f3840*(lpBaseOfDll=0x7ff8740b0000, SizeOfImage=0x4b000, EntryPoint=0x7ff8740c7b70)) returned 1 [0158.399] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0158.399] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8740b0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="VEEventDispatcher.dll") returned 0x15 [0158.416] CoTaskMemFree (pv=0x6b08c0) [0158.416] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0158.416] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8740b0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll")) returned 0x29 [0158.432] CoTaskMemFree (pv=0x6b2240) [0158.433] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff877aa0000, lpmodinfo=0x25f5a18, cb=0x18 | out: lpmodinfo=0x25f5a18*(lpBaseOfDll=0x7ff877aa0000, SizeOfImage=0x10e000, EntryPoint=0x7ff877aeeaa0)) returned 1 [0158.449] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0158.450] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff877aa0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="MrmCoreR.dll") returned 0xc [0158.465] CoTaskMemFree (pv=0x6b19c0) [0158.466] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0158.466] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff877aa0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")) returned 0x20 [0158.483] CoTaskMemFree (pv=0x6b3340) [0158.483] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878e80000, lpmodinfo=0x25f7bd0, cb=0x18 | out: lpmodinfo=0x25f7bd0*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0158.508] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0158.508] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878e80000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0158.526] CoTaskMemFree (pv=0x6b1140) [0158.526] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0158.526] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878e80000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0158.544] CoTaskMemFree (pv=0x6b3340) [0158.544] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86b4f0000, lpmodinfo=0x25f9d98, cb=0x18 | out: lpmodinfo=0x25f9d98*(lpBaseOfDll=0x7ff86b4f0000, SizeOfImage=0x1a000, EntryPoint=0x7ff86b4f4070)) returned 1 [0158.561] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0158.562] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86b4f0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="Windows.UI.Shell.SharedUtilities.dll") returned 0x24 [0158.580] CoTaskMemFree (pv=0x6b19c0) [0158.580] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0158.580] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86b4f0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\Windows.UI.Shell.SharedUtilities.dll" (normalized: "c:\\windows\\systemapps\\shellexperiencehost_cw5n1h2txyewy\\windows.ui.shell.sharedutilities.dll")) returned 0x5c [0158.599] CoTaskMemFree (pv=0x6b3340) [0158.599] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86b470000, lpmodinfo=0x25fbff8, cb=0x18 | out: lpmodinfo=0x25fbff8*(lpBaseOfDll=0x7ff86b470000, SizeOfImage=0x76000, EntryPoint=0x7ff86b482320)) returned 1 [0158.617] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0158.617] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86b470000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="QuickActions.dll") returned 0x10 [0158.634] CoTaskMemFree (pv=0x6b08c0) [0158.634] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0158.634] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86b470000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\QuickActions.dll" (normalized: "c:\\windows\\systemapps\\shellexperiencehost_cw5n1h2txyewy\\quickactions.dll")) returned 0x48 [0158.653] CoTaskMemFree (pv=0x6b0040) [0158.653] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86b1c0000, lpmodinfo=0x25fe208, cb=0x18 | out: lpmodinfo=0x25fe208*(lpBaseOfDll=0x7ff86b1c0000, SizeOfImage=0x2ae000, EntryPoint=0x7ff86b22ee20)) returned 1 [0158.670] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0158.671] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86b1c0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="Windows.UI.ActionCenter.dll") returned 0x1b [0158.689] CoTaskMemFree (pv=0x6b19c0) [0158.689] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0158.689] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86b1c0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\Windows.UI.ActionCenter.dll" (normalized: "c:\\windows\\systemapps\\shellexperiencehost_cw5n1h2txyewy\\windows.ui.actioncenter.dll")) returned 0x53 [0158.708] CoTaskMemFree (pv=0x6b3340) [0158.708] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86b180000, lpmodinfo=0x2600438, cb=0x18 | out: lpmodinfo=0x2600438*(lpBaseOfDll=0x7ff86b180000, SizeOfImage=0x39000, EntryPoint=0x7ff86b18e660)) returned 1 [0158.726] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0158.727] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86b180000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="QuickActionsDataModel.dll") returned 0x19 [0158.745] CoTaskMemFree (pv=0x6b19c0) [0158.746] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0158.746] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86b180000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\QuickActionsDataModel.dll" (normalized: "c:\\windows\\system32\\quickactionsdatamodel.dll")) returned 0x2d [0158.764] CoTaskMemFree (pv=0x6b2240) [0158.764] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8779f0000, lpmodinfo=0x2602620, cb=0x18 | out: lpmodinfo=0x2602620*(lpBaseOfDll=0x7ff8779f0000, SizeOfImage=0xa9000, EntryPoint=0x7ff877a19010)) returned 1 [0158.781] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0158.782] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8779f0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="Windows.UI.dll") returned 0xe [0158.801] CoTaskMemFree (pv=0x6b2240) [0158.801] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0158.801] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8779f0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll")) returned 0x22 [0158.821] CoTaskMemFree (pv=0x6b0040) [0158.821] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874220000, lpmodinfo=0x26047d8, cb=0x18 | out: lpmodinfo=0x26047d8*(lpBaseOfDll=0x7ff874220000, SizeOfImage=0x288000, EntryPoint=0x7ff87427f670)) returned 1 [0158.847] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0158.847] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874220000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="CoreUIComponents.dll") returned 0x14 [0158.868] CoTaskMemFree (pv=0x6b19c0) [0158.868] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0158.868] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874220000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll")) returned 0x28 [0158.887] CoTaskMemFree (pv=0x6b3340) [0158.887] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a2e0000, lpmodinfo=0x26069b0, cb=0x18 | out: lpmodinfo=0x26069b0*(lpBaseOfDll=0x7ff87a2e0000, SizeOfImage=0x2a8000, EntryPoint=0x7ff87a373250)) returned 1 [0158.918] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0158.918] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a2e0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="d3d11.dll") returned 0x9 [0158.937] CoTaskMemFree (pv=0x6b0040) [0158.937] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0158.937] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a2e0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll")) returned 0x1d [0158.957] CoTaskMemFree (pv=0x6b2ac0) [0158.957] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879580000, lpmodinfo=0x2608b58, cb=0x18 | out: lpmodinfo=0x2608b58*(lpBaseOfDll=0x7ff879580000, SizeOfImage=0x26f000, EntryPoint=0x7ff8796322b0)) returned 1 [0158.975] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0158.975] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879580000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="d3d10warp.dll") returned 0xd [0158.994] CoTaskMemFree (pv=0x6b08c0) [0158.994] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0158.994] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879580000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll")) returned 0x21 [0159.015] CoTaskMemFree (pv=0x6b08c0) [0159.015] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879030000, lpmodinfo=0x260ad10, cb=0x18 | out: lpmodinfo=0x260ad10*(lpBaseOfDll=0x7ff879030000, SizeOfImage=0x545000, EntryPoint=0x7ff8791ca450)) returned 1 [0159.035] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0159.035] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879030000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="d2d1.dll") returned 0x8 [0159.054] CoTaskMemFree (pv=0x6b0040) [0159.054] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0159.054] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879030000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll")) returned 0x1c [0159.075] CoTaskMemFree (pv=0x6b2240) [0159.075] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a6a0000, lpmodinfo=0x260ceb8, cb=0x18 | out: lpmodinfo=0x260ceb8*(lpBaseOfDll=0x7ff87a6a0000, SizeOfImage=0xe3000, EntryPoint=0x7ff87a6d7da0)) returned 1 [0159.103] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0159.103] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a6a0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="dcomp.dll") returned 0x9 [0159.125] CoTaskMemFree (pv=0x6b08c0) [0159.125] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0159.125] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a6a0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll")) returned 0x1d [0159.155] CoTaskMemFree (pv=0x6b1140) [0159.155] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fbb0000, lpmodinfo=0x260f060, cb=0x18 | out: lpmodinfo=0x260f060*(lpBaseOfDll=0x7ff87fbb0000, SizeOfImage=0x15a000, EntryPoint=0x7ff87fbf38e0)) returned 1 [0159.177] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0159.177] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fbb0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0159.198] CoTaskMemFree (pv=0x6b08c0) [0159.198] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0159.198] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fbb0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0159.231] CoTaskMemFree (pv=0x6b2ac0) [0159.231] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86e390000, lpmodinfo=0x2611208, cb=0x18 | out: lpmodinfo=0x2611208*(lpBaseOfDll=0x7ff86e390000, SizeOfImage=0x4a000, EntryPoint=0x7ff86e395800)) returned 1 [0159.252] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0159.252] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86e390000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="DataExchange.dll") returned 0x10 [0159.274] CoTaskMemFree (pv=0x6b19c0) [0159.274] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0159.274] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86e390000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DataExchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll")) returned 0x24 [0159.296] CoTaskMemFree (pv=0x6b2ac0) [0159.296] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c060000, lpmodinfo=0x26133d0, cb=0x18 | out: lpmodinfo=0x26133d0*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0159.319] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0159.319] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c060000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0159.340] CoTaskMemFree (pv=0x6b1140) [0159.340] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0159.340] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c060000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0159.361] CoTaskMemFree (pv=0x6b2240) [0159.361] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875f30000, lpmodinfo=0x2615588, cb=0x18 | out: lpmodinfo=0x2615588*(lpBaseOfDll=0x7ff875f30000, SizeOfImage=0x185000, EntryPoint=0x7ff875f76180)) returned 1 [0159.509] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0159.509] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875f30000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="Windows.Globalization.dll") returned 0x19 [0159.532] CoTaskMemFree (pv=0x6b0040) [0159.532] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0159.532] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875f30000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Globalization.dll" (normalized: "c:\\windows\\system32\\windows.globalization.dll")) returned 0x2d [0159.554] CoTaskMemFree (pv=0x6b08c0) [0159.554] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86b060000, lpmodinfo=0x2617770, cb=0x18 | out: lpmodinfo=0x2617770*(lpBaseOfDll=0x7ff86b060000, SizeOfImage=0x48000, EntryPoint=0x7ff86b06a430)) returned 1 [0159.576] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0159.576] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86b060000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="NotificationObjFactory.dll") returned 0x1a [0159.599] CoTaskMemFree (pv=0x6b1140) [0159.599] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0159.599] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86b060000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NotificationObjFactory.dll" (normalized: "c:\\windows\\system32\\notificationobjfactory.dll")) returned 0x2e [0159.622] CoTaskMemFree (pv=0x6b1140) [0159.622] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870840000, lpmodinfo=0x2619958, cb=0x18 | out: lpmodinfo=0x2619958*(lpBaseOfDll=0x7ff870840000, SizeOfImage=0x1b8000, EntryPoint=0x7ff8708ae630)) returned 1 [0159.645] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0159.646] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870840000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="urlmon.dll") returned 0xa [0159.668] CoTaskMemFree (pv=0x6b3340) [0159.668] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0159.668] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870840000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")) returned 0x1e [0159.692] CoTaskMemFree (pv=0x6b1140) [0159.692] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8760c0000, lpmodinfo=0x261bb00, cb=0x18 | out: lpmodinfo=0x261bb00*(lpBaseOfDll=0x7ff8760c0000, SizeOfImage=0x260000, EntryPoint=0x7ff87616b5b0)) returned 1 [0159.715] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0159.715] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8760c0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="dwrite.dll") returned 0xa [0159.739] CoTaskMemFree (pv=0x6b19c0) [0159.739] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0159.739] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8760c0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dwrite.dll" (normalized: "c:\\windows\\system32\\dwrite.dll")) returned 0x1e [0159.762] CoTaskMemFree (pv=0x6b2ac0) [0159.763] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8736c0000, lpmodinfo=0x261dca8, cb=0x18 | out: lpmodinfo=0x261dca8*(lpBaseOfDll=0x7ff8736c0000, SizeOfImage=0x2a3000, EntryPoint=0x7ff8736e6190)) returned 1 [0159.787] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0159.787] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8736c0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="Windows.StateRepository.dll") returned 0x1b [0159.810] CoTaskMemFree (pv=0x6b2240) [0159.810] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0159.810] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8736c0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")) returned 0x2f [0159.834] CoTaskMemFree (pv=0x6b2240) [0159.835] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873620000, lpmodinfo=0x261fe90, cb=0x18 | out: lpmodinfo=0x261fe90*(lpBaseOfDll=0x7ff873620000, SizeOfImage=0x94000, EntryPoint=0x7ff873659210)) returned 1 [0159.859] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0159.859] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873620000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="StateRepository.Core.dll") returned 0x18 [0159.882] CoTaskMemFree (pv=0x6b2ac0) [0159.882] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0159.882] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873620000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")) returned 0x2c [0159.907] CoTaskMemFree (pv=0x6b1140) [0159.907] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86a2e0000, lpmodinfo=0x2622078, cb=0x18 | out: lpmodinfo=0x2622078*(lpBaseOfDll=0x7ff86a2e0000, SizeOfImage=0x18000, EntryPoint=0x7ff86a2e3a50)) returned 1 [0159.930] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0159.930] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86a2e0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="Windows.Globalization.Fontgroups.dll") returned 0x24 [0159.955] CoTaskMemFree (pv=0x6b0040) [0159.955] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0159.955] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86a2e0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Globalization.Fontgroups.dll" (normalized: "c:\\windows\\system32\\windows.globalization.fontgroups.dll")) returned 0x38 [0159.979] CoTaskMemFree (pv=0x6b1140) [0159.979] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86a2d0000, lpmodinfo=0x2624290, cb=0x18 | out: lpmodinfo=0x2624290*(lpBaseOfDll=0x7ff86a2d0000, SizeOfImage=0xa000, EntryPoint=0x7ff86a2d1150)) returned 1 [0160.003] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0160.003] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86a2d0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="fontgroupsoverride.dll") returned 0x16 [0160.028] CoTaskMemFree (pv=0x6b08c0) [0160.028] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0160.028] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86a2d0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\fontgroupsoverride.dll" (normalized: "c:\\windows\\system32\\fontgroupsoverride.dll")) returned 0x2a [0160.054] CoTaskMemFree (pv=0x6b1140) [0160.054] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c060000, lpmodinfo=0x2626468, cb=0x18 | out: lpmodinfo=0x2626468*(lpBaseOfDll=0x7ff86c060000, SizeOfImage=0x55000, EntryPoint=0x7ff86c071250)) returned 1 [0160.078] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0160.078] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c060000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="Windows.Storage.ApplicationData.dll") returned 0x23 [0160.103] CoTaskMemFree (pv=0x6b3340) [0160.104] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0160.104] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c060000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll" (normalized: "c:\\windows\\system32\\windows.storage.applicationdata.dll")) returned 0x37 [0160.128] CoTaskMemFree (pv=0x6b0040) [0160.128] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ab10000, lpmodinfo=0x2628670, cb=0x18 | out: lpmodinfo=0x2628670*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0160.154] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0160.154] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ab10000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0160.180] CoTaskMemFree (pv=0x6b2240) [0160.180] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0160.180] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ab10000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0160.205] CoTaskMemFree (pv=0x6b3340) [0160.205] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86a270000, lpmodinfo=0x262a818, cb=0x18 | out: lpmodinfo=0x262a818*(lpBaseOfDll=0x7ff86a270000, SizeOfImage=0x5f000, EntryPoint=0x7ff86a281560)) returned 1 [0160.265] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0160.265] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86a270000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="Windows.Graphics.dll") returned 0x14 [0160.291] CoTaskMemFree (pv=0x6b0040) [0160.291] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0160.291] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86a270000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Graphics.dll" (normalized: "c:\\windows\\system32\\windows.graphics.dll")) returned 0x28 [0160.318] CoTaskMemFree (pv=0x6b1140) [0160.318] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8751b0000, lpmodinfo=0x262c9f0, cb=0x18 | out: lpmodinfo=0x262c9f0*(lpBaseOfDll=0x7ff8751b0000, SizeOfImage=0x15000, EntryPoint=0x7ff8751b6430)) returned 1 [0160.344] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0160.344] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8751b0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="threadpoolwinrt.dll") returned 0x13 [0160.371] CoTaskMemFree (pv=0x6b2ac0) [0160.371] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0160.372] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8751b0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\threadpoolwinrt.dll" (normalized: "c:\\windows\\system32\\threadpoolwinrt.dll")) returned 0x27 [0160.397] CoTaskMemFree (pv=0x6b3340) [0160.397] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f290000, lpmodinfo=0x262ebb8, cb=0x18 | out: lpmodinfo=0x262ebb8*(lpBaseOfDll=0x7ff86f290000, SizeOfImage=0xb1000, EntryPoint=0x7ff86f2a08f0)) returned 1 [0160.425] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0160.425] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f290000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="twinapi.dll") returned 0xb [0160.450] CoTaskMemFree (pv=0x6b1140) [0160.450] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0160.451] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f290000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\twinapi.dll" (normalized: "c:\\windows\\system32\\twinapi.dll")) returned 0x1f [0160.479] CoTaskMemFree (pv=0x6b1140) [0160.479] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c340000, lpmodinfo=0x2631178, cb=0x18 | out: lpmodinfo=0x2631178*(lpBaseOfDll=0x7ff86c340000, SizeOfImage=0xb4000, EntryPoint=0x7ff86c3553b0)) returned 1 [0160.512] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0160.512] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c340000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="Windows.Internal.Shell.Broker.dll") returned 0x21 [0160.540] CoTaskMemFree (pv=0x6b0040) [0160.540] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0160.540] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c340000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Windows.Internal.Shell.Broker.dll" (normalized: "c:\\windows\\system32\\windows.internal.shell.broker.dll")) returned 0x35 [0160.566] CoTaskMemFree (pv=0x6b08c0) [0160.566] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bd20000, lpmodinfo=0x2633380, cb=0x18 | out: lpmodinfo=0x2633380*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0160.603] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0160.603] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0160.632] CoTaskMemFree (pv=0x6b1140) [0160.632] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0160.633] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0160.669] CoTaskMemFree (pv=0x6b2ac0) [0160.669] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x2635528, cb=0x18 | out: lpmodinfo=0x2635528*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0160.697] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0160.697] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0160.726] CoTaskMemFree (pv=0x6b19c0) [0160.726] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0160.726] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0160.753] CoTaskMemFree (pv=0x6b3340) [0160.754] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ad00000, lpmodinfo=0x26376d0, cb=0x18 | out: lpmodinfo=0x26376d0*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0160.781] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0160.781] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0160.809] CoTaskMemFree (pv=0x6b2ac0) [0160.809] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0160.809] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0160.838] CoTaskMemFree (pv=0x6b1140) [0160.838] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff60eb50000, lpmodinfo=0x2639888, cb=0x18 | out: lpmodinfo=0x2639888*(lpBaseOfDll=0x7ff60eb50000, SizeOfImage=0x7cc000, EntryPoint=0x0)) returned 1 [0160.865] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0160.865] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff60eb50000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="ntoskrnl.exe") returned 0xc [0160.894] CoTaskMemFree (pv=0x6b3340) [0160.894] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0160.894] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff60eb50000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntoskrnl.exe" (normalized: "c:\\windows\\system32\\ntoskrnl.exe")) returned 0x20 [0160.924] CoTaskMemFree (pv=0x6b2ac0) [0160.924] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ad80000, lpmodinfo=0x263ba40, cb=0x18 | out: lpmodinfo=0x263ba40*(lpBaseOfDll=0x7ff87ad80000, SizeOfImage=0x25000, EntryPoint=0x7ff87ad95220)) returned 1 [0160.952] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0160.953] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ad80000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="SLC.dll") returned 0x7 [0160.981] CoTaskMemFree (pv=0x6b2ac0) [0160.981] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0160.981] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ad80000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SLC.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0161.010] CoTaskMemFree (pv=0x6b08c0) [0161.010] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ad20000, lpmodinfo=0x263dbd8, cb=0x18 | out: lpmodinfo=0x263dbd8*(lpBaseOfDll=0x7ff87ad20000, SizeOfImage=0x25000, EntryPoint=0x7ff87ad22300)) returned 1 [0161.040] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0161.040] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ad20000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="sppc.dll") returned 0x8 [0161.068] CoTaskMemFree (pv=0x6b0040) [0161.068] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0161.068] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ad20000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll")) returned 0x1c [0161.097] CoTaskMemFree (pv=0x6b08c0) [0161.097] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878830000, lpmodinfo=0x263fd80, cb=0x18 | out: lpmodinfo=0x263fd80*(lpBaseOfDll=0x7ff878830000, SizeOfImage=0x55000, EntryPoint=0x7ff878833fb0)) returned 1 [0161.126] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0161.126] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878830000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="policymanager.dll") returned 0x11 [0161.156] CoTaskMemFree (pv=0x6b2240) [0161.156] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0161.156] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878830000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")) returned 0x25 [0161.184] CoTaskMemFree (pv=0x6b1140) [0161.184] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86dea0000, lpmodinfo=0x2641f48, cb=0x18 | out: lpmodinfo=0x2641f48*(lpBaseOfDll=0x7ff86dea0000, SizeOfImage=0x50000, EntryPoint=0x7ff86dea2580)) returned 1 [0161.215] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0161.215] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86dea0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="edputil.dll") returned 0xb [0161.261] CoTaskMemFree (pv=0x6b0040) [0161.261] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0161.261] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86dea0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll")) returned 0x1f [0161.292] CoTaskMemFree (pv=0x6b1140) [0161.292] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875ea0000, lpmodinfo=0x26440f0, cb=0x18 | out: lpmodinfo=0x26440f0*(lpBaseOfDll=0x7ff875ea0000, SizeOfImage=0x8b000, EntryPoint=0x7ff875ed3660)) returned 1 [0161.321] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0161.322] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875ea0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="directmanipulation.dll") returned 0x16 [0161.353] CoTaskMemFree (pv=0x6b2240) [0161.353] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0161.353] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875ea0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\directmanipulation.dll" (normalized: "c:\\windows\\system32\\directmanipulation.dll")) returned 0x2a [0161.382] CoTaskMemFree (pv=0x6b0040) [0161.382] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879920000, lpmodinfo=0x26462c8, cb=0x18 | out: lpmodinfo=0x26462c8*(lpBaseOfDll=0x7ff879920000, SizeOfImage=0x1b1000, EntryPoint=0x7ff8799b61a0)) returned 1 [0161.413] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0161.414] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879920000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="windowscodecs.dll") returned 0x11 [0161.444] CoTaskMemFree (pv=0x6b2ac0) [0161.445] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0161.445] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879920000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windowscodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")) returned 0x25 [0161.475] CoTaskMemFree (pv=0x6b2240) [0161.475] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpmodinfo=0x2648490, cb=0x18 | out: lpmodinfo=0x2648490*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0161.513] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0161.514] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="winsta.dll") returned 0xa [0161.602] CoTaskMemFree (pv=0x6b0040) [0161.602] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0161.602] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0161.633] CoTaskMemFree (pv=0x6b08c0) [0161.633] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c4f0000, lpmodinfo=0x264a638, cb=0x18 | out: lpmodinfo=0x264a638*(lpBaseOfDll=0x7ff86c4f0000, SizeOfImage=0xc000, EntryPoint=0x7ff86c4f14b0)) returned 1 [0161.664] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0161.665] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c4f0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="NotificationControllerPS.dll") returned 0x1c [0161.697] CoTaskMemFree (pv=0x6b2240) [0161.697] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0161.697] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c4f0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NotificationControllerPS.dll" (normalized: "c:\\windows\\system32\\notificationcontrollerps.dll")) returned 0x30 [0161.729] CoTaskMemFree (pv=0x6b3340) [0161.729] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8757e0000, lpmodinfo=0x264c830, cb=0x18 | out: lpmodinfo=0x264c830*(lpBaseOfDll=0x7ff8757e0000, SizeOfImage=0x73000, EntryPoint=0x7ff8757e45c0)) returned 1 [0161.766] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0161.766] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8757e0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="RTMediaFrame.dll") returned 0x10 [0161.799] CoTaskMemFree (pv=0x6b0040) [0161.799] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0161.799] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8757e0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RTMediaFrame.dll" (normalized: "c:\\windows\\system32\\rtmediaframe.dll")) returned 0x24 [0161.831] CoTaskMemFree (pv=0x6b08c0) [0161.831] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8756b0000, lpmodinfo=0x264e9f8, cb=0x18 | out: lpmodinfo=0x264e9f8*(lpBaseOfDll=0x7ff8756b0000, SizeOfImage=0x44000, EntryPoint=0x7ff8756d78b0)) returned 1 [0161.863] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0161.863] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8756b0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ContentDeliveryManager.Utilities.dll") returned 0x24 [0161.895] CoTaskMemFree (pv=0x6b2240) [0161.895] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0161.895] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8756b0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ContentDeliveryManager.Utilities.dll" (normalized: "c:\\windows\\system32\\contentdeliverymanager.utilities.dll")) returned 0x38 [0161.928] CoTaskMemFree (pv=0x6b19c0) [0161.928] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878510000, lpmodinfo=0x2650c10, cb=0x18 | out: lpmodinfo=0x2650c10*(lpBaseOfDll=0x7ff878510000, SizeOfImage=0x3e000, EntryPoint=0x7ff87851a050)) returned 1 [0161.962] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0161.962] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878510000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="logoncli.dll") returned 0xc [0161.995] CoTaskMemFree (pv=0x6b1140) [0161.995] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0161.995] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878510000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")) returned 0x20 [0162.029] CoTaskMemFree (pv=0x6b1140) [0162.029] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86a0d0000, lpmodinfo=0x2652dc8, cb=0x18 | out: lpmodinfo=0x2652dc8*(lpBaseOfDll=0x7ff86a0d0000, SizeOfImage=0x34000, EntryPoint=0x7ff86a0e94e0)) returned 1 [0162.062] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.063] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86a0d0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="PersonaX.dll") returned 0xc [0162.095] CoTaskMemFree (pv=0x6b19c0) [0162.095] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.095] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86a0d0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PersonaX.dll" (normalized: "c:\\windows\\system32\\personax.dll")) returned 0x20 [0162.133] CoTaskMemFree (pv=0x6b0040) [0162.133] CloseHandle (hObject=0x260) returned 1 [0162.134] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0162.134] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xfac) returned 0x260 [0162.134] EnumProcessModules (in: hProcess=0x260, lphModule=0x2656f00, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2656f00, lpcbNeeded=0x14ef68) returned 1 [0162.135] GetModuleInformation (in: hProcess=0x260, hModule=0x13e0000, lpmodinfo=0x2657170, cb=0x18 | out: lpmodinfo=0x2657170*(lpBaseOfDll=0x13e0000, SizeOfImage=0x17000, EntryPoint=0x13e14a1)) returned 1 [0162.135] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.135] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x13e0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="soon positive.exe") returned 0x11 [0162.136] CoTaskMemFree (pv=0x6b08c0) [0162.136] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.136] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x13e0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Internet Explorer\\soon positive.exe" (normalized: "c:\\program files (x86)\\internet explorer\\soon positive.exe")) returned 0x3a [0162.136] CoTaskMemFree (pv=0x6b1140) [0162.136] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2659398, cb=0x18 | out: lpmodinfo=0x2659398*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0162.137] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.137] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0162.137] CoTaskMemFree (pv=0x6b08c0) [0162.137] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.138] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0162.138] CoTaskMemFree (pv=0x6b2ac0) [0162.138] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x265b540, cb=0x18 | out: lpmodinfo=0x265b540*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0162.139] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.139] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0162.140] CoTaskMemFree (pv=0x6b19c0) [0162.140] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.140] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0162.141] CoTaskMemFree (pv=0x6b19c0) [0162.141] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x265d6e8, cb=0x18 | out: lpmodinfo=0x265d6e8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0162.141] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.141] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0162.142] CoTaskMemFree (pv=0x6b08c0) [0162.142] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.142] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0162.143] CoTaskMemFree (pv=0x6b1140) [0162.143] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x265f8a0, cb=0x18 | out: lpmodinfo=0x265f8a0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0162.143] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.143] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0162.144] CoTaskMemFree (pv=0x6b08c0) [0162.144] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.144] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0162.145] CoTaskMemFree (pv=0x6b0040) [0162.145] CloseHandle (hObject=0x260) returned 1 [0162.145] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0162.145] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x664) returned 0x260 [0162.145] EnumProcessModules (in: hProcess=0x260, lphModule=0x2661fb8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2661fb8, lpcbNeeded=0x14ef68) returned 1 [0162.149] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff63a8f0000, lpmodinfo=0x2662228, cb=0x18 | out: lpmodinfo=0x2662228*(lpBaseOfDll=0x7ff63a8f0000, SizeOfImage=0x19000, EntryPoint=0x7ff63a8f59b0)) returned 1 [0162.149] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.149] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff63a8f0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="taskhostw.exe") returned 0xd [0162.150] CoTaskMemFree (pv=0x6b19c0) [0162.150] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.150] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff63a8f0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskhostw.exe" (normalized: "c:\\windows\\system32\\taskhostw.exe")) returned 0x21 [0162.150] CoTaskMemFree (pv=0x6b0040) [0162.150] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2664418, cb=0x18 | out: lpmodinfo=0x2664418*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0162.151] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.151] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0162.151] CoTaskMemFree (pv=0x6b3340) [0162.152] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.152] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0162.152] CoTaskMemFree (pv=0x6b2240) [0162.152] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x26665c0, cb=0x18 | out: lpmodinfo=0x26665c0*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0162.153] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.153] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0162.154] CoTaskMemFree (pv=0x6b2ac0) [0162.154] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.154] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0162.155] CoTaskMemFree (pv=0x6b2240) [0162.155] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x2668778, cb=0x18 | out: lpmodinfo=0x2668778*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0162.155] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.156] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0162.156] CoTaskMemFree (pv=0x6b2240) [0162.156] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.156] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0162.157] CoTaskMemFree (pv=0x6b1140) [0162.157] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x266a930, cb=0x18 | out: lpmodinfo=0x266a930*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0162.158] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.158] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0162.159] CoTaskMemFree (pv=0x6b2ac0) [0162.159] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.159] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0162.160] CoTaskMemFree (pv=0x6b3340) [0162.160] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x266cb30, cb=0x18 | out: lpmodinfo=0x266cb30*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0162.161] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.161] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0162.162] CoTaskMemFree (pv=0x6b19c0) [0162.162] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.162] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0162.163] CoTaskMemFree (pv=0x6b1140) [0162.163] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x266ecd8, cb=0x18 | out: lpmodinfo=0x266ecd8*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0162.164] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.164] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0162.165] CoTaskMemFree (pv=0x6b19c0) [0162.165] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.165] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0162.166] CoTaskMemFree (pv=0x6b2240) [0162.166] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x2670e80, cb=0x18 | out: lpmodinfo=0x2670e80*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0162.167] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.167] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0162.168] CoTaskMemFree (pv=0x6b2240) [0162.168] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.168] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0162.169] CoTaskMemFree (pv=0x6b1140) [0162.170] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x2673058, cb=0x18 | out: lpmodinfo=0x2673058*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0162.170] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.171] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0162.172] CoTaskMemFree (pv=0x6b19c0) [0162.172] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.172] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0162.173] CoTaskMemFree (pv=0x6b3340) [0162.173] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x26752a8, cb=0x18 | out: lpmodinfo=0x26752a8*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0162.174] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.174] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0162.175] CoTaskMemFree (pv=0x6b3340) [0162.176] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.176] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0162.177] CoTaskMemFree (pv=0x6b0040) [0162.177] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x2677470, cb=0x18 | out: lpmodinfo=0x2677470*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0162.178] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.178] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0162.179] CoTaskMemFree (pv=0x6b2240) [0162.179] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.180] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0162.181] CoTaskMemFree (pv=0x6b2240) [0162.181] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x2679618, cb=0x18 | out: lpmodinfo=0x2679618*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0162.183] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.183] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0162.185] CoTaskMemFree (pv=0x6b2ac0) [0162.185] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.185] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0162.186] CoTaskMemFree (pv=0x6b0040) [0162.186] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x267b7c0, cb=0x18 | out: lpmodinfo=0x267b7c0*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0162.188] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.188] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0162.189] CoTaskMemFree (pv=0x6b19c0) [0162.189] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.190] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0162.191] CoTaskMemFree (pv=0x6b3340) [0162.191] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpmodinfo=0x267d968, cb=0x18 | out: lpmodinfo=0x267d968*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0162.192] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.193] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0162.194] CoTaskMemFree (pv=0x6b2240) [0162.194] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.194] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0162.196] CoTaskMemFree (pv=0x6b2240) [0162.196] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87af40000, lpmodinfo=0x267fb10, cb=0x18 | out: lpmodinfo=0x267fb10*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0162.197] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.197] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87af40000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0162.199] CoTaskMemFree (pv=0x6b0040) [0162.199] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.199] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87af40000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0162.201] CoTaskMemFree (pv=0x6b3340) [0162.201] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fbb0000, lpmodinfo=0x2681cb8, cb=0x18 | out: lpmodinfo=0x2681cb8*(lpBaseOfDll=0x7ff87fbb0000, SizeOfImage=0x15a000, EntryPoint=0x7ff87fbf38e0)) returned 1 [0162.202] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.202] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fbb0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0162.204] CoTaskMemFree (pv=0x6b0040) [0162.204] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.204] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fbb0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0162.206] CoTaskMemFree (pv=0x6b3340) [0162.206] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a590000, lpmodinfo=0x2683e60, cb=0x18 | out: lpmodinfo=0x2683e60*(lpBaseOfDll=0x7ff87a590000, SizeOfImage=0x22000, EntryPoint=0x7ff87a591a40)) returned 1 [0162.208] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.208] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a590000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0162.209] CoTaskMemFree (pv=0x6b2240) [0162.210] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.210] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a590000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0162.211] CoTaskMemFree (pv=0x6b0040) [0162.211] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x2686120, cb=0x18 | out: lpmodinfo=0x2686120*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0162.213] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.213] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0162.215] CoTaskMemFree (pv=0x6b0040) [0162.215] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.215] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0162.226] CoTaskMemFree (pv=0x6b08c0) [0162.226] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f1f0000, lpmodinfo=0x26882c8, cb=0x18 | out: lpmodinfo=0x26882c8*(lpBaseOfDll=0x7ff86f1f0000, SizeOfImage=0xd000, EntryPoint=0x7ff86f1f2560)) returned 1 [0162.228] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.228] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f1f0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="MsCtfMonitor.dll") returned 0x10 [0162.230] CoTaskMemFree (pv=0x6b1140) [0162.230] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.230] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f1f0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MsCtfMonitor.dll" (normalized: "c:\\windows\\system32\\msctfmonitor.dll")) returned 0x24 [0162.232] CoTaskMemFree (pv=0x6b19c0) [0162.232] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f170000, lpmodinfo=0x268a490, cb=0x18 | out: lpmodinfo=0x268a490*(lpBaseOfDll=0x7ff86f170000, SizeOfImage=0x7a000, EntryPoint=0x7ff86f1715b0)) returned 1 [0162.234] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.234] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f170000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="MSUTB.dll") returned 0x9 [0162.236] CoTaskMemFree (pv=0x6b08c0) [0162.236] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.236] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f170000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSUTB.dll" (normalized: "c:\\windows\\system32\\msutb.dll")) returned 0x1d [0162.238] CoTaskMemFree (pv=0x6b1140) [0162.238] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpmodinfo=0x268c638, cb=0x18 | out: lpmodinfo=0x268c638*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0162.240] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.240] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0162.242] CoTaskMemFree (pv=0x6b0040) [0162.242] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.242] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0162.244] CoTaskMemFree (pv=0x6b3340) [0162.244] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f150000, lpmodinfo=0x268e7e0, cb=0x18 | out: lpmodinfo=0x268e7e0*(lpBaseOfDll=0x7ff86f150000, SizeOfImage=0x1a000, EntryPoint=0x7ff86f152a10)) returned 1 [0162.247] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.247] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f150000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="PlaySndSrv.dll") returned 0xe [0162.249] CoTaskMemFree (pv=0x6b1140) [0162.249] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.249] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f150000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PlaySndSrv.dll" (normalized: "c:\\windows\\system32\\playsndsrv.dll")) returned 0x22 [0162.251] CoTaskMemFree (pv=0x6b3340) [0162.252] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86ec80000, lpmodinfo=0x2690998, cb=0x18 | out: lpmodinfo=0x2690998*(lpBaseOfDll=0x7ff86ec80000, SizeOfImage=0x28e000, EntryPoint=0x7ff86ed50f00)) returned 1 [0162.254] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.254] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86ec80000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wininet.dll") returned 0xb [0162.256] CoTaskMemFree (pv=0x6b08c0) [0162.256] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.256] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86ec80000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wininet.dll" (normalized: "c:\\windows\\system32\\wininet.dll")) returned 0x1f [0162.258] CoTaskMemFree (pv=0x6b2240) [0162.258] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fb50000, lpmodinfo=0x2692b40, cb=0x18 | out: lpmodinfo=0x2692b40*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0162.260] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.261] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0162.265] CoTaskMemFree (pv=0x6b19c0) [0162.265] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.265] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0162.267] CoTaskMemFree (pv=0x6b19c0) [0162.267] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8764e0000, lpmodinfo=0x2694ce8, cb=0x18 | out: lpmodinfo=0x2694ce8*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0162.270] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.270] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0162.272] CoTaskMemFree (pv=0x6b19c0) [0162.272] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.273] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0162.275] CoTaskMemFree (pv=0x6b3340) [0162.275] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c650000, lpmodinfo=0x2696ea0, cb=0x18 | out: lpmodinfo=0x2696ea0*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0162.278] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.278] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c650000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0162.281] CoTaskMemFree (pv=0x6b19c0) [0162.281] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.281] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c650000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0162.283] CoTaskMemFree (pv=0x6b2ac0) [0162.284] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c760000, lpmodinfo=0x2699048, cb=0x18 | out: lpmodinfo=0x2699048*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0162.286] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.286] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c760000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0162.288] CoTaskMemFree (pv=0x6b1140) [0162.289] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.289] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c760000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0162.291] CoTaskMemFree (pv=0x6b08c0) [0162.291] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x269b210, cb=0x18 | out: lpmodinfo=0x269b210*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0162.293] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.294] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0162.296] CoTaskMemFree (pv=0x6b3340) [0162.296] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.296] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0162.299] CoTaskMemFree (pv=0x6b1140) [0162.299] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x269d3c8, cb=0x18 | out: lpmodinfo=0x269d3c8*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0162.302] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.302] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0162.305] CoTaskMemFree (pv=0x6b19c0) [0162.305] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.305] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0162.307] CoTaskMemFree (pv=0x6b1140) [0162.307] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x269f580, cb=0x18 | out: lpmodinfo=0x269f580*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0162.310] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.311] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0162.313] CoTaskMemFree (pv=0x6b19c0) [0162.313] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.313] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0162.316] CoTaskMemFree (pv=0x6b08c0) [0162.316] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x26a1738, cb=0x18 | out: lpmodinfo=0x26a1738*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0162.319] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.319] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0162.322] CoTaskMemFree (pv=0x6b3340) [0162.322] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.322] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0162.325] CoTaskMemFree (pv=0x6b0040) [0162.325] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpmodinfo=0x26a38e0, cb=0x18 | out: lpmodinfo=0x26a38e0*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0162.327] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.328] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0162.331] CoTaskMemFree (pv=0x6b19c0) [0162.332] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.332] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0162.336] CoTaskMemFree (pv=0x6b19c0) [0162.336] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872f10000, lpmodinfo=0x26a5a88, cb=0x18 | out: lpmodinfo=0x26a5a88*(lpBaseOfDll=0x7ff872f10000, SizeOfImage=0x2f9000, EntryPoint=0x7ff872fd7280)) returned 1 [0162.339] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.339] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872f10000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="ESENT.dll") returned 0x9 [0162.342] CoTaskMemFree (pv=0x6b2ac0) [0162.342] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.342] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872f10000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ESENT.dll" (normalized: "c:\\windows\\system32\\esent.dll")) returned 0x1d [0162.345] CoTaskMemFree (pv=0x6b3340) [0162.346] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d650000, lpmodinfo=0x26a7e48, cb=0x18 | out: lpmodinfo=0x26a7e48*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0162.348] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.349] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d650000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0162.352] CoTaskMemFree (pv=0x6b3340) [0162.352] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.352] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d650000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0162.355] CoTaskMemFree (pv=0x6b19c0) [0162.355] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c060000, lpmodinfo=0x26a9ff0, cb=0x18 | out: lpmodinfo=0x26a9ff0*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0162.358] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.358] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c060000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="CRYPTBASE.DLL") returned 0xd [0162.361] CoTaskMemFree (pv=0x6b2ac0) [0162.362] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.362] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c060000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.DLL" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0162.365] CoTaskMemFree (pv=0x6b3340) [0162.365] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87adb0000, lpmodinfo=0x26ac1a8, cb=0x18 | out: lpmodinfo=0x26ac1a8*(lpBaseOfDll=0x7ff87adb0000, SizeOfImage=0x23000, EntryPoint=0x7ff87adb3670)) returned 1 [0162.368] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.368] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87adb0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="WINMM.dll") returned 0x9 [0162.371] CoTaskMemFree (pv=0x6b08c0) [0162.371] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.371] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87adb0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINMM.dll" (normalized: "c:\\windows\\system32\\winmm.dll")) returned 0x1d [0162.375] CoTaskMemFree (pv=0x6b0040) [0162.375] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ad50000, lpmodinfo=0x26ae350, cb=0x18 | out: lpmodinfo=0x26ae350*(lpBaseOfDll=0x7ff87ad50000, SizeOfImage=0x2c000, EntryPoint=0x7ff87ad58210)) returned 1 [0162.378] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.378] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ad50000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="WINMMBASE.dll") returned 0xd [0162.381] CoTaskMemFree (pv=0x6b3340) [0162.381] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.382] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ad50000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINMMBASE.dll" (normalized: "c:\\windows\\system32\\winmmbase.dll")) returned 0x21 [0162.385] CoTaskMemFree (pv=0x6b2240) [0162.385] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bd20000, lpmodinfo=0x26b0508, cb=0x18 | out: lpmodinfo=0x26b0508*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0162.388] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.388] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="userenv.dll") returned 0xb [0162.391] CoTaskMemFree (pv=0x6b1140) [0162.392] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.392] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0162.395] CoTaskMemFree (pv=0x6b1140) [0162.395] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86d200000, lpmodinfo=0x26b26b0, cb=0x18 | out: lpmodinfo=0x26b26b0*(lpBaseOfDll=0x7ff86d200000, SizeOfImage=0x15000, EntryPoint=0x7ff86d205740)) returned 1 [0162.398] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.398] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86d200000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="profext.dll") returned 0xb [0162.402] CoTaskMemFree (pv=0x6b19c0) [0162.402] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.402] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86d200000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll")) returned 0x1f [0162.407] CoTaskMemFree (pv=0x6b2ac0) [0162.407] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bab0000, lpmodinfo=0x26b4858, cb=0x18 | out: lpmodinfo=0x26b4858*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0162.410] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.410] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0162.414] CoTaskMemFree (pv=0x6b08c0) [0162.414] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.414] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0162.417] CoTaskMemFree (pv=0x6b2240) [0162.417] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x26b6a00, cb=0x18 | out: lpmodinfo=0x26b6a00*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0162.421] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.421] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0162.425] CoTaskMemFree (pv=0x6b2ac0) [0162.425] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.425] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0162.428] CoTaskMemFree (pv=0x6b08c0) [0162.428] CloseHandle (hObject=0x260) returned 1 [0162.429] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0162.429] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x41c) returned 0x260 [0162.429] EnumProcessModules (in: hProcess=0x260, lphModule=0x26b9d10, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26b9d10, lpcbNeeded=0x14ef68) returned 1 [0162.435] EnumProcessModules (in: hProcess=0x260, lphModule=0x26b9f28, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x26b9f28, lpcbNeeded=0x14ef68) returned 1 [0162.441] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff6a3140000, lpmodinfo=0x26ba398, cb=0x18 | out: lpmodinfo=0x26ba398*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0162.441] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.441] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0162.442] CoTaskMemFree (pv=0x6b08c0) [0162.442] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.442] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0162.442] CoTaskMemFree (pv=0x6b2ac0) [0162.443] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x26bc578, cb=0x18 | out: lpmodinfo=0x26bc578*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0162.443] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.443] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0162.444] CoTaskMemFree (pv=0x6b3340) [0162.444] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.444] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0162.445] CoTaskMemFree (pv=0x6b2240) [0162.445] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x26be720, cb=0x18 | out: lpmodinfo=0x26be720*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0162.445] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.445] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0162.446] CoTaskMemFree (pv=0x6b3340) [0162.446] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.446] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0162.447] CoTaskMemFree (pv=0x6b08c0) [0162.447] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x26c08d8, cb=0x18 | out: lpmodinfo=0x26c08d8*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0162.447] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.448] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0162.448] CoTaskMemFree (pv=0x6b2ac0) [0162.448] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.448] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0162.449] CoTaskMemFree (pv=0x6b08c0) [0162.449] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x26c2a90, cb=0x18 | out: lpmodinfo=0x26c2a90*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0162.450] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.450] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0162.450] CoTaskMemFree (pv=0x6b0040) [0162.451] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.451] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0162.452] CoTaskMemFree (pv=0x6b19c0) [0162.452] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x26c4c90, cb=0x18 | out: lpmodinfo=0x26c4c90*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0162.452] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.452] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0162.453] CoTaskMemFree (pv=0x6b1140) [0162.453] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.454] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0162.455] CoTaskMemFree (pv=0x6b2ac0) [0162.455] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b760000, lpmodinfo=0x26c6e38, cb=0x18 | out: lpmodinfo=0x26c6e38*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0162.456] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.456] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b760000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0162.457] CoTaskMemFree (pv=0x6b2240) [0162.457] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.457] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b760000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0162.458] CoTaskMemFree (pv=0x6b0040) [0162.458] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x26c8ff0, cb=0x18 | out: lpmodinfo=0x26c8ff0*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0162.459] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.459] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0162.460] CoTaskMemFree (pv=0x6b0040) [0162.460] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.460] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0162.460] CoTaskMemFree (pv=0x6b08c0) [0162.460] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x26cb198, cb=0x18 | out: lpmodinfo=0x26cb198*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0162.462] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.462] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0162.463] CoTaskMemFree (pv=0x6b2ac0) [0162.463] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.463] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0162.464] CoTaskMemFree (pv=0x6b08c0) [0162.464] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x26cd3d8, cb=0x18 | out: lpmodinfo=0x26cd3d8*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0162.465] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.465] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0162.467] CoTaskMemFree (pv=0x6b0040) [0162.467] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.467] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0162.468] CoTaskMemFree (pv=0x6b0040) [0162.468] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x26cf5b0, cb=0x18 | out: lpmodinfo=0x26cf5b0*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0162.469] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.469] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0162.470] CoTaskMemFree (pv=0x6b19c0) [0162.470] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.471] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0162.472] CoTaskMemFree (pv=0x6b19c0) [0162.472] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x26d1778, cb=0x18 | out: lpmodinfo=0x26d1778*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0162.473] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.475] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0162.476] CoTaskMemFree (pv=0x6b3340) [0162.476] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.476] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0162.477] CoTaskMemFree (pv=0x6b0040) [0162.477] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x26d3920, cb=0x18 | out: lpmodinfo=0x26d3920*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0162.479] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.479] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0162.480] CoTaskMemFree (pv=0x6b3340) [0162.480] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.481] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0162.482] CoTaskMemFree (pv=0x6b2ac0) [0162.482] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87eed0000, lpmodinfo=0x26d5ac8, cb=0x18 | out: lpmodinfo=0x26d5ac8*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0162.484] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.484] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0162.485] CoTaskMemFree (pv=0x6b2240) [0162.486] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.486] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87eed0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0162.487] CoTaskMemFree (pv=0x6b2240) [0162.487] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87efa0000, lpmodinfo=0x26d7c70, cb=0x18 | out: lpmodinfo=0x26d7c70*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0162.489] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.489] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0162.490] CoTaskMemFree (pv=0x6b2240) [0162.491] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.491] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87efa0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0162.492] CoTaskMemFree (pv=0x6b3340) [0162.499] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b030000, lpmodinfo=0x26d9e08, cb=0x18 | out: lpmodinfo=0x26d9e08*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0162.501] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.501] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b030000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0162.503] CoTaskMemFree (pv=0x6b3340) [0162.503] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.503] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b030000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0162.505] CoTaskMemFree (pv=0x6b3340) [0162.505] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8750d0000, lpmodinfo=0x26dbfb0, cb=0x18 | out: lpmodinfo=0x26dbfb0*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0162.506] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.507] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0162.508] CoTaskMemFree (pv=0x6b0040) [0162.508] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.509] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8750d0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0162.510] CoTaskMemFree (pv=0x6b19c0) [0162.511] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x26de270, cb=0x18 | out: lpmodinfo=0x26de270*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0162.512] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.512] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0162.514] CoTaskMemFree (pv=0x6b0040) [0162.514] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.514] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0162.515] CoTaskMemFree (pv=0x6b1140) [0162.515] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bd20000, lpmodinfo=0x26e0418, cb=0x18 | out: lpmodinfo=0x26e0418*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0162.518] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.518] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0162.520] CoTaskMemFree (pv=0x6b2ac0) [0162.520] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.520] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0162.522] CoTaskMemFree (pv=0x6b1140) [0162.522] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x26e25c0, cb=0x18 | out: lpmodinfo=0x26e25c0*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0162.524] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.524] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0162.526] CoTaskMemFree (pv=0x6b2240) [0162.526] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.526] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0162.528] CoTaskMemFree (pv=0x6b0040) [0162.528] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpmodinfo=0x26e4768, cb=0x18 | out: lpmodinfo=0x26e4768*(lpBaseOfDll=0x7ff87b5c0000, SizeOfImage=0x24000, EntryPoint=0x7ff87b5c3260)) returned 1 [0162.530] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.530] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="gpapi.dll") returned 0x9 [0162.532] CoTaskMemFree (pv=0x6b3340) [0162.533] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.533] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0162.535] CoTaskMemFree (pv=0x6b3340) [0162.535] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874df0000, lpmodinfo=0x26e6910, cb=0x18 | out: lpmodinfo=0x26e6910*(lpBaseOfDll=0x7ff874df0000, SizeOfImage=0x60000, EntryPoint=0x7ff874e10fc0)) returned 1 [0162.537] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.537] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874df0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="nlasvc.dll") returned 0xa [0162.540] CoTaskMemFree (pv=0x6b1140) [0162.540] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.540] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874df0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nlasvc.dll" (normalized: "c:\\windows\\system32\\nlasvc.dll")) returned 0x1e [0162.542] CoTaskMemFree (pv=0x6b0040) [0162.542] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x26e8ab8, cb=0x18 | out: lpmodinfo=0x26e8ab8*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0162.544] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.544] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0162.546] CoTaskMemFree (pv=0x6b1140) [0162.546] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.546] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0162.549] CoTaskMemFree (pv=0x6b0040) [0162.549] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875480000, lpmodinfo=0x26eac70, cb=0x18 | out: lpmodinfo=0x26eac70*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0162.557] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.557] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875480000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0162.560] CoTaskMemFree (pv=0x6b2ac0) [0162.560] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.560] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875480000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0162.562] CoTaskMemFree (pv=0x6b2ac0) [0162.563] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875250000, lpmodinfo=0x26ece28, cb=0x18 | out: lpmodinfo=0x26ece28*(lpBaseOfDll=0x7ff875250000, SizeOfImage=0x1a000, EntryPoint=0x7ff875252430)) returned 1 [0162.565] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.565] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875250000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0162.568] CoTaskMemFree (pv=0x6b2ac0) [0162.568] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.568] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875250000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0162.570] CoTaskMemFree (pv=0x6b0040) [0162.570] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874d80000, lpmodinfo=0x26eefe0, cb=0x18 | out: lpmodinfo=0x26eefe0*(lpBaseOfDll=0x7ff874d80000, SizeOfImage=0x69000, EntryPoint=0x7ff874d9bb10)) returned 1 [0162.572] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.573] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874d80000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="ncsi.dll") returned 0x8 [0162.575] CoTaskMemFree (pv=0x6b3340) [0162.575] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.575] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874d80000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\ncsi.dll" (normalized: "c:\\windows\\system32\\ncsi.dll")) returned 0x1c [0162.578] CoTaskMemFree (pv=0x6b2ac0) [0162.578] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x26f1188, cb=0x18 | out: lpmodinfo=0x26f1188*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0162.581] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.581] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="sspicli.dll") returned 0xb [0162.583] CoTaskMemFree (pv=0x6b2ac0) [0162.584] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.584] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sspicli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0162.586] CoTaskMemFree (pv=0x6b1140) [0162.586] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874d60000, lpmodinfo=0x26f3330, cb=0x18 | out: lpmodinfo=0x26f3330*(lpBaseOfDll=0x7ff874d60000, SizeOfImage=0x15000, EntryPoint=0x7ff874d63460)) returned 1 [0162.589] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.589] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874d60000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="ssdpapi.dll") returned 0xb [0162.592] CoTaskMemFree (pv=0x6b3340) [0162.592] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.592] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874d60000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ssdpapi.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")) returned 0x1f [0162.595] CoTaskMemFree (pv=0x6b0040) [0162.595] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x26f54d8, cb=0x18 | out: lpmodinfo=0x26f54d8*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0162.597] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.598] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0162.601] CoTaskMemFree (pv=0x6b2240) [0162.601] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.601] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0162.604] CoTaskMemFree (pv=0x6b19c0) [0162.604] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875270000, lpmodinfo=0x26f7690, cb=0x18 | out: lpmodinfo=0x26f7690*(lpBaseOfDll=0x7ff875270000, SizeOfImage=0x16000, EntryPoint=0x7ff8752719f0)) returned 1 [0162.606] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.606] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875270000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0162.609] CoTaskMemFree (pv=0x6b0040) [0162.609] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.609] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875270000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0162.612] CoTaskMemFree (pv=0x6b3340) [0162.612] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875d20000, lpmodinfo=0x26f9848, cb=0x18 | out: lpmodinfo=0x26f9848*(lpBaseOfDll=0x7ff875d20000, SizeOfImage=0x11000, EntryPoint=0x7ff875d23320)) returned 1 [0162.615] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.615] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875d20000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="WMICLNT.dll") returned 0xb [0162.618] CoTaskMemFree (pv=0x6b3340) [0162.618] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.618] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875d20000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WMICLNT.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")) returned 0x1f [0162.621] CoTaskMemFree (pv=0x6b3340) [0162.622] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87be90000, lpmodinfo=0x26fb9f0, cb=0x18 | out: lpmodinfo=0x26fb9f0*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0162.624] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.624] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87be90000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0162.629] CoTaskMemFree (pv=0x6b3340) [0162.629] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.629] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87be90000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0162.632] CoTaskMemFree (pv=0x6b19c0) [0162.632] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875230000, lpmodinfo=0x26fdb98, cb=0x18 | out: lpmodinfo=0x26fdb98*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff875231b60)) returned 1 [0162.635] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.635] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875230000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0162.638] CoTaskMemFree (pv=0x6b1140) [0162.638] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.639] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875230000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0162.642] CoTaskMemFree (pv=0x6b3340) [0162.643] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878bf0000, lpmodinfo=0x26fff58, cb=0x18 | out: lpmodinfo=0x26fff58*(lpBaseOfDll=0x7ff878bf0000, SizeOfImage=0x61000, EntryPoint=0x7ff878bf4b50)) returned 1 [0162.645] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.646] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878bf0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="WlanApi.dll") returned 0xb [0162.648] CoTaskMemFree (pv=0x6b1140) [0162.648] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.649] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878bf0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WlanApi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")) returned 0x1f [0162.652] CoTaskMemFree (pv=0x6b2240) [0162.652] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8788f0000, lpmodinfo=0x2702100, cb=0x18 | out: lpmodinfo=0x2702100*(lpBaseOfDll=0x7ff8788f0000, SizeOfImage=0x64000, EntryPoint=0x7ff878905ae0)) returned 1 [0162.655] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.655] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8788f0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0162.658] CoTaskMemFree (pv=0x6b19c0) [0162.658] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.659] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8788f0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0162.662] CoTaskMemFree (pv=0x6b2240) [0162.662] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ad00000, lpmodinfo=0x27042a8, cb=0x18 | out: lpmodinfo=0x27042a8*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0162.665] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.665] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0162.668] CoTaskMemFree (pv=0x6b08c0) [0162.669] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.669] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0162.672] CoTaskMemFree (pv=0x6b3340) [0162.673] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpmodinfo=0x2706460, cb=0x18 | out: lpmodinfo=0x2706460*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0162.676] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.676] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0162.679] CoTaskMemFree (pv=0x6b1140) [0162.679] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.679] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0162.683] CoTaskMemFree (pv=0x6b19c0) [0162.683] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875200000, lpmodinfo=0x2708608, cb=0x18 | out: lpmodinfo=0x2708608*(lpBaseOfDll=0x7ff875200000, SizeOfImage=0x2e000, EntryPoint=0x7ff875207550)) returned 1 [0162.686] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.686] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875200000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="netjoin.dll") returned 0xb [0162.690] CoTaskMemFree (pv=0x6b3340) [0162.690] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.690] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875200000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")) returned 0x1f [0162.694] CoTaskMemFree (pv=0x6b2ac0) [0162.694] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c0a0000, lpmodinfo=0x270a7b0, cb=0x18 | out: lpmodinfo=0x270a7b0*(lpBaseOfDll=0x7ff87c0a0000, SizeOfImage=0x21000, EntryPoint=0x7ff87c0b0250)) returned 1 [0162.697] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.697] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c0a0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="JoinUtil.dll") returned 0xc [0162.702] CoTaskMemFree (pv=0x6b08c0) [0162.702] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.702] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c0a0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\JoinUtil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll")) returned 0x20 [0162.707] CoTaskMemFree (pv=0x6b1140) [0162.707] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpmodinfo=0x270c968, cb=0x18 | out: lpmodinfo=0x270c968*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0162.710] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.711] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0162.714] CoTaskMemFree (pv=0x6b2ac0) [0162.714] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.714] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b9d0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0162.718] CoTaskMemFree (pv=0x6b08c0) [0162.718] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x270eb20, cb=0x18 | out: lpmodinfo=0x270eb20*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0162.721] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.721] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0162.725] CoTaskMemFree (pv=0x6b1140) [0162.725] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.725] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0162.729] CoTaskMemFree (pv=0x6b19c0) [0162.729] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878b20000, lpmodinfo=0x2710cd8, cb=0x18 | out: lpmodinfo=0x2710cd8*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0162.733] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.733] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878b20000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="WINHTTP.dll") returned 0xb [0162.737] CoTaskMemFree (pv=0x6b1140) [0162.737] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.737] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878b20000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINHTTP.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0162.741] CoTaskMemFree (pv=0x6b0040) [0162.741] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c060000, lpmodinfo=0x2712e80, cb=0x18 | out: lpmodinfo=0x2712e80*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0162.745] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.745] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c060000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0162.749] CoTaskMemFree (pv=0x6b08c0) [0162.749] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.749] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c060000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0162.753] CoTaskMemFree (pv=0x6b2240) [0162.753] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8748a0000, lpmodinfo=0x2715038, cb=0x18 | out: lpmodinfo=0x2715038*(lpBaseOfDll=0x7ff8748a0000, SizeOfImage=0x48000, EntryPoint=0x7ff8748aabb0)) returned 1 [0162.757] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.758] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8748a0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wkssvc.dll") returned 0xa [0162.761] CoTaskMemFree (pv=0x6b2240) [0162.761] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.762] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8748a0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wkssvc.dll" (normalized: "c:\\windows\\system32\\wkssvc.dll")) returned 0x1e [0162.766] CoTaskMemFree (pv=0x6b3340) [0162.766] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x27171e0, cb=0x18 | out: lpmodinfo=0x27171e0*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0162.770] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.770] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0162.775] CoTaskMemFree (pv=0x6b1140) [0162.775] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.775] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0162.779] CoTaskMemFree (pv=0x6b1140) [0162.779] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x2719398, cb=0x18 | out: lpmodinfo=0x2719398*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0162.783] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.783] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0162.787] CoTaskMemFree (pv=0x6b19c0) [0162.787] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.787] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0162.791] CoTaskMemFree (pv=0x6b0040) [0162.791] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878230000, lpmodinfo=0x271b540, cb=0x18 | out: lpmodinfo=0x271b540*(lpBaseOfDll=0x7ff878230000, SizeOfImage=0xbf000, EntryPoint=0x7ff878251c50)) returned 1 [0162.795] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.795] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878230000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0162.799] CoTaskMemFree (pv=0x6b0040) [0162.799] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.799] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878230000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0162.804] CoTaskMemFree (pv=0x6b2ac0) [0162.804] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870dd0000, lpmodinfo=0x271d6f8, cb=0x18 | out: lpmodinfo=0x271d6f8*(lpBaseOfDll=0x7ff870dd0000, SizeOfImage=0x18000, EntryPoint=0x7ff870dd7a00)) returned 1 [0162.808] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0162.808] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870dd0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="cryptsvc.dll") returned 0xc [0162.812] CoTaskMemFree (pv=0x6b0040) [0162.812] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.812] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870dd0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\cryptsvc.dll" (normalized: "c:\\windows\\system32\\cryptsvc.dll")) returned 0x20 [0162.817] CoTaskMemFree (pv=0x6b2240) [0162.817] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d170000, lpmodinfo=0x271f8b0, cb=0x18 | out: lpmodinfo=0x271f8b0*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0162.821] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.821] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d170000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0162.825] CoTaskMemFree (pv=0x6b2240) [0162.826] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.826] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d170000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0162.830] CoTaskMemFree (pv=0x6b2ac0) [0162.830] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpmodinfo=0x2721a58, cb=0x18 | out: lpmodinfo=0x2721a58*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0162.845] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.846] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0162.853] CoTaskMemFree (pv=0x6b19c0) [0162.853] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.853] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5c0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0162.858] CoTaskMemFree (pv=0x6b19c0) [0162.858] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870d60000, lpmodinfo=0x2723c00, cb=0x18 | out: lpmodinfo=0x2723c00*(lpBaseOfDll=0x7ff870d60000, SizeOfImage=0x13000, EntryPoint=0x7ff870d61450)) returned 1 [0162.862] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.862] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870d60000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="crypttpmeksvc.dll") returned 0x11 [0162.867] CoTaskMemFree (pv=0x6b2ac0) [0162.867] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.867] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870d60000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\crypttpmeksvc.dll" (normalized: "c:\\windows\\system32\\crypttpmeksvc.dll")) returned 0x25 [0162.871] CoTaskMemFree (pv=0x6b08c0) [0162.871] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870d30000, lpmodinfo=0x2725dc8, cb=0x18 | out: lpmodinfo=0x2725dc8*(lpBaseOfDll=0x7ff870d30000, SizeOfImage=0x23000, EntryPoint=0x7ff870d37a30)) returned 1 [0162.876] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0162.876] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870d30000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="cryptcatsvc.dll") returned 0xf [0162.880] CoTaskMemFree (pv=0x6b1140) [0162.880] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.880] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870d30000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cryptcatsvc.dll" (normalized: "c:\\windows\\system32\\cryptcatsvc.dll")) returned 0x23 [0162.885] CoTaskMemFree (pv=0x6b2ac0) [0162.885] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8706b0000, lpmodinfo=0x2727f80, cb=0x18 | out: lpmodinfo=0x2727f80*(lpBaseOfDll=0x7ff8706b0000, SizeOfImage=0x182000, EntryPoint=0x7ff8706c82a0)) returned 1 [0162.890] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0162.890] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8706b0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="VSSAPI.DLL") returned 0xa [0162.895] CoTaskMemFree (pv=0x6b3340) [0162.895] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0162.895] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8706b0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VSSAPI.DLL" (normalized: "c:\\windows\\system32\\vssapi.dll")) returned 0x1e [0162.899] CoTaskMemFree (pv=0x6b19c0) [0162.900] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff870690000, lpmodinfo=0x272a128, cb=0x18 | out: lpmodinfo=0x272a128*(lpBaseOfDll=0x7ff870690000, SizeOfImage=0x18000, EntryPoint=0x7ff870692000)) returned 1 [0162.904] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.905] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff870690000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="VssTrace.DLL") returned 0xc [0162.909] CoTaskMemFree (pv=0x6b2ac0) [0162.909] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0162.910] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff870690000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\VssTrace.DLL" (normalized: "c:\\windows\\system32\\vsstrace.dll")) returned 0x20 [0162.914] CoTaskMemFree (pv=0x6b2ac0) [0162.915] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875a10000, lpmodinfo=0x272c2e0, cb=0x18 | out: lpmodinfo=0x272c2e0*(lpBaseOfDll=0x7ff875a10000, SizeOfImage=0x19000, EntryPoint=0x7ff875a14520)) returned 1 [0162.919] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0162.919] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875a10000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="samcli.dll") returned 0xa [0162.927] CoTaskMemFree (pv=0x6b08c0) [0162.927] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0162.927] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875a10000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")) returned 0x1e [0162.932] CoTaskMemFree (pv=0x6b2240) [0162.933] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87aca0000, lpmodinfo=0x272e488, cb=0x18 | out: lpmodinfo=0x272e488*(lpBaseOfDll=0x7ff87aca0000, SizeOfImage=0x1c000, EntryPoint=0x7ff87aca37a0)) returned 1 [0163.081] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.081] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87aca0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="SAMLIB.dll") returned 0xa [0163.086] CoTaskMemFree (pv=0x6b2240) [0163.086] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.086] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87aca0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SAMLIB.dll" (normalized: "c:\\windows\\system32\\samlib.dll")) returned 0x1e [0163.091] CoTaskMemFree (pv=0x6b1140) [0163.091] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878580000, lpmodinfo=0x2730630, cb=0x18 | out: lpmodinfo=0x2730630*(lpBaseOfDll=0x7ff878580000, SizeOfImage=0x7a000, EntryPoint=0x7ff8785a7630)) returned 1 [0163.096] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.096] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878580000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="ES.DLL") returned 0x6 [0163.101] CoTaskMemFree (pv=0x6b19c0) [0163.101] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.101] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878580000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ES.DLL" (normalized: "c:\\windows\\system32\\es.dll")) returned 0x1a [0163.110] CoTaskMemFree (pv=0x6b1140) [0163.110] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ab10000, lpmodinfo=0x27327c8, cb=0x18 | out: lpmodinfo=0x27327c8*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0163.115] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.115] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ab10000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0163.120] CoTaskMemFree (pv=0x6b19c0) [0163.120] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.120] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ab10000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0163.125] CoTaskMemFree (pv=0x6b08c0) [0163.125] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872f10000, lpmodinfo=0x2734970, cb=0x18 | out: lpmodinfo=0x2734970*(lpBaseOfDll=0x7ff872f10000, SizeOfImage=0x2f9000, EntryPoint=0x7ff872fd7280)) returned 1 [0163.130] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.130] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872f10000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="ESENT.dll") returned 0x9 [0163.136] CoTaskMemFree (pv=0x6b2ac0) [0163.136] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.136] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872f10000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ESENT.dll" (normalized: "c:\\windows\\system32\\esent.dll")) returned 0x1d [0163.141] CoTaskMemFree (pv=0x6b0040) [0163.141] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874830000, lpmodinfo=0x2736b18, cb=0x18 | out: lpmodinfo=0x2736b18*(lpBaseOfDll=0x7ff874830000, SizeOfImage=0xa000, EntryPoint=0x7ff8748314c0)) returned 1 [0163.147] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.147] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874830000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0163.152] CoTaskMemFree (pv=0x6b08c0) [0163.152] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.152] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874830000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0163.158] CoTaskMemFree (pv=0x6b1140) [0163.158] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875030000, lpmodinfo=0x2738cd0, cb=0x18 | out: lpmodinfo=0x2738cd0*(lpBaseOfDll=0x7ff875030000, SizeOfImage=0x4a000, EntryPoint=0x7ff875040100)) returned 1 [0163.163] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.163] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875030000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="dnsrslvr.dll") returned 0xc [0163.168] CoTaskMemFree (pv=0x6b3340) [0163.168] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.168] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875030000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dnsrslvr.dll" (normalized: "c:\\windows\\system32\\dnsrslvr.dll")) returned 0x20 [0163.173] CoTaskMemFree (pv=0x6b0040) [0163.173] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874fc0000, lpmodinfo=0x273ae88, cb=0x18 | out: lpmodinfo=0x273ae88*(lpBaseOfDll=0x7ff874fc0000, SizeOfImage=0x67000, EntryPoint=0x7ff874fc63e0)) returned 1 [0163.180] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.180] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874fc0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="Fwpuclnt.dll") returned 0xc [0163.185] CoTaskMemFree (pv=0x6b1140) [0163.185] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.185] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874fc0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0163.191] CoTaskMemFree (pv=0x6b2240) [0163.191] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875580000, lpmodinfo=0x273d040, cb=0x18 | out: lpmodinfo=0x273d040*(lpBaseOfDll=0x7ff875580000, SizeOfImage=0xa000, EntryPoint=0x7ff875581840)) returned 1 [0163.196] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.196] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875580000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="dnsext.dll") returned 0xa [0163.202] CoTaskMemFree (pv=0x6b2ac0) [0163.203] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.203] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875580000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dnsext.dll" (normalized: "c:\\windows\\system32\\dnsext.dll")) returned 0x1e [0163.209] CoTaskMemFree (pv=0x6b2240) [0163.209] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878fc0000, lpmodinfo=0x273f1e8, cb=0x18 | out: lpmodinfo=0x273f1e8*(lpBaseOfDll=0x7ff878fc0000, SizeOfImage=0x29000, EntryPoint=0x7ff878fcca00)) returned 1 [0163.215] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.215] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878fc0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="Cabinet.dll") returned 0xb [0163.234] CoTaskMemFree (pv=0x6b1140) [0163.234] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.234] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878fc0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Cabinet.dll" (normalized: "c:\\windows\\system32\\cabinet.dll")) returned 0x1f [0163.248] CoTaskMemFree (pv=0x6b2240) [0163.249] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bf40000, lpmodinfo=0x2741390, cb=0x18 | out: lpmodinfo=0x2741390*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0163.254] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.255] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0163.262] CoTaskMemFree (pv=0x6b08c0) [0163.262] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.262] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0163.267] CoTaskMemFree (pv=0x6b0040) [0163.267] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpmodinfo=0x2743950, cb=0x18 | out: lpmodinfo=0x2743950*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0163.274] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.274] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0163.280] CoTaskMemFree (pv=0x6b1140) [0163.280] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.280] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0163.286] CoTaskMemFree (pv=0x6b2ac0) [0163.287] CloseHandle (hObject=0x260) returned 1 [0163.288] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0163.288] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x5a4) returned 0x260 [0163.288] EnumProcessModules (in: hProcess=0x260, lphModule=0x27474f8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x27474f8, lpcbNeeded=0x14ef68) returned 1 [0163.289] GetModuleInformation (in: hProcess=0x260, hModule=0x990000, lpmodinfo=0x2747768, cb=0x18 | out: lpmodinfo=0x2747768*(lpBaseOfDll=0x990000, SizeOfImage=0x17000, EntryPoint=0x9914a1)) returned 1 [0163.289] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.289] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x990000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="coreftp.exe") returned 0xb [0163.290] CoTaskMemFree (pv=0x6b19c0) [0163.290] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.290] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x990000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Microsoft Office 15\\coreftp.exe" (normalized: "c:\\program files\\microsoft office 15\\coreftp.exe")) returned 0x30 [0163.291] CoTaskMemFree (pv=0x6b19c0) [0163.291] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2749970, cb=0x18 | out: lpmodinfo=0x2749970*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0163.291] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.291] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0163.292] CoTaskMemFree (pv=0x6b1140) [0163.292] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.292] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0163.293] CoTaskMemFree (pv=0x6b19c0) [0163.293] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x274bb18, cb=0x18 | out: lpmodinfo=0x274bb18*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0163.293] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.294] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0163.294] CoTaskMemFree (pv=0x6b19c0) [0163.294] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.294] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0163.295] CoTaskMemFree (pv=0x6b1140) [0163.295] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x274dcc0, cb=0x18 | out: lpmodinfo=0x274dcc0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0163.295] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.295] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0163.296] CoTaskMemFree (pv=0x6b0040) [0163.296] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.296] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0163.297] CoTaskMemFree (pv=0x6b19c0) [0163.297] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x274fe78, cb=0x18 | out: lpmodinfo=0x274fe78*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0163.298] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.298] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0163.299] CoTaskMemFree (pv=0x6b0040) [0163.299] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.299] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0163.299] CoTaskMemFree (pv=0x6b1140) [0163.300] CloseHandle (hObject=0x260) returned 1 [0163.300] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0163.300] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10ac) returned 0x260 [0163.300] EnumProcessModules (in: hProcess=0x260, lphModule=0x2752590, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2752590, lpcbNeeded=0x14ef68) returned 1 [0163.301] GetModuleInformation (in: hProcess=0x260, hModule=0xa80000, lpmodinfo=0x2752800, cb=0x18 | out: lpmodinfo=0x2752800*(lpBaseOfDll=0xa80000, SizeOfImage=0x17000, EntryPoint=0xa814a1)) returned 1 [0163.301] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.301] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xa80000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="smartftp.exe") returned 0xc [0163.302] CoTaskMemFree (pv=0x6b0040) [0163.302] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.302] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xa80000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Portable Devices\\smartftp.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\smartftp.exe")) returned 0x3c [0163.302] CoTaskMemFree (pv=0x6b2ac0) [0163.303] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2754a28, cb=0x18 | out: lpmodinfo=0x2754a28*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0163.303] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.303] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0163.304] CoTaskMemFree (pv=0x6b19c0) [0163.304] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.304] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0163.305] CoTaskMemFree (pv=0x6b0040) [0163.305] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x2756bd0, cb=0x18 | out: lpmodinfo=0x2756bd0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0163.305] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.306] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0163.306] CoTaskMemFree (pv=0x6b19c0) [0163.306] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.307] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0163.307] CoTaskMemFree (pv=0x6b2240) [0163.308] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x2758d78, cb=0x18 | out: lpmodinfo=0x2758d78*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0163.308] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.308] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0163.309] CoTaskMemFree (pv=0x6b08c0) [0163.309] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.309] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0163.310] CoTaskMemFree (pv=0x6b0040) [0163.310] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x275af30, cb=0x18 | out: lpmodinfo=0x275af30*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0163.310] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.311] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0163.311] CoTaskMemFree (pv=0x6b08c0) [0163.311] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.311] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0163.312] CoTaskMemFree (pv=0x6b19c0) [0163.312] CloseHandle (hObject=0x260) returned 1 [0163.313] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0163.313] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1c8) returned 0x0 [0163.313] EnumProcesses (in: lpidProcess=0x275d648, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x275d648, lpcbNeeded=0x14ee58) returned 1 [0163.324] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x14eab0, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0163.327] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1244) returned 0x260 [0163.327] EnumProcessModules (in: hProcess=0x260, lphModule=0x275e350, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x275e350, lpcbNeeded=0x14ef68) returned 1 [0163.333] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff623080000, lpmodinfo=0x275e5c0, cb=0x18 | out: lpmodinfo=0x275e5c0*(lpBaseOfDll=0x7ff623080000, SizeOfImage=0x7000, EntryPoint=0x7ff623081460)) returned 1 [0163.333] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.333] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff623080000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="backgroundTaskHost.exe") returned 0x16 [0163.333] CoTaskMemFree (pv=0x6b1140) [0163.333] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.334] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff623080000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\backgroundTaskHost.exe" (normalized: "c:\\windows\\system32\\backgroundtaskhost.exe")) returned 0x2a [0163.334] CoTaskMemFree (pv=0x6b2240) [0163.334] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x27607d0, cb=0x18 | out: lpmodinfo=0x27607d0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0163.335] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.335] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0163.335] CoTaskMemFree (pv=0x6b19c0) [0163.336] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.336] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0163.336] CoTaskMemFree (pv=0x6b2240) [0163.337] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x2762978, cb=0x18 | out: lpmodinfo=0x2762978*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0163.337] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.337] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0163.338] CoTaskMemFree (pv=0x6b1140) [0163.338] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.338] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0163.338] CoTaskMemFree (pv=0x6b0040) [0163.338] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x2764b30, cb=0x18 | out: lpmodinfo=0x2764b30*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0163.339] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.339] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0163.340] CoTaskMemFree (pv=0x6b08c0) [0163.340] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.340] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0163.341] CoTaskMemFree (pv=0x6b2240) [0163.341] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x2766ce8, cb=0x18 | out: lpmodinfo=0x2766ce8*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0163.341] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.342] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0163.343] CoTaskMemFree (pv=0x6b3340) [0163.343] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.344] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0163.344] CoTaskMemFree (pv=0x6b3340) [0163.345] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x2768ee8, cb=0x18 | out: lpmodinfo=0x2768ee8*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0163.345] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.345] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0163.346] CoTaskMemFree (pv=0x6b0040) [0163.346] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.346] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0163.347] CoTaskMemFree (pv=0x6b1140) [0163.347] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x276b090, cb=0x18 | out: lpmodinfo=0x276b090*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0163.348] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.349] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0163.350] CoTaskMemFree (pv=0x6b2ac0) [0163.350] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.351] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0163.352] CoTaskMemFree (pv=0x6b3340) [0163.352] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x276d238, cb=0x18 | out: lpmodinfo=0x276d238*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0163.353] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.353] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0163.354] CoTaskMemFree (pv=0x6b1140) [0163.354] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.354] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0163.355] CoTaskMemFree (pv=0x6b08c0) [0163.355] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x276f410, cb=0x18 | out: lpmodinfo=0x276f410*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0163.356] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.356] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0163.357] CoTaskMemFree (pv=0x6b0040) [0163.357] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.357] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0163.358] CoTaskMemFree (pv=0x6b19c0) [0163.358] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpmodinfo=0x2771670, cb=0x18 | out: lpmodinfo=0x2771670*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0163.359] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.359] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0163.360] CoTaskMemFree (pv=0x6b0040) [0163.360] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.361] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0163.362] CoTaskMemFree (pv=0x6b2ac0) [0163.362] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x2773838, cb=0x18 | out: lpmodinfo=0x2773838*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0163.363] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.363] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0163.364] CoTaskMemFree (pv=0x6b3340) [0163.365] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.365] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0163.366] CoTaskMemFree (pv=0x6b2240) [0163.366] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x27759e0, cb=0x18 | out: lpmodinfo=0x27759e0*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0163.367] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.368] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0163.369] CoTaskMemFree (pv=0x6b2240) [0163.369] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.369] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0163.370] CoTaskMemFree (pv=0x6b08c0) [0163.370] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff876870000, lpmodinfo=0x2777b88, cb=0x18 | out: lpmodinfo=0x2777b88*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0163.372] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.372] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff876870000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="WinTypes.dll") returned 0xc [0163.373] CoTaskMemFree (pv=0x6b3340) [0163.374] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.374] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff876870000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WinTypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0163.375] CoTaskMemFree (pv=0x6b08c0) [0163.375] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c650000, lpmodinfo=0x2779d40, cb=0x18 | out: lpmodinfo=0x2779d40*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0163.376] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.376] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c650000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0163.378] CoTaskMemFree (pv=0x6b1140) [0163.378] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.378] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c650000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0163.380] CoTaskMemFree (pv=0x6b0040) [0163.380] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x277bee8, cb=0x18 | out: lpmodinfo=0x277bee8*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0163.381] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.381] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0163.383] CoTaskMemFree (pv=0x6b2240) [0163.383] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.383] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0163.385] CoTaskMemFree (pv=0x6b19c0) [0163.385] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x277e090, cb=0x18 | out: lpmodinfo=0x277e090*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0163.386] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.386] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0163.388] CoTaskMemFree (pv=0x6b0040) [0163.388] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.388] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0163.390] CoTaskMemFree (pv=0x6b2240) [0163.390] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpmodinfo=0x2780238, cb=0x18 | out: lpmodinfo=0x2780238*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0163.392] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.392] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0163.394] CoTaskMemFree (pv=0x6b19c0) [0163.394] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.394] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0163.396] CoTaskMemFree (pv=0x6b0040) [0163.396] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff877aa0000, lpmodinfo=0x27824f8, cb=0x18 | out: lpmodinfo=0x27824f8*(lpBaseOfDll=0x7ff877aa0000, SizeOfImage=0x10e000, EntryPoint=0x7ff877aeeaa0)) returned 1 [0163.397] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.398] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff877aa0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="mrmcorer.dll") returned 0xc [0163.399] CoTaskMemFree (pv=0x6b19c0) [0163.400] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.400] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff877aa0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mrmcorer.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")) returned 0x20 [0163.402] CoTaskMemFree (pv=0x6b08c0) [0163.402] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x27846b0, cb=0x18 | out: lpmodinfo=0x27846b0*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0163.403] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.403] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0163.405] CoTaskMemFree (pv=0x6b1140) [0163.405] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.405] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0163.407] CoTaskMemFree (pv=0x6b1140) [0163.407] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8779f0000, lpmodinfo=0x2786858, cb=0x18 | out: lpmodinfo=0x2786858*(lpBaseOfDll=0x7ff8779f0000, SizeOfImage=0xa9000, EntryPoint=0x7ff877a19010)) returned 1 [0163.409] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.409] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8779f0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="Windows.UI.dll") returned 0xe [0163.411] CoTaskMemFree (pv=0x6b2240) [0163.411] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.411] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8779f0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll")) returned 0x22 [0163.414] CoTaskMemFree (pv=0x6b0040) [0163.414] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879c90000, lpmodinfo=0x2788a10, cb=0x18 | out: lpmodinfo=0x2788a10*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0163.416] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.416] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879c90000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0163.418] CoTaskMemFree (pv=0x6b2ac0) [0163.418] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.418] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879c90000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0163.420] CoTaskMemFree (pv=0x6b08c0) [0163.420] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a130000, lpmodinfo=0x278abc8, cb=0x18 | out: lpmodinfo=0x278abc8*(lpBaseOfDll=0x7ff87a130000, SizeOfImage=0x67000, EntryPoint=0x7ff87a14e710)) returned 1 [0163.422] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.422] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a130000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="Bcp47Langs.dll") returned 0xe [0163.425] CoTaskMemFree (pv=0x6b08c0) [0163.425] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.425] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a130000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Bcp47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")) returned 0x22 [0163.427] CoTaskMemFree (pv=0x6b2240) [0163.427] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87af40000, lpmodinfo=0x278cd80, cb=0x18 | out: lpmodinfo=0x278cd80*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0163.429] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.429] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87af40000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0163.431] CoTaskMemFree (pv=0x6b3340) [0163.438] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.438] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87af40000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0163.441] CoTaskMemFree (pv=0x6b2240) [0163.441] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878e40000, lpmodinfo=0x259e810, cb=0x18 | out: lpmodinfo=0x259e810*(lpBaseOfDll=0x7ff878e40000, SizeOfImage=0x33000, EntryPoint=0x7ff878e4d5a0)) returned 1 [0163.443] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.443] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878e40000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="biwinrt.dll") returned 0xb [0163.445] CoTaskMemFree (pv=0x6b0040) [0163.445] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.445] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878e40000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\biwinrt.dll" (normalized: "c:\\windows\\system32\\biwinrt.dll")) returned 0x1f [0163.447] CoTaskMemFree (pv=0x6b08c0) [0163.447] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff861d10000, lpmodinfo=0x25a09b8, cb=0x18 | out: lpmodinfo=0x25a09b8*(lpBaseOfDll=0x7ff861d10000, SizeOfImage=0x335000, EntryPoint=0x7ff861e642a4)) returned 1 [0163.452] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.452] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff861d10000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="CallsCore.dll") returned 0xd [0163.455] CoTaskMemFree (pv=0x6b2240) [0163.455] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.455] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff861d10000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe\\CallsCore.dll" (normalized: "c:\\program files\\windowsapps\\microsoft.commsphone_1.10.15000.0_x64__8wekyb3d8bbwe\\callscore.dll")) returned 0x5f [0163.457] CoTaskMemFree (pv=0x6b3340) [0163.457] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff861cb0000, lpmodinfo=0x25a2be8, cb=0x18 | out: lpmodinfo=0x25a2be8*(lpBaseOfDll=0x7ff861cb0000, SizeOfImage=0x5e000, EntryPoint=0x7ff861cda050)) returned 1 [0163.459] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.459] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff861cb0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="vccorlib140_app.DLL") returned 0x13 [0163.462] CoTaskMemFree (pv=0x6b1140) [0163.462] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.462] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff861cb0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\vccorlib140_app.DLL" (normalized: "c:\\program files\\windowsapps\\microsoft.vclibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\vccorlib140_app.dll")) returned 0x68 [0163.465] CoTaskMemFree (pv=0x6b1140) [0163.465] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x25a4e38, cb=0x18 | out: lpmodinfo=0x25a4e38*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0163.467] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.467] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0163.469] CoTaskMemFree (pv=0x6b08c0) [0163.469] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.470] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0163.472] CoTaskMemFree (pv=0x6b2240) [0163.473] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff861c10000, lpmodinfo=0x25a6ff0, cb=0x18 | out: lpmodinfo=0x25a6ff0*(lpBaseOfDll=0x7ff861c10000, SizeOfImage=0x98000, EntryPoint=0x7ff861c59390)) returned 1 [0163.475] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.475] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff861c10000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="MSVCP140_APP.dll") returned 0x10 [0163.478] CoTaskMemFree (pv=0x6b2240) [0163.478] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.478] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff861c10000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\MSVCP140_APP.dll" (normalized: "c:\\program files\\windowsapps\\microsoft.vclibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\msvcp140_app.dll")) returned 0x65 [0163.481] CoTaskMemFree (pv=0x6b2ac0) [0163.481] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff861bc0000, lpmodinfo=0x25a9238, cb=0x18 | out: lpmodinfo=0x25a9238*(lpBaseOfDll=0x7ff861bc0000, SizeOfImage=0x4c000, EntryPoint=0x7ff861bea8c0)) returned 1 [0163.484] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.484] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff861bc0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="CONCRT140_APP.dll") returned 0x11 [0163.490] CoTaskMemFree (pv=0x6b3340) [0163.491] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.491] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff861bc0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\CONCRT140_APP.dll" (normalized: "c:\\program files\\windowsapps\\microsoft.vclibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\concrt140_app.dll")) returned 0x66 [0163.500] CoTaskMemFree (pv=0x6b08c0) [0163.500] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff861ba0000, lpmodinfo=0x25ab480, cb=0x18 | out: lpmodinfo=0x25ab480*(lpBaseOfDll=0x7ff861ba0000, SizeOfImage=0x17000, EntryPoint=0x7ff861babed0)) returned 1 [0163.503] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.503] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff861ba0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="VCRUNTIME140_APP.dll") returned 0x14 [0163.505] CoTaskMemFree (pv=0x6b0040) [0163.505] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.506] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff861ba0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.VCLibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\VCRUNTIME140_APP.dll" (normalized: "c:\\program files\\windowsapps\\microsoft.vclibs.140.00_14.0.22929.0_x64__8wekyb3d8bbwe\\vcruntime140_app.dll")) returned 0x69 [0163.508] CoTaskMemFree (pv=0x6b19c0) [0163.508] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b760000, lpmodinfo=0x25ad6d8, cb=0x18 | out: lpmodinfo=0x25ad6d8*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0163.511] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.511] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b760000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0163.514] CoTaskMemFree (pv=0x6b3340) [0163.514] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.514] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b760000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0163.517] CoTaskMemFree (pv=0x6b1140) [0163.517] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff861b40000, lpmodinfo=0x25af890, cb=0x18 | out: lpmodinfo=0x25af890*(lpBaseOfDll=0x7ff861b40000, SizeOfImage=0x5e000, EntryPoint=0x7ff861b75110)) returned 1 [0163.528] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.528] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff861b40000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="CallsPresenters.dll") returned 0x13 [0163.531] CoTaskMemFree (pv=0x6b08c0) [0163.531] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.531] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff861b40000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.CommsPhone_1.10.15000.0_x64__8wekyb3d8bbwe\\CallsPresenters.dll" (normalized: "c:\\program files\\windowsapps\\microsoft.commsphone_1.10.15000.0_x64__8wekyb3d8bbwe\\callspresenters.dll")) returned 0x65 [0163.534] CoTaskMemFree (pv=0x6b19c0) [0163.535] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fb50000, lpmodinfo=0x25b1ad8, cb=0x18 | out: lpmodinfo=0x25b1ad8*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0163.537] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.537] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0163.541] CoTaskMemFree (pv=0x6b08c0) [0163.541] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.542] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0163.545] CoTaskMemFree (pv=0x6b19c0) [0163.545] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875720000, lpmodinfo=0x25b3e98, cb=0x18 | out: lpmodinfo=0x25b3e98*(lpBaseOfDll=0x7ff875720000, SizeOfImage=0x4c000, EntryPoint=0x7ff8757540d0)) returned 1 [0163.548] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.548] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875720000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="PhoneUtil.dll") returned 0xd [0163.552] CoTaskMemFree (pv=0x6b2240) [0163.552] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.552] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875720000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PhoneUtil.dll" (normalized: "c:\\windows\\system32\\phoneutil.dll")) returned 0x21 [0163.555] CoTaskMemFree (pv=0x6b0040) [0163.555] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8640f0000, lpmodinfo=0x25b6050, cb=0x18 | out: lpmodinfo=0x25b6050*(lpBaseOfDll=0x7ff8640f0000, SizeOfImage=0x11000, EntryPoint=0x7ff8640f7400)) returned 1 [0163.558] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.558] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8640f0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="UserDataLanguageUtil.dll") returned 0x18 [0163.561] CoTaskMemFree (pv=0x6b1140) [0163.561] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.561] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8640f0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UserDataLanguageUtil.dll" (normalized: "c:\\windows\\system32\\userdatalanguageutil.dll")) returned 0x2c [0163.564] CoTaskMemFree (pv=0x6b1140) [0163.564] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff861b10000, lpmodinfo=0x25b8238, cb=0x18 | out: lpmodinfo=0x25b8238*(lpBaseOfDll=0x7ff861b10000, SizeOfImage=0x2c000, EntryPoint=0x7ff861b115c0)) returned 1 [0163.567] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.567] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff861b10000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="CallHistoryClient.dll") returned 0x15 [0163.570] CoTaskMemFree (pv=0x6b2240) [0163.571] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.571] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff861b10000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CallHistoryClient.dll" (normalized: "c:\\windows\\system32\\callhistoryclient.dll")) returned 0x29 [0163.574] CoTaskMemFree (pv=0x6b1140) [0163.575] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff861ab0000, lpmodinfo=0x25ba410, cb=0x18 | out: lpmodinfo=0x25ba410*(lpBaseOfDll=0x7ff861ab0000, SizeOfImage=0x5d000, EntryPoint=0x7ff861ab1b20)) returned 1 [0163.578] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.578] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff861ab0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="PhoneOm.dll") returned 0xb [0163.581] CoTaskMemFree (pv=0x6b08c0) [0163.581] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.581] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff861ab0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PhoneOm.dll" (normalized: "c:\\windows\\system32\\phoneom.dll")) returned 0x1f [0163.585] CoTaskMemFree (pv=0x6b0040) [0163.585] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff861a10000, lpmodinfo=0x25bc5b8, cb=0x18 | out: lpmodinfo=0x25bc5b8*(lpBaseOfDll=0x7ff861a10000, SizeOfImage=0x94000, EntryPoint=0x7ff861a770d0)) returned 1 [0163.588] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.588] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff861a10000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="XAudio2_9.dll") returned 0xd [0163.592] CoTaskMemFree (pv=0x6b0040) [0163.592] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.592] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff861a10000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\XAudio2_9.dll" (normalized: "c:\\windows\\system32\\xaudio2_9.dll")) returned 0x21 [0163.595] CoTaskMemFree (pv=0x6b2ac0) [0163.595] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875770000, lpmodinfo=0x25be770, cb=0x18 | out: lpmodinfo=0x25be770*(lpBaseOfDll=0x7ff875770000, SizeOfImage=0x16000, EntryPoint=0x7ff875779f30)) returned 1 [0163.599] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.599] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875770000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="UserDataPlatformHelperUtil.dll") returned 0x1e [0163.602] CoTaskMemFree (pv=0x6b1140) [0163.603] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.603] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875770000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UserDataPlatformHelperUtil.dll" (normalized: "c:\\windows\\system32\\userdataplatformhelperutil.dll")) returned 0x32 [0163.606] CoTaskMemFree (pv=0x6b1140) [0163.606] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875590000, lpmodinfo=0x25c0968, cb=0x18 | out: lpmodinfo=0x25c0968*(lpBaseOfDll=0x7ff875590000, SizeOfImage=0x11000, EntryPoint=0x7ff8755973f0)) returned 1 [0163.609] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.610] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875590000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="UserDataTypeHelperUtil.dll") returned 0x1a [0163.613] CoTaskMemFree (pv=0x6b3340) [0163.613] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.614] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875590000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\UserDataTypeHelperUtil.dll" (normalized: "c:\\windows\\system32\\userdatatypehelperutil.dll")) returned 0x2e [0163.617] CoTaskMemFree (pv=0x6b19c0) [0163.617] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878090000, lpmodinfo=0x25c2b50, cb=0x18 | out: lpmodinfo=0x25c2b50*(lpBaseOfDll=0x7ff878090000, SizeOfImage=0x70000, EntryPoint=0x7ff8780b2960)) returned 1 [0163.621] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.621] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878090000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="MMDevAPI.DLL") returned 0xc [0163.624] CoTaskMemFree (pv=0x6b0040) [0163.624] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.624] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878090000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MMDevAPI.DLL" (normalized: "c:\\windows\\system32\\mmdevapi.dll")) returned 0x20 [0163.628] CoTaskMemFree (pv=0x6b1140) [0163.628] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879830000, lpmodinfo=0x25c4d08, cb=0x18 | out: lpmodinfo=0x25c4d08*(lpBaseOfDll=0x7ff879830000, SizeOfImage=0xb000, EntryPoint=0x7ff879831650)) returned 1 [0163.631] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.632] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879830000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="AVRT.dll") returned 0x8 [0163.635] CoTaskMemFree (pv=0x6b19c0) [0163.635] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.635] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879830000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\AVRT.dll" (normalized: "c:\\windows\\system32\\avrt.dll")) returned 0x1c [0163.639] CoTaskMemFree (pv=0x6b08c0) [0163.639] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87afe0000, lpmodinfo=0x25c6eb0, cb=0x18 | out: lpmodinfo=0x25c6eb0*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0163.643] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.643] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87afe0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0163.648] CoTaskMemFree (pv=0x6b2240) [0163.648] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.648] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87afe0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0163.652] CoTaskMemFree (pv=0x6b08c0) [0163.652] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x25c9058, cb=0x18 | out: lpmodinfo=0x25c9058*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0163.656] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.656] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0163.660] CoTaskMemFree (pv=0x6b2ac0) [0163.660] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.660] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0163.664] CoTaskMemFree (pv=0x6b08c0) [0163.664] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ab10000, lpmodinfo=0x25cb210, cb=0x18 | out: lpmodinfo=0x25cb210*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0163.668] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.668] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ab10000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0163.672] CoTaskMemFree (pv=0x6b08c0) [0163.672] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.672] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ab10000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0163.675] CoTaskMemFree (pv=0x6b08c0) [0163.675] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c060000, lpmodinfo=0x25cd3b8, cb=0x18 | out: lpmodinfo=0x25cd3b8*(lpBaseOfDll=0x7ff86c060000, SizeOfImage=0x55000, EntryPoint=0x7ff86c071250)) returned 1 [0163.679] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.679] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c060000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="Windows.Storage.ApplicationData.dll") returned 0x23 [0163.684] CoTaskMemFree (pv=0x6b1140) [0163.684] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.685] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c060000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Storage.ApplicationData.dll" (normalized: "c:\\windows\\system32\\windows.storage.applicationdata.dll")) returned 0x37 [0163.689] CoTaskMemFree (pv=0x6b3340) [0163.689] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c760000, lpmodinfo=0x25cf5c0, cb=0x18 | out: lpmodinfo=0x25cf5c0*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0163.693] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.693] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c760000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0163.697] CoTaskMemFree (pv=0x6b1140) [0163.697] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.697] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c760000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0163.701] CoTaskMemFree (pv=0x6b2240) [0163.701] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x25d1788, cb=0x18 | out: lpmodinfo=0x25d1788*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0163.705] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.705] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0163.709] CoTaskMemFree (pv=0x6b2240) [0163.710] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.710] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0163.714] CoTaskMemFree (pv=0x6b3340) [0163.714] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x25d3940, cb=0x18 | out: lpmodinfo=0x25d3940*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0163.720] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.720] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0163.724] CoTaskMemFree (pv=0x6b2240) [0163.724] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.725] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0163.729] CoTaskMemFree (pv=0x6b19c0) [0163.729] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bab0000, lpmodinfo=0x25d5af8, cb=0x18 | out: lpmodinfo=0x25d5af8*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0163.733] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.733] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0163.737] CoTaskMemFree (pv=0x6b0040) [0163.737] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.737] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0163.742] CoTaskMemFree (pv=0x6b08c0) [0163.742] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff872970000, lpmodinfo=0x25d7ca0, cb=0x18 | out: lpmodinfo=0x25d7ca0*(lpBaseOfDll=0x7ff872970000, SizeOfImage=0x9c000, EntryPoint=0x7ff8729c96a0)) returned 1 [0163.746] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.746] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff872970000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="efswrt.dll") returned 0xa [0163.751] CoTaskMemFree (pv=0x6b2ac0) [0163.751] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.752] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff872970000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\efswrt.dll" (normalized: "c:\\windows\\system32\\efswrt.dll")) returned 0x1e [0163.756] CoTaskMemFree (pv=0x6b2240) [0163.756] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86dea0000, lpmodinfo=0x25d9e48, cb=0x18 | out: lpmodinfo=0x25d9e48*(lpBaseOfDll=0x7ff86dea0000, SizeOfImage=0x50000, EntryPoint=0x7ff86dea2580)) returned 1 [0163.760] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.761] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86dea0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="edputil.dll") returned 0xb [0163.765] CoTaskMemFree (pv=0x6b2ac0) [0163.765] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.765] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86dea0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll")) returned 0x1f [0163.770] CoTaskMemFree (pv=0x6b2240) [0163.770] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86c250000, lpmodinfo=0x25dbff0, cb=0x18 | out: lpmodinfo=0x25dbff0*(lpBaseOfDll=0x7ff86c250000, SizeOfImage=0x38000, EntryPoint=0x7ff86c272120)) returned 1 [0163.775] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.775] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86c250000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="rometadata.dll") returned 0xe [0163.779] CoTaskMemFree (pv=0x6b1140) [0163.779] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.779] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86c250000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\rometadata.dll" (normalized: "c:\\windows\\system32\\rometadata.dll")) returned 0x22 [0163.784] CoTaskMemFree (pv=0x6b2240) [0163.784] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878510000, lpmodinfo=0x25de1a8, cb=0x18 | out: lpmodinfo=0x25de1a8*(lpBaseOfDll=0x7ff878510000, SizeOfImage=0x3e000, EntryPoint=0x7ff87851a050)) returned 1 [0163.790] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.790] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878510000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="logoncli.dll") returned 0xc [0163.795] CoTaskMemFree (pv=0x6b1140) [0163.795] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.795] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878510000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")) returned 0x20 [0163.810] CoTaskMemFree (pv=0x6b19c0) [0163.810] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86b0b0000, lpmodinfo=0x25e0360, cb=0x18 | out: lpmodinfo=0x25e0360*(lpBaseOfDll=0x7ff86b0b0000, SizeOfImage=0xc5000, EntryPoint=0x7ff86b0be740)) returned 1 [0163.815] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.815] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86b0b0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="Windows.Web.dll") returned 0xf [0163.820] CoTaskMemFree (pv=0x6b2240) [0163.820] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.820] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86b0b0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Web.dll" (normalized: "c:\\windows\\system32\\windows.web.dll")) returned 0x23 [0163.825] CoTaskMemFree (pv=0x6b08c0) [0163.825] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8764e0000, lpmodinfo=0x25e2518, cb=0x18 | out: lpmodinfo=0x25e2518*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0163.829] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.829] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0163.835] CoTaskMemFree (pv=0x6b08c0) [0163.835] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.835] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8764e0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0163.840] CoTaskMemFree (pv=0x6b2240) [0163.840] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff861920000, lpmodinfo=0x25e46d0, cb=0x18 | out: lpmodinfo=0x25e46d0*(lpBaseOfDll=0x7ff861920000, SizeOfImage=0xea000, EntryPoint=0x7ff86193e6d0)) returned 1 [0163.845] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.845] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff861920000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ContactApis.dll") returned 0xf [0163.850] CoTaskMemFree (pv=0x6b08c0) [0163.850] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.850] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff861920000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ContactApis.dll" (normalized: "c:\\windows\\system32\\contactapis.dll")) returned 0x23 [0163.855] CoTaskMemFree (pv=0x6b2ac0) [0163.855] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff861900000, lpmodinfo=0x25e6888, cb=0x18 | out: lpmodinfo=0x25e6888*(lpBaseOfDll=0x7ff861900000, SizeOfImage=0x13000, EntryPoint=0x7ff8619013a0)) returned 1 [0163.861] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.861] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff861900000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="ContactActivation.dll") returned 0x15 [0163.866] CoTaskMemFree (pv=0x6b19c0) [0163.866] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.866] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff861900000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ContactActivation.dll" (normalized: "c:\\windows\\system32\\contactactivation.dll")) returned 0x29 [0163.874] CoTaskMemFree (pv=0x6b3340) [0163.874] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ae30000, lpmodinfo=0x25e8a60, cb=0x18 | out: lpmodinfo=0x25e8a60*(lpBaseOfDll=0x7ff87ae30000, SizeOfImage=0xc000, EntryPoint=0x7ff87ae31470)) returned 1 [0163.879] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.880] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ae30000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="dsclient.dll") returned 0xc [0163.884] CoTaskMemFree (pv=0x6b19c0) [0163.885] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.885] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ae30000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dsclient.dll" (normalized: "c:\\windows\\system32\\dsclient.dll")) returned 0x20 [0163.890] CoTaskMemFree (pv=0x6b19c0) [0163.890] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff86f460000, lpmodinfo=0x25eac18, cb=0x18 | out: lpmodinfo=0x25eac18*(lpBaseOfDll=0x7ff86f460000, SizeOfImage=0xb000, EntryPoint=0x7ff86f461e70)) returned 1 [0163.895] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.895] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff86f460000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="SystemEventsBrokerClient.dll") returned 0x1c [0163.900] CoTaskMemFree (pv=0x6b19c0) [0163.900] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.901] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff86f460000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\systemeventsbrokerclient.dll")) returned 0x30 [0163.906] CoTaskMemFree (pv=0x6b19c0) [0163.906] CloseHandle (hObject=0x260) returned 1 [0163.907] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0163.907] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc8c) returned 0x260 [0163.908] EnumProcessModules (in: hProcess=0x260, lphModule=0x25ee600, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25ee600, lpcbNeeded=0x14ef68) returned 1 [0163.908] GetModuleInformation (in: hProcess=0x260, hModule=0xac0000, lpmodinfo=0x25ee870, cb=0x18 | out: lpmodinfo=0x25ee870*(lpBaseOfDll=0xac0000, SizeOfImage=0x17000, EntryPoint=0xac14a1)) returned 1 [0163.909] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.909] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xac0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="card.exe") returned 0x8 [0163.909] CoTaskMemFree (pv=0x6b1140) [0163.909] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.909] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xac0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\MSBuild\\card.exe" (normalized: "c:\\program files (x86)\\msbuild\\card.exe")) returned 0x27 [0163.910] CoTaskMemFree (pv=0x6b0040) [0163.910] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25f0a60, cb=0x18 | out: lpmodinfo=0x25f0a60*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0163.910] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.910] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0163.911] CoTaskMemFree (pv=0x6b1140) [0163.911] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.911] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0163.911] CoTaskMemFree (pv=0x6b19c0) [0163.912] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x25f2c08, cb=0x18 | out: lpmodinfo=0x25f2c08*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0163.912] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.912] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0163.913] CoTaskMemFree (pv=0x6b19c0) [0163.913] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.913] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0163.914] CoTaskMemFree (pv=0x6b3340) [0163.914] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x25f4db0, cb=0x18 | out: lpmodinfo=0x25f4db0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0163.914] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.915] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0163.915] CoTaskMemFree (pv=0x6b3340) [0163.915] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.916] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0163.916] CoTaskMemFree (pv=0x6b3340) [0163.917] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x25f6f68, cb=0x18 | out: lpmodinfo=0x25f6f68*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0163.917] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.917] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0163.918] CoTaskMemFree (pv=0x6b1140) [0163.918] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.918] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0163.919] CoTaskMemFree (pv=0x6b1140) [0163.919] CloseHandle (hObject=0x260) returned 1 [0163.919] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0163.919] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1064) returned 0x260 [0163.919] EnumProcessModules (in: hProcess=0x260, lphModule=0x25f9680, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25f9680, lpcbNeeded=0x14ef68) returned 1 [0163.920] GetModuleInformation (in: hProcess=0x260, hModule=0xbc0000, lpmodinfo=0x25f98f0, cb=0x18 | out: lpmodinfo=0x25f98f0*(lpBaseOfDll=0xbc0000, SizeOfImage=0x17000, EntryPoint=0xbc14a1)) returned 1 [0163.920] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.920] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xbc0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="notepad.exe") returned 0xb [0163.921] CoTaskMemFree (pv=0x6b1140) [0163.921] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.921] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xbc0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Office\\notepad.exe" (normalized: "c:\\program files (x86)\\microsoft office\\notepad.exe")) returned 0x33 [0163.921] CoTaskMemFree (pv=0x6b1140) [0163.921] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x25fbaf8, cb=0x18 | out: lpmodinfo=0x25fbaf8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0163.922] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.922] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0163.922] CoTaskMemFree (pv=0x6b0040) [0163.922] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.922] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0163.923] CoTaskMemFree (pv=0x6b3340) [0163.923] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x25fdca0, cb=0x18 | out: lpmodinfo=0x25fdca0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0163.924] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.924] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0163.924] CoTaskMemFree (pv=0x6b2240) [0163.925] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.925] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0163.925] CoTaskMemFree (pv=0x6b08c0) [0163.925] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x25ffe48, cb=0x18 | out: lpmodinfo=0x25ffe48*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0163.926] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.926] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0163.926] CoTaskMemFree (pv=0x6b1140) [0163.927] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.927] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0163.927] CoTaskMemFree (pv=0x6b2ac0) [0163.928] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x2602000, cb=0x18 | out: lpmodinfo=0x2602000*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0163.928] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.929] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0163.929] CoTaskMemFree (pv=0x6b2240) [0163.929] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.930] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0163.930] CoTaskMemFree (pv=0x6b19c0) [0163.931] CloseHandle (hObject=0x260) returned 1 [0163.931] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0163.931] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4d8) returned 0x260 [0163.931] EnumProcessModules (in: hProcess=0x260, lphModule=0x2604718, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2604718, lpcbNeeded=0x14ef68) returned 1 [0163.932] GetModuleInformation (in: hProcess=0x260, hModule=0x1e0000, lpmodinfo=0x2604988, cb=0x18 | out: lpmodinfo=0x2604988*(lpBaseOfDll=0x1e0000, SizeOfImage=0x17000, EntryPoint=0x1e14a1)) returned 1 [0163.932] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.932] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x1e0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="hit-make.exe") returned 0xc [0163.933] CoTaskMemFree (pv=0x6b19c0) [0163.933] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.933] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x1e0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Reference Assemblies\\hit-make.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\hit-make.exe")) returned 0x38 [0163.934] CoTaskMemFree (pv=0x6b19c0) [0163.934] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2606ba8, cb=0x18 | out: lpmodinfo=0x2606ba8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0163.934] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.934] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0163.935] CoTaskMemFree (pv=0x6b0040) [0163.935] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.935] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0163.935] CoTaskMemFree (pv=0x6b2240) [0163.936] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x2608d50, cb=0x18 | out: lpmodinfo=0x2608d50*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0163.937] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.937] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0163.937] CoTaskMemFree (pv=0x6b2240) [0163.938] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.938] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0163.938] CoTaskMemFree (pv=0x6b1140) [0163.938] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x260aef8, cb=0x18 | out: lpmodinfo=0x260aef8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0163.939] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.939] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0163.940] CoTaskMemFree (pv=0x6b0040) [0163.940] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.940] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0163.942] CoTaskMemFree (pv=0x6b2ac0) [0163.942] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x260d0b0, cb=0x18 | out: lpmodinfo=0x260d0b0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0163.942] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.943] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0163.943] CoTaskMemFree (pv=0x6b3340) [0163.943] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.944] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0163.945] CoTaskMemFree (pv=0x6b2ac0) [0163.945] CloseHandle (hObject=0x260) returned 1 [0163.945] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0163.945] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xe10) returned 0x260 [0163.945] EnumProcessModules (in: hProcess=0x260, lphModule=0x260f7c8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x260f7c8, lpcbNeeded=0x14ef68) returned 1 [0163.946] GetModuleInformation (in: hProcess=0x260, hModule=0xb80000, lpmodinfo=0x260fa38, cb=0x18 | out: lpmodinfo=0x260fa38*(lpBaseOfDll=0xb80000, SizeOfImage=0x17000, EntryPoint=0xb814a1)) returned 1 [0163.946] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.947] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xb80000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="recognize.exe") returned 0xd [0163.947] CoTaskMemFree (pv=0x6b2240) [0163.947] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.947] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xb80000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Multimedia Platform\\recognize.exe" (normalized: "c:\\program files\\windows multimedia platform\\recognize.exe")) returned 0x3a [0163.948] CoTaskMemFree (pv=0x6b08c0) [0163.948] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2611c58, cb=0x18 | out: lpmodinfo=0x2611c58*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0163.948] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.948] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0163.949] CoTaskMemFree (pv=0x6b0040) [0163.949] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.949] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0163.949] CoTaskMemFree (pv=0x6b08c0) [0163.949] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x2613e00, cb=0x18 | out: lpmodinfo=0x2613e00*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0163.950] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.950] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0163.951] CoTaskMemFree (pv=0x6b2240) [0163.951] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.951] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0163.952] CoTaskMemFree (pv=0x6b19c0) [0163.952] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x2615fa8, cb=0x18 | out: lpmodinfo=0x2615fa8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0163.952] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.952] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0163.953] CoTaskMemFree (pv=0x6b1140) [0163.953] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.953] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0163.954] CoTaskMemFree (pv=0x6b3340) [0163.954] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x2618160, cb=0x18 | out: lpmodinfo=0x2618160*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0163.955] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.955] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0163.956] CoTaskMemFree (pv=0x6b08c0) [0163.956] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.956] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0163.958] CoTaskMemFree (pv=0x6b19c0) [0163.958] CloseHandle (hObject=0x260) returned 1 [0163.958] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0163.958] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x598) returned 0x260 [0163.958] EnumProcessModules (in: hProcess=0x260, lphModule=0x261a878, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x261a878, lpcbNeeded=0x14ef68) returned 1 [0163.963] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff764dc0000, lpmodinfo=0x261aae8, cb=0x18 | out: lpmodinfo=0x261aae8*(lpBaseOfDll=0x7ff764dc0000, SizeOfImage=0x16000, EntryPoint=0x7ff764dc5190)) returned 1 [0163.964] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.964] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff764dc0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="sihost.exe") returned 0xa [0163.964] CoTaskMemFree (pv=0x6b19c0) [0163.965] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.965] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff764dc0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sihost.exe" (normalized: "c:\\windows\\system32\\sihost.exe")) returned 0x1e [0163.965] CoTaskMemFree (pv=0x6b2ac0) [0163.965] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x261ccc8, cb=0x18 | out: lpmodinfo=0x261ccc8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0163.966] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.966] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0163.967] CoTaskMemFree (pv=0x6b19c0) [0163.967] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.967] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0163.968] CoTaskMemFree (pv=0x6b0040) [0163.968] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x261ee70, cb=0x18 | out: lpmodinfo=0x261ee70*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0163.968] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.968] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0163.969] CoTaskMemFree (pv=0x6b0040) [0163.969] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.969] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0163.970] CoTaskMemFree (pv=0x6b0040) [0163.970] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x2621028, cb=0x18 | out: lpmodinfo=0x2621028*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0163.970] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.970] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0163.971] CoTaskMemFree (pv=0x6b19c0) [0163.971] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.971] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0163.972] CoTaskMemFree (pv=0x6b1140) [0163.972] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x26231e0, cb=0x18 | out: lpmodinfo=0x26231e0*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0163.972] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.973] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0163.973] CoTaskMemFree (pv=0x6b08c0) [0163.973] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.973] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0163.974] CoTaskMemFree (pv=0x6b19c0) [0163.974] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x26253e0, cb=0x18 | out: lpmodinfo=0x26253e0*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0163.975] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0163.975] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0163.976] CoTaskMemFree (pv=0x6b19c0) [0163.976] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.977] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0163.978] CoTaskMemFree (pv=0x6b2240) [0163.978] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x2627588, cb=0x18 | out: lpmodinfo=0x2627588*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0163.979] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.979] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0163.980] CoTaskMemFree (pv=0x6b3340) [0163.980] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.980] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0163.981] CoTaskMemFree (pv=0x6b3340) [0163.981] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x2629730, cb=0x18 | out: lpmodinfo=0x2629730*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0163.982] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0163.982] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0163.983] CoTaskMemFree (pv=0x6b1140) [0163.983] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.983] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0163.984] CoTaskMemFree (pv=0x6b2ac0) [0163.985] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x262b908, cb=0x18 | out: lpmodinfo=0x262b908*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0163.986] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0163.986] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0163.987] CoTaskMemFree (pv=0x6b08c0) [0163.987] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.988] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0163.989] CoTaskMemFree (pv=0x6b2ac0) [0163.989] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x262db48, cb=0x18 | out: lpmodinfo=0x262db48*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0163.990] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.990] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0163.992] CoTaskMemFree (pv=0x6b2ac0) [0163.992] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0163.992] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0163.993] CoTaskMemFree (pv=0x6b3340) [0163.993] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bab0000, lpmodinfo=0x262fd00, cb=0x18 | out: lpmodinfo=0x262fd00*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0163.994] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0163.994] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0163.996] CoTaskMemFree (pv=0x6b0040) [0163.996] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0163.996] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0163.997] CoTaskMemFree (pv=0x6b2ac0) [0163.998] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpmodinfo=0x2631ea8, cb=0x18 | out: lpmodinfo=0x2631ea8*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0163.999] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0163.999] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="CoreMessaging.dll") returned 0x11 [0164.000] CoTaskMemFree (pv=0x6b2240) [0164.001] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.001] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0164.002] CoTaskMemFree (pv=0x6b3340) [0164.002] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874220000, lpmodinfo=0x2634070, cb=0x18 | out: lpmodinfo=0x2634070*(lpBaseOfDll=0x7ff874220000, SizeOfImage=0x288000, EntryPoint=0x7ff87427f670)) returned 1 [0164.003] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.004] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874220000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="CoreUIComponents.dll") returned 0x14 [0164.005] CoTaskMemFree (pv=0x6b19c0) [0164.005] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.005] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874220000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll")) returned 0x28 [0164.007] CoTaskMemFree (pv=0x6b0040) [0164.007] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x2636248, cb=0x18 | out: lpmodinfo=0x2636248*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0164.008] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.008] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0164.010] CoTaskMemFree (pv=0x6b2240) [0164.010] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.010] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0164.012] CoTaskMemFree (pv=0x6b3340) [0164.012] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x2638410, cb=0x18 | out: lpmodinfo=0x2638410*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0164.014] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.014] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0164.016] CoTaskMemFree (pv=0x6b3340) [0164.016] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.016] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0164.018] CoTaskMemFree (pv=0x6b3340) [0164.018] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x263a5b8, cb=0x18 | out: lpmodinfo=0x263a5b8*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0164.020] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.020] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0164.021] CoTaskMemFree (pv=0x6b08c0) [0164.021] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.022] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0164.023] CoTaskMemFree (pv=0x6b19c0) [0164.024] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c650000, lpmodinfo=0x263c760, cb=0x18 | out: lpmodinfo=0x263c760*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0164.025] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.025] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c650000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0164.027] CoTaskMemFree (pv=0x6b2ac0) [0164.027] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.027] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c650000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0164.029] CoTaskMemFree (pv=0x6b0040) [0164.029] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff876870000, lpmodinfo=0x263ea20, cb=0x18 | out: lpmodinfo=0x263ea20*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0164.031] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.031] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff876870000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0164.033] CoTaskMemFree (pv=0x6b19c0) [0164.033] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.033] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff876870000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0164.035] CoTaskMemFree (pv=0x6b2ac0) [0164.035] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpmodinfo=0x2640bd8, cb=0x18 | out: lpmodinfo=0x2640bd8*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0164.037] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.037] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0164.039] CoTaskMemFree (pv=0x6b19c0) [0164.040] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.040] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d4f0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0164.042] CoTaskMemFree (pv=0x6b2240) [0164.042] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x2642d80, cb=0x18 | out: lpmodinfo=0x2642d80*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0164.044] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.044] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0164.046] CoTaskMemFree (pv=0x6b2240) [0164.046] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.046] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0164.048] CoTaskMemFree (pv=0x6b19c0) [0164.049] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874200000, lpmodinfo=0x2644f28, cb=0x18 | out: lpmodinfo=0x2644f28*(lpBaseOfDll=0x7ff874200000, SizeOfImage=0x1e000, EntryPoint=0x7ff874205340)) returned 1 [0164.051] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.051] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874200000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="desktopshellext.dll") returned 0x13 [0164.053] CoTaskMemFree (pv=0x6b2240) [0164.053] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.053] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874200000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\desktopshellext.dll" (normalized: "c:\\windows\\system32\\desktopshellext.dll")) returned 0x27 [0164.055] CoTaskMemFree (pv=0x6b0040) [0164.055] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8741e0000, lpmodinfo=0x26470f0, cb=0x18 | out: lpmodinfo=0x26470f0*(lpBaseOfDll=0x7ff8741e0000, SizeOfImage=0x12000, EntryPoint=0x7ff8741e5110)) returned 1 [0164.057] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.059] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8741e0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="Windows.Shell.ServiceHostBuilder.dll") returned 0x24 [0164.061] CoTaskMemFree (pv=0x6b3340) [0164.061] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.061] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8741e0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Shell.ServiceHostBuilder.dll" (normalized: "c:\\windows\\system32\\windows.shell.servicehostbuilder.dll")) returned 0x38 [0164.063] CoTaskMemFree (pv=0x6b2ac0) [0164.063] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879c90000, lpmodinfo=0x2649308, cb=0x18 | out: lpmodinfo=0x2649308*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0164.065] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.066] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879c90000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0164.068] CoTaskMemFree (pv=0x6b3340) [0164.068] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.068] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879c90000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0164.071] CoTaskMemFree (pv=0x6b3340) [0164.071] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874100000, lpmodinfo=0x264b4c0, cb=0x18 | out: lpmodinfo=0x264b4c0*(lpBaseOfDll=0x7ff874100000, SizeOfImage=0xda000, EntryPoint=0x7ff8741503b0)) returned 1 [0164.073] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.073] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874100000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="modernexecserver.dll") returned 0x14 [0164.075] CoTaskMemFree (pv=0x6b3340) [0164.075] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.076] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874100000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\modernexecserver.dll" (normalized: "c:\\windows\\system32\\modernexecserver.dll")) returned 0x28 [0164.078] CoTaskMemFree (pv=0x6b2ac0) [0164.078] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x264d698, cb=0x18 | out: lpmodinfo=0x264d698*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0164.085] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.085] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0164.088] CoTaskMemFree (pv=0x6b0040) [0164.088] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.088] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0164.091] CoTaskMemFree (pv=0x6b3340) [0164.092] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x264f850, cb=0x18 | out: lpmodinfo=0x264f850*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0164.094] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.094] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0164.096] CoTaskMemFree (pv=0x6b1140) [0164.096] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.096] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0164.099] CoTaskMemFree (pv=0x6b2240) [0164.099] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b380000, lpmodinfo=0x2651a08, cb=0x18 | out: lpmodinfo=0x2651a08*(lpBaseOfDll=0x7ff87b380000, SizeOfImage=0x2a000, EntryPoint=0x7ff87b388b90)) returned 1 [0164.101] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.101] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b380000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="RMCLIENT.dll") returned 0xc [0164.104] CoTaskMemFree (pv=0x6b0040) [0164.104] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.104] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b380000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RMCLIENT.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")) returned 0x20 [0164.107] CoTaskMemFree (pv=0x6b19c0) [0164.107] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8740b0000, lpmodinfo=0x2653bc0, cb=0x18 | out: lpmodinfo=0x2653bc0*(lpBaseOfDll=0x7ff8740b0000, SizeOfImage=0x4b000, EntryPoint=0x7ff8740c7b70)) returned 1 [0164.109] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.109] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8740b0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="VEEventDispatcher.dll") returned 0x15 [0164.112] CoTaskMemFree (pv=0x6b1140) [0164.112] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.112] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8740b0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll")) returned 0x29 [0164.115] CoTaskMemFree (pv=0x6b19c0) [0164.115] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpmodinfo=0x2655d98, cb=0x18 | out: lpmodinfo=0x2655d98*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0164.117] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.117] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0164.120] CoTaskMemFree (pv=0x6b08c0) [0164.120] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.120] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0164.177] CoTaskMemFree (pv=0x6b08c0) [0164.177] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878e80000, lpmodinfo=0x2657f60, cb=0x18 | out: lpmodinfo=0x2657f60*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0164.181] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.181] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878e80000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0164.184] CoTaskMemFree (pv=0x6b2ac0) [0164.184] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.184] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878e80000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0164.187] CoTaskMemFree (pv=0x6b1140) [0164.187] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x265a128, cb=0x18 | out: lpmodinfo=0x265a128*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0164.190] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.190] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0164.193] CoTaskMemFree (pv=0x6b1140) [0164.193] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.193] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0164.195] CoTaskMemFree (pv=0x6b08c0) [0164.195] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87af40000, lpmodinfo=0x265c2d0, cb=0x18 | out: lpmodinfo=0x265c2d0*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0164.198] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.200] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87af40000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="uxtheme.dll") returned 0xb [0164.203] CoTaskMemFree (pv=0x6b19c0) [0164.203] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.203] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87af40000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\uxtheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0164.212] CoTaskMemFree (pv=0x6b1140) [0164.212] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874070000, lpmodinfo=0x265e478, cb=0x18 | out: lpmodinfo=0x265e478*(lpBaseOfDll=0x7ff874070000, SizeOfImage=0x31000, EntryPoint=0x7ff874073400)) returned 1 [0164.215] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.215] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874070000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ClipboardServer.dll") returned 0x13 [0164.217] CoTaskMemFree (pv=0x6b08c0) [0164.218] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.218] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874070000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ClipboardServer.dll" (normalized: "c:\\windows\\system32\\clipboardserver.dll")) returned 0x27 [0164.222] CoTaskMemFree (pv=0x6b3340) [0164.223] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff874010000, lpmodinfo=0x2660858, cb=0x18 | out: lpmodinfo=0x2660858*(lpBaseOfDll=0x7ff874010000, SizeOfImage=0x5d000, EntryPoint=0x7ff874020080)) returned 1 [0164.225] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.226] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff874010000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="activationmanager.dll") returned 0x15 [0164.229] CoTaskMemFree (pv=0x6b3340) [0164.229] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.229] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff874010000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\activationmanager.dll" (normalized: "c:\\windows\\system32\\activationmanager.dll")) returned 0x29 [0164.271] CoTaskMemFree (pv=0x6b1140) [0164.271] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873fe0000, lpmodinfo=0x2662a30, cb=0x18 | out: lpmodinfo=0x2662a30*(lpBaseOfDll=0x7ff873fe0000, SizeOfImage=0x23000, EntryPoint=0x7ff873fe3020)) returned 1 [0164.274] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.275] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873fe0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="AppointmentActivation.dll") returned 0x19 [0164.278] CoTaskMemFree (pv=0x6b2240) [0164.278] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.278] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873fe0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\AppointmentActivation.dll" (normalized: "c:\\windows\\system32\\appointmentactivation.dll")) returned 0x2d [0164.281] CoTaskMemFree (pv=0x6b0040) [0164.281] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpmodinfo=0x2664c18, cb=0x18 | out: lpmodinfo=0x2664c18*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0164.285] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.285] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0164.288] CoTaskMemFree (pv=0x6b2240) [0164.289] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.289] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0164.292] CoTaskMemFree (pv=0x6b2240) [0164.292] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875080000, lpmodinfo=0x2666dc0, cb=0x18 | out: lpmodinfo=0x2666dc0*(lpBaseOfDll=0x7ff875080000, SizeOfImage=0x41000, EntryPoint=0x7ff875084840)) returned 1 [0164.297] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.297] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875080000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="usermgrproxy.dll") returned 0x10 [0164.300] CoTaskMemFree (pv=0x6b19c0) [0164.300] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.301] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875080000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\usermgrproxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")) returned 0x24 [0164.304] CoTaskMemFree (pv=0x6b2ac0) [0164.304] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875b40000, lpmodinfo=0x2668f88, cb=0x18 | out: lpmodinfo=0x2668f88*(lpBaseOfDll=0x7ff875b40000, SizeOfImage=0x10000, EntryPoint=0x7ff875b42c60)) returned 1 [0164.308] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.308] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875b40000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="usermgrcli.dll") returned 0xe [0164.311] CoTaskMemFree (pv=0x6b2240) [0164.311] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.311] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875b40000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")) returned 0x22 [0164.316] CoTaskMemFree (pv=0x6b3340) [0164.316] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873f90000, lpmodinfo=0x266b140, cb=0x18 | out: lpmodinfo=0x266b140*(lpBaseOfDll=0x7ff873f90000, SizeOfImage=0x44000, EntryPoint=0x7ff873f9c010)) returned 1 [0164.319] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.319] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873f90000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ExecModelClient.dll") returned 0x13 [0164.323] CoTaskMemFree (pv=0x6b1140) [0164.323] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.323] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873f90000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ExecModelClient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")) returned 0x27 [0164.326] CoTaskMemFree (pv=0x6b08c0) [0164.326] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873f80000, lpmodinfo=0x266d308, cb=0x18 | out: lpmodinfo=0x266d308*(lpBaseOfDll=0x7ff873f80000, SizeOfImage=0xe000, EntryPoint=0x7ff873f82690)) returned 1 [0164.330] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.330] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873f80000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="NotificationPlatformComponent.dll") returned 0x21 [0164.334] CoTaskMemFree (pv=0x6b19c0) [0164.334] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.334] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873f80000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NotificationPlatformComponent.dll" (normalized: "c:\\windows\\system32\\notificationplatformcomponent.dll")) returned 0x35 [0164.338] CoTaskMemFree (pv=0x6b3340) [0164.338] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873ee0000, lpmodinfo=0x266f510, cb=0x18 | out: lpmodinfo=0x266f510*(lpBaseOfDll=0x7ff873ee0000, SizeOfImage=0x97000, EntryPoint=0x7ff873ef4fd0)) returned 1 [0164.341] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.342] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873ee0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="AppContracts.dll") returned 0x10 [0164.345] CoTaskMemFree (pv=0x6b2ac0) [0164.346] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.347] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873ee0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\AppContracts.dll" (normalized: "c:\\windows\\system32\\appcontracts.dll")) returned 0x24 [0164.351] CoTaskMemFree (pv=0x6b2ac0) [0164.351] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873e30000, lpmodinfo=0x26716d8, cb=0x18 | out: lpmodinfo=0x26716d8*(lpBaseOfDll=0x7ff873e30000, SizeOfImage=0xa2000, EntryPoint=0x7ff873e32b20)) returned 1 [0164.355] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.355] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873e30000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ShareHost.dll") returned 0xd [0164.359] CoTaskMemFree (pv=0x6b2240) [0164.359] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.359] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873e30000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ShareHost.dll" (normalized: "c:\\windows\\system32\\sharehost.dll")) returned 0x21 [0164.362] CoTaskMemFree (pv=0x6b1140) [0164.362] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fb50000, lpmodinfo=0x2673890, cb=0x18 | out: lpmodinfo=0x2673890*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0164.366] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.367] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0164.371] CoTaskMemFree (pv=0x6b3340) [0164.371] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.372] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0164.376] CoTaskMemFree (pv=0x6b3340) [0164.376] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c760000, lpmodinfo=0x2675a38, cb=0x18 | out: lpmodinfo=0x2675a38*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0164.380] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.380] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c760000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="Windows.Storage.dll") returned 0x13 [0164.384] CoTaskMemFree (pv=0x6b1140) [0164.384] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.384] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c760000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Windows.Storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0164.388] CoTaskMemFree (pv=0x6b08c0) [0164.388] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x2677c00, cb=0x18 | out: lpmodinfo=0x2677c00*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0164.392] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.392] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0164.396] CoTaskMemFree (pv=0x6b19c0) [0164.396] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.396] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0164.400] CoTaskMemFree (pv=0x6b08c0) [0164.400] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x2679db8, cb=0x18 | out: lpmodinfo=0x2679db8*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0164.404] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.405] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0164.409] CoTaskMemFree (pv=0x6b19c0) [0164.409] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.409] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0164.413] CoTaskMemFree (pv=0x6b19c0) [0164.413] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873e20000, lpmodinfo=0x267bf60, cb=0x18 | out: lpmodinfo=0x267bf60*(lpBaseOfDll=0x7ff873e20000, SizeOfImage=0x9000, EntryPoint=0x7ff873e21480)) returned 1 [0164.417] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.417] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873e20000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="WpPortingLibrary.dll") returned 0x14 [0164.421] CoTaskMemFree (pv=0x6b0040) [0164.421] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.421] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873e20000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll")) returned 0x28 [0164.426] CoTaskMemFree (pv=0x6b0040) [0164.426] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873bc0000, lpmodinfo=0x267e138, cb=0x18 | out: lpmodinfo=0x267e138*(lpBaseOfDll=0x7ff873bc0000, SizeOfImage=0x25d000, EntryPoint=0x7ff873c48610)) returned 1 [0164.430] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.430] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873bc0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="twinui.appcore.dll") returned 0x12 [0164.434] CoTaskMemFree (pv=0x6b19c0) [0164.434] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.434] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873bc0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll")) returned 0x26 [0164.439] CoTaskMemFree (pv=0x6b1140) [0164.439] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873b20000, lpmodinfo=0x2680300, cb=0x18 | out: lpmodinfo=0x2680300*(lpBaseOfDll=0x7ff873b20000, SizeOfImage=0x15000, EntryPoint=0x7ff873b21ab0)) returned 1 [0164.444] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.444] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873b20000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="execmodelproxy.dll") returned 0x12 [0164.448] CoTaskMemFree (pv=0x6b08c0) [0164.448] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.448] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873b20000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll")) returned 0x26 [0164.452] CoTaskMemFree (pv=0x6b3340) [0164.453] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bf40000, lpmodinfo=0x26824c8, cb=0x18 | out: lpmodinfo=0x26824c8*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0164.457] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.457] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0164.461] CoTaskMemFree (pv=0x6b2240) [0164.462] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.462] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0164.466] CoTaskMemFree (pv=0x6b0040) [0164.466] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpmodinfo=0x2684670, cb=0x18 | out: lpmodinfo=0x2684670*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0164.470] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.470] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0164.475] CoTaskMemFree (pv=0x6b1140) [0164.475] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.476] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0164.480] CoTaskMemFree (pv=0x6b2ac0) [0164.480] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c060000, lpmodinfo=0x2686818, cb=0x18 | out: lpmodinfo=0x2686818*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0164.485] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.486] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c060000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0164.490] CoTaskMemFree (pv=0x6b2ac0) [0164.490] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.490] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c060000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0164.505] CoTaskMemFree (pv=0x6b0040) [0164.505] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873b00000, lpmodinfo=0x26889d0, cb=0x18 | out: lpmodinfo=0x26889d0*(lpBaseOfDll=0x7ff873b00000, SizeOfImage=0x11000, EntryPoint=0x7ff873b05e90)) returned 1 [0164.509] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.509] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873b00000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="licensemanagerapi.dll") returned 0x15 [0164.514] CoTaskMemFree (pv=0x6b1140) [0164.514] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.514] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873b00000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\licensemanagerapi.dll" (normalized: "c:\\windows\\system32\\licensemanagerapi.dll")) returned 0x29 [0164.520] CoTaskMemFree (pv=0x6b0040) [0164.520] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8736c0000, lpmodinfo=0x268aba8, cb=0x18 | out: lpmodinfo=0x268aba8*(lpBaseOfDll=0x7ff8736c0000, SizeOfImage=0x2a3000, EntryPoint=0x7ff8736e6190)) returned 1 [0164.524] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.525] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8736c0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="Windows.StateRepository.dll") returned 0x1b [0164.529] CoTaskMemFree (pv=0x6b2240) [0164.529] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.529] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8736c0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")) returned 0x2f [0164.534] CoTaskMemFree (pv=0x6b1140) [0164.534] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873620000, lpmodinfo=0x268cd90, cb=0x18 | out: lpmodinfo=0x268cd90*(lpBaseOfDll=0x7ff873620000, SizeOfImage=0x94000, EntryPoint=0x7ff873659210)) returned 1 [0164.539] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.539] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873620000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="StateRepository.Core.dll") returned 0x18 [0164.544] CoTaskMemFree (pv=0x6b08c0) [0164.544] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.544] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873620000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")) returned 0x2c [0164.548] CoTaskMemFree (pv=0x6b0040) [0164.548] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a590000, lpmodinfo=0x268ef78, cb=0x18 | out: lpmodinfo=0x268ef78*(lpBaseOfDll=0x7ff87a590000, SizeOfImage=0x22000, EntryPoint=0x7ff87a591a40)) returned 1 [0164.553] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.553] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a590000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0164.558] CoTaskMemFree (pv=0x6b1140) [0164.558] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.559] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a590000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0164.564] CoTaskMemFree (pv=0x6b2ac0) [0164.564] CloseHandle (hObject=0x260) returned 1 [0164.565] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0164.565] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x105c) returned 0x260 [0164.565] EnumProcessModules (in: hProcess=0x260, lphModule=0x26927b0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26927b0, lpcbNeeded=0x14ef68) returned 1 [0164.566] GetModuleInformation (in: hProcess=0x260, hModule=0x9f0000, lpmodinfo=0x2692a20, cb=0x18 | out: lpmodinfo=0x2692a20*(lpBaseOfDll=0x9f0000, SizeOfImage=0x17000, EntryPoint=0x9f14a1)) returned 1 [0164.566] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.566] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x9f0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="ncftp.exe") returned 0x9 [0164.567] CoTaskMemFree (pv=0x6b2ac0) [0164.567] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.567] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x9f0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Sidebar\\ncftp.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\ncftp.exe")) returned 0x30 [0164.568] CoTaskMemFree (pv=0x6b2240) [0164.568] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2694c28, cb=0x18 | out: lpmodinfo=0x2694c28*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0164.568] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.568] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0164.569] CoTaskMemFree (pv=0x6b0040) [0164.569] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.569] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0164.570] CoTaskMemFree (pv=0x6b2ac0) [0164.570] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x2696dd0, cb=0x18 | out: lpmodinfo=0x2696dd0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0164.570] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.570] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0164.571] CoTaskMemFree (pv=0x6b08c0) [0164.571] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.571] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0164.571] CoTaskMemFree (pv=0x6b08c0) [0164.571] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x2698f78, cb=0x18 | out: lpmodinfo=0x2698f78*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0164.572] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.572] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0164.573] CoTaskMemFree (pv=0x6b2ac0) [0164.573] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.573] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0164.574] CoTaskMemFree (pv=0x6b0040) [0164.574] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x269b130, cb=0x18 | out: lpmodinfo=0x269b130*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0164.575] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.575] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0164.576] CoTaskMemFree (pv=0x6b19c0) [0164.576] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.576] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0164.577] CoTaskMemFree (pv=0x6b1140) [0164.577] CloseHandle (hObject=0x260) returned 1 [0164.577] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0164.577] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1bc) returned 0x0 [0164.577] EnumProcesses (in: lpidProcess=0x269d848, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x269d848, lpcbNeeded=0x14ee58) returned 1 [0164.590] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x14eab0, nSize=0x101, Arguments=0x0 | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0164.594] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x111c) returned 0x260 [0164.594] EnumProcessModules (in: hProcess=0x260, lphModule=0x269e550, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x269e550, lpcbNeeded=0x14ef68) returned 1 [0164.595] GetModuleInformation (in: hProcess=0x260, hModule=0x120000, lpmodinfo=0x269e7c0, cb=0x18 | out: lpmodinfo=0x269e7c0*(lpBaseOfDll=0x120000, SizeOfImage=0x17000, EntryPoint=0x1214a1)) returned 1 [0164.595] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.596] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x120000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="aldelo.exe") returned 0xa [0164.596] CoTaskMemFree (pv=0x6b3340) [0164.596] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.596] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x120000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Defender\\aldelo.exe" (normalized: "c:\\program files (x86)\\windows defender\\aldelo.exe")) returned 0x32 [0164.597] CoTaskMemFree (pv=0x6b19c0) [0164.597] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x26a09c8, cb=0x18 | out: lpmodinfo=0x26a09c8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0164.597] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.597] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0164.598] CoTaskMemFree (pv=0x6b0040) [0164.598] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.598] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0164.599] CoTaskMemFree (pv=0x6b3340) [0164.599] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x26a2b70, cb=0x18 | out: lpmodinfo=0x26a2b70*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0164.599] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.599] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0164.600] CoTaskMemFree (pv=0x6b0040) [0164.600] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.600] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0164.601] CoTaskMemFree (pv=0x6b3340) [0164.601] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x26a4d18, cb=0x18 | out: lpmodinfo=0x26a4d18*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0164.601] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.602] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0164.602] CoTaskMemFree (pv=0x6b19c0) [0164.603] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.603] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0164.603] CoTaskMemFree (pv=0x6b0040) [0164.603] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x26a6ed0, cb=0x18 | out: lpmodinfo=0x26a6ed0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0164.604] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.604] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0164.605] CoTaskMemFree (pv=0x6b2240) [0164.605] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.606] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0164.606] CoTaskMemFree (pv=0x6b2240) [0164.607] CloseHandle (hObject=0x260) returned 1 [0164.607] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0164.607] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x654) returned 0x260 [0164.607] EnumProcessModules (in: hProcess=0x260, lphModule=0x26a95e8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26a95e8, lpcbNeeded=0x14ef68) returned 1 [0164.608] GetModuleInformation (in: hProcess=0x260, hModule=0xde0000, lpmodinfo=0x26a9858, cb=0x18 | out: lpmodinfo=0x26a9858*(lpBaseOfDll=0xde0000, SizeOfImage=0x17000, EntryPoint=0xde14a1)) returned 1 [0164.608] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.608] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xde0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="support.exe") returned 0xb [0164.609] CoTaskMemFree (pv=0x6b19c0) [0164.609] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.609] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xde0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows NT\\support.exe" (normalized: "c:\\program files (x86)\\windows nt\\support.exe")) returned 0x2d [0164.610] CoTaskMemFree (pv=0x6b2ac0) [0164.610] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x26aba58, cb=0x18 | out: lpmodinfo=0x26aba58*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0164.610] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.610] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0164.611] CoTaskMemFree (pv=0x6b1140) [0164.611] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.611] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0164.611] CoTaskMemFree (pv=0x6b1140) [0164.611] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x26adc00, cb=0x18 | out: lpmodinfo=0x26adc00*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0164.612] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.612] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0164.612] CoTaskMemFree (pv=0x6b0040) [0164.612] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.613] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0164.613] CoTaskMemFree (pv=0x6b2ac0) [0164.614] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x26afda8, cb=0x18 | out: lpmodinfo=0x26afda8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0164.614] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.614] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0164.615] CoTaskMemFree (pv=0x6b1140) [0164.615] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.615] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0164.616] CoTaskMemFree (pv=0x6b3340) [0164.616] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x26b1f60, cb=0x18 | out: lpmodinfo=0x26b1f60*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0164.617] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.617] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0164.617] CoTaskMemFree (pv=0x6b3340) [0164.618] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.618] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0164.618] CoTaskMemFree (pv=0x6b1140) [0164.618] CloseHandle (hObject=0x260) returned 1 [0164.619] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0164.619] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11dc) returned 0x260 [0164.619] EnumProcessModules (in: hProcess=0x260, lphModule=0x26b4678, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26b4678, lpcbNeeded=0x14ef68) returned 1 [0164.620] GetModuleInformation (in: hProcess=0x260, hModule=0xf80000, lpmodinfo=0x26b48e8, cb=0x18 | out: lpmodinfo=0x26b48e8*(lpBaseOfDll=0xf80000, SizeOfImage=0x17000, EntryPoint=0xf814a1)) returned 1 [0164.620] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.620] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xf80000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="action.exe") returned 0xa [0164.620] CoTaskMemFree (pv=0x6b0040) [0164.620] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.621] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xf80000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Mail\\action.exe" (normalized: "c:\\program files (x86)\\windows mail\\action.exe")) returned 0x2e [0164.621] CoTaskMemFree (pv=0x6b19c0) [0164.621] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x26b6ae8, cb=0x18 | out: lpmodinfo=0x26b6ae8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0164.621] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.622] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0164.622] CoTaskMemFree (pv=0x6b0040) [0164.622] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.622] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0164.623] CoTaskMemFree (pv=0x6b08c0) [0164.623] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x26b8c90, cb=0x18 | out: lpmodinfo=0x26b8c90*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0164.623] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.624] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0164.628] CoTaskMemFree (pv=0x6b2ac0) [0164.629] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.630] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0164.631] CoTaskMemFree (pv=0x6b3340) [0164.631] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x26bae38, cb=0x18 | out: lpmodinfo=0x26bae38*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0164.631] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.631] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0164.632] CoTaskMemFree (pv=0x6b0040) [0164.632] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.632] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0164.633] CoTaskMemFree (pv=0x6b0040) [0164.633] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x26bcff0, cb=0x18 | out: lpmodinfo=0x26bcff0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0164.633] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.634] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0164.634] CoTaskMemFree (pv=0x6b19c0) [0164.635] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.635] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0164.635] CoTaskMemFree (pv=0x6b0040) [0164.635] CloseHandle (hObject=0x260) returned 1 [0164.636] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0164.636] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xc78) returned 0x260 [0164.636] EnumProcessModules (in: hProcess=0x260, lphModule=0x26bf708, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26bf708, lpcbNeeded=0x14ef68) returned 1 [0164.637] GetModuleInformation (in: hProcess=0x260, hModule=0xd70000, lpmodinfo=0x26bf978, cb=0x18 | out: lpmodinfo=0x26bf978*(lpBaseOfDll=0xd70000, SizeOfImage=0x17000, EntryPoint=0xd714a1)) returned 1 [0164.637] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.637] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xd70000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="millionperform.exe") returned 0x12 [0164.638] CoTaskMemFree (pv=0x6b1140) [0164.638] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.638] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xd70000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft.NET\\millionperform.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\millionperform.exe")) returned 0x37 [0164.639] CoTaskMemFree (pv=0x6b1140) [0164.639] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x26c1b98, cb=0x18 | out: lpmodinfo=0x26c1b98*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0164.639] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.639] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0164.640] CoTaskMemFree (pv=0x6b3340) [0164.640] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.640] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0164.641] CoTaskMemFree (pv=0x6b0040) [0164.641] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x26c3d40, cb=0x18 | out: lpmodinfo=0x26c3d40*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0164.641] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.641] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0164.642] CoTaskMemFree (pv=0x6b3340) [0164.642] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.642] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0164.643] CoTaskMemFree (pv=0x6b0040) [0164.643] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x26c5ee8, cb=0x18 | out: lpmodinfo=0x26c5ee8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0164.643] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.643] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0164.644] CoTaskMemFree (pv=0x6b1140) [0164.644] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.644] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0164.645] CoTaskMemFree (pv=0x6b3340) [0164.645] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x26c80a0, cb=0x18 | out: lpmodinfo=0x26c80a0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0164.646] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.646] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0164.646] CoTaskMemFree (pv=0x6b0040) [0164.646] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.647] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0164.648] CoTaskMemFree (pv=0x6b2ac0) [0164.648] CloseHandle (hObject=0x260) returned 1 [0164.648] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0164.648] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xd3c) returned 0x260 [0164.648] EnumProcessModules (in: hProcess=0x260, lphModule=0x26ca7b8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26ca7b8, lpcbNeeded=0x14ef68) returned 1 [0164.649] GetModuleInformation (in: hProcess=0x260, hModule=0xc90000, lpmodinfo=0x26caa28, cb=0x18 | out: lpmodinfo=0x26caa28*(lpBaseOfDll=0xc90000, SizeOfImage=0x17000, EntryPoint=0xc914a1)) returned 1 [0164.649] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.649] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xc90000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="becauseotherpower.exe") returned 0x15 [0164.650] CoTaskMemFree (pv=0x6b1140) [0164.650] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.650] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xc90000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\becauseotherpower.exe" (normalized: "c:\\program files\\common files\\becauseotherpower.exe")) returned 0x33 [0164.650] CoTaskMemFree (pv=0x6b0040) [0164.650] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x26ccc48, cb=0x18 | out: lpmodinfo=0x26ccc48*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0164.651] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.651] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0164.651] CoTaskMemFree (pv=0x6b2ac0) [0164.652] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.652] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0164.652] CoTaskMemFree (pv=0x6b19c0) [0164.653] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x26cedf0, cb=0x18 | out: lpmodinfo=0x26cedf0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0164.654] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.654] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0164.654] CoTaskMemFree (pv=0x6b2240) [0164.655] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.655] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0164.655] CoTaskMemFree (pv=0x6b0040) [0164.655] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x26d0f98, cb=0x18 | out: lpmodinfo=0x26d0f98*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0164.656] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.656] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0164.657] CoTaskMemFree (pv=0x6b08c0) [0164.657] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.657] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0164.657] CoTaskMemFree (pv=0x6b1140) [0164.657] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x26d3150, cb=0x18 | out: lpmodinfo=0x26d3150*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0164.658] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.658] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0164.659] CoTaskMemFree (pv=0x6b2ac0) [0164.659] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.660] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0164.660] CoTaskMemFree (pv=0x6b2ac0) [0164.660] CloseHandle (hObject=0x260) returned 1 [0164.661] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0164.661] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1114) returned 0x260 [0164.661] EnumProcessModules (in: hProcess=0x260, lphModule=0x26d5868, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26d5868, lpcbNeeded=0x14ef68) returned 1 [0164.662] GetModuleInformation (in: hProcess=0x260, hModule=0x950000, lpmodinfo=0x26d5ad8, cb=0x18 | out: lpmodinfo=0x26d5ad8*(lpBaseOfDll=0x950000, SizeOfImage=0x17000, EntryPoint=0x9514a1)) returned 1 [0164.662] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.662] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x950000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="afr38.exe") returned 0x9 [0164.663] CoTaskMemFree (pv=0x6b2240) [0164.663] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.663] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x950000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Common Files\\afr38.exe" (normalized: "c:\\program files\\common files\\afr38.exe")) returned 0x27 [0164.663] CoTaskMemFree (pv=0x6b19c0) [0164.664] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x26d7cc8, cb=0x18 | out: lpmodinfo=0x26d7cc8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0164.664] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.664] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0164.664] CoTaskMemFree (pv=0x6b0040) [0164.664] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.667] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0164.668] CoTaskMemFree (pv=0x6b2ac0) [0164.668] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x26d9e70, cb=0x18 | out: lpmodinfo=0x26d9e70*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0164.668] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.668] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0164.669] CoTaskMemFree (pv=0x6b0040) [0164.669] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.669] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0164.670] CoTaskMemFree (pv=0x6b2240) [0164.670] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x26dc018, cb=0x18 | out: lpmodinfo=0x26dc018*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0164.671] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.671] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0164.671] CoTaskMemFree (pv=0x6b0040) [0164.671] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.672] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0164.672] CoTaskMemFree (pv=0x6b2ac0) [0164.672] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x26de1d0, cb=0x18 | out: lpmodinfo=0x26de1d0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0164.673] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.673] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0164.674] CoTaskMemFree (pv=0x6b0040) [0164.674] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.674] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0164.675] CoTaskMemFree (pv=0x6b08c0) [0164.675] CloseHandle (hObject=0x260) returned 1 [0164.675] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0164.675] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x274) returned 0x260 [0164.675] EnumProcessModules (in: hProcess=0x260, lphModule=0x26e08e8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26e08e8, lpcbNeeded=0x14ef68) returned 1 [0164.681] EnumProcessModules (in: hProcess=0x260, lphModule=0x26e0b00, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x26e0b00, lpcbNeeded=0x14ef68) returned 1 [0164.688] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff6a3140000, lpmodinfo=0x26e0f70, cb=0x18 | out: lpmodinfo=0x26e0f70*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0164.689] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.689] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0164.689] CoTaskMemFree (pv=0x6b2ac0) [0164.690] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.690] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff6a3140000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0164.690] CoTaskMemFree (pv=0x6b2ac0) [0164.690] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x26e3150, cb=0x18 | out: lpmodinfo=0x26e3150*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0164.691] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.691] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0164.691] CoTaskMemFree (pv=0x6b08c0) [0164.691] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.692] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0164.692] CoTaskMemFree (pv=0x6b2ac0) [0164.692] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f640000, lpmodinfo=0x26e52f8, cb=0x18 | out: lpmodinfo=0x26e52f8*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0164.693] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.693] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f640000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0164.694] CoTaskMemFree (pv=0x6b3340) [0164.694] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.694] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f640000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0164.695] CoTaskMemFree (pv=0x6b2240) [0164.695] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ce40000, lpmodinfo=0x26e74b0, cb=0x18 | out: lpmodinfo=0x26e74b0*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0164.695] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.696] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0164.696] CoTaskMemFree (pv=0x6b2240) [0164.696] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.697] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ce40000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0164.697] CoTaskMemFree (pv=0x6b2240) [0164.698] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f970000, lpmodinfo=0x26e9668, cb=0x18 | out: lpmodinfo=0x26e9668*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0164.698] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.698] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f970000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0164.699] CoTaskMemFree (pv=0x6b08c0) [0164.699] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.699] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f970000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0164.700] CoTaskMemFree (pv=0x6b1140) [0164.700] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fe80000, lpmodinfo=0x26eb868, cb=0x18 | out: lpmodinfo=0x26eb868*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0164.701] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.701] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0164.702] CoTaskMemFree (pv=0x6b19c0) [0164.702] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.702] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fe80000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0164.703] CoTaskMemFree (pv=0x6b08c0) [0164.703] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b760000, lpmodinfo=0x26eda10, cb=0x18 | out: lpmodinfo=0x26eda10*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0164.704] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.704] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b760000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0164.705] CoTaskMemFree (pv=0x6b08c0) [0164.705] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.705] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b760000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0164.706] CoTaskMemFree (pv=0x6b1140) [0164.706] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b740000, lpmodinfo=0x26efbc8, cb=0x18 | out: lpmodinfo=0x26efbc8*(lpBaseOfDll=0x7ff87b740000, SizeOfImage=0x20000, EntryPoint=0x7ff87b741920)) returned 1 [0164.707] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.707] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b740000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="umpnpmgr.dll") returned 0xc [0164.708] CoTaskMemFree (pv=0x6b19c0) [0164.709] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.709] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b740000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\umpnpmgr.dll" (normalized: "c:\\windows\\system32\\umpnpmgr.dll")) returned 0x20 [0164.710] CoTaskMemFree (pv=0x6b1140) [0164.710] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fde0000, lpmodinfo=0x26f1d80, cb=0x18 | out: lpmodinfo=0x26f1d80*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0164.711] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.711] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0164.712] CoTaskMemFree (pv=0x6b08c0) [0164.712] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.712] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fde0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0164.713] CoTaskMemFree (pv=0x6b08c0) [0164.713] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b710000, lpmodinfo=0x26f3fc0, cb=0x18 | out: lpmodinfo=0x26f3fc0*(lpBaseOfDll=0x7ff87b710000, SizeOfImage=0x22000, EntryPoint=0x7ff87b7175f0)) returned 1 [0164.714] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.714] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b710000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="umpo.dll") returned 0x8 [0164.715] CoTaskMemFree (pv=0x6b1140) [0164.715] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.715] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b710000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\umpo.dll" (normalized: "c:\\windows\\system32\\umpo.dll")) returned 0x1c [0164.717] CoTaskMemFree (pv=0x6b0040) [0164.717] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b6f0000, lpmodinfo=0x26f6168, cb=0x18 | out: lpmodinfo=0x26f6168*(lpBaseOfDll=0x7ff87b6f0000, SizeOfImage=0x16000, EntryPoint=0x7ff87b6f3630)) returned 1 [0164.718] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.718] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b6f0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="umpoext.dll") returned 0xb [0164.719] CoTaskMemFree (pv=0x6b3340) [0164.720] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.720] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b6f0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\umpoext.dll" (normalized: "c:\\windows\\system32\\umpoext.dll")) returned 0x1f [0164.721] CoTaskMemFree (pv=0x6b0040) [0164.721] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c710000, lpmodinfo=0x26f8310, cb=0x18 | out: lpmodinfo=0x26f8310*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0164.722] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.722] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c710000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0164.724] CoTaskMemFree (pv=0x6b2ac0) [0164.724] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.724] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c710000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0164.725] CoTaskMemFree (pv=0x6b0040) [0164.725] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpmodinfo=0x26fa4c8, cb=0x18 | out: lpmodinfo=0x26fa4c8*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0164.726] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.727] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0164.728] CoTaskMemFree (pv=0x6b19c0) [0164.728] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.729] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5f0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0164.730] CoTaskMemFree (pv=0x6b2ac0) [0164.730] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpmodinfo=0x26fc680, cb=0x18 | out: lpmodinfo=0x26fc680*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0164.732] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.732] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0164.733] CoTaskMemFree (pv=0x6b2ac0) [0164.734] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.734] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f6f0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0164.735] CoTaskMemFree (pv=0x6b0040) [0164.735] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d030000, lpmodinfo=0x26fe828, cb=0x18 | out: lpmodinfo=0x26fe828*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0164.736] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.737] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d030000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0164.739] CoTaskMemFree (pv=0x6b3340) [0164.740] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.740] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d030000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0164.741] CoTaskMemFree (pv=0x6b19c0) [0164.742] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b5f0000, lpmodinfo=0x2700a00, cb=0x18 | out: lpmodinfo=0x2700a00*(lpBaseOfDll=0x7ff87b5f0000, SizeOfImage=0xf8000, EntryPoint=0x7ff87b5fd580)) returned 1 [0164.743] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.743] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b5f0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="tdh.dll") returned 0x7 [0164.745] CoTaskMemFree (pv=0x6b3340) [0164.745] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.745] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b5f0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\tdh.dll" (normalized: "c:\\windows\\system32\\tdh.dll")) returned 0x1b [0164.747] CoTaskMemFree (pv=0x6b19c0) [0164.747] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpmodinfo=0x2702b98, cb=0x18 | out: lpmodinfo=0x2702b98*(lpBaseOfDll=0x7ff87b5c0000, SizeOfImage=0x24000, EntryPoint=0x7ff87b5c3260)) returned 1 [0164.749] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.749] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="gpapi.dll") returned 0x9 [0164.751] CoTaskMemFree (pv=0x6b08c0) [0164.751] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.751] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b5c0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0164.752] CoTaskMemFree (pv=0x6b1140) [0164.752] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b5b0000, lpmodinfo=0x2704e58, cb=0x18 | out: lpmodinfo=0x2704e58*(lpBaseOfDll=0x7ff87b5b0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b5b2790)) returned 1 [0164.754] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.754] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b5b0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="HID.DLL") returned 0x7 [0164.756] CoTaskMemFree (pv=0x6b2240) [0164.756] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.757] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b5b0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\HID.DLL" (normalized: "c:\\windows\\system32\\hid.dll")) returned 0x1b [0164.759] CoTaskMemFree (pv=0x6b2ac0) [0164.759] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b4c0000, lpmodinfo=0x2706ff0, cb=0x18 | out: lpmodinfo=0x2706ff0*(lpBaseOfDll=0x7ff87b4c0000, SizeOfImage=0xe3000, EntryPoint=0x7ff87b51e0b0)) returned 1 [0164.761] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.761] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b4c0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="rpcss.dll") returned 0x9 [0164.763] CoTaskMemFree (pv=0x6b3340) [0164.763] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.763] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b4c0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\rpcss.dll" (normalized: "c:\\windows\\system32\\rpcss.dll")) returned 0x1d [0164.765] CoTaskMemFree (pv=0x6b2ac0) [0164.765] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c240000, lpmodinfo=0x2709198, cb=0x18 | out: lpmodinfo=0x2709198*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0164.767] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.767] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c240000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0164.769] CoTaskMemFree (pv=0x6b3340) [0164.769] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.770] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c240000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0164.772] CoTaskMemFree (pv=0x6b19c0) [0164.772] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b3e0000, lpmodinfo=0x270b340, cb=0x18 | out: lpmodinfo=0x270b340*(lpBaseOfDll=0x7ff87b3e0000, SizeOfImage=0x95000, EntryPoint=0x7ff87b4136c0)) returned 1 [0164.775] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.775] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b3e0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="bisrv.dll") returned 0x9 [0164.777] CoTaskMemFree (pv=0x6b3340) [0164.777] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.777] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b3e0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bisrv.dll" (normalized: "c:\\windows\\system32\\bisrv.dll")) returned 0x1d [0164.779] CoTaskMemFree (pv=0x6b0040) [0164.779] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fa80000, lpmodinfo=0x270d4e8, cb=0x18 | out: lpmodinfo=0x270d4e8*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0164.781] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.781] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0164.783] CoTaskMemFree (pv=0x6b0040) [0164.783] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.783] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fa80000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0164.786] CoTaskMemFree (pv=0x6b1140) [0164.786] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bab0000, lpmodinfo=0x270f6a0, cb=0x18 | out: lpmodinfo=0x270f6a0*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0164.789] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.789] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0164.791] CoTaskMemFree (pv=0x6b2240) [0164.791] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.792] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bab0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0164.794] CoTaskMemFree (pv=0x6b3340) [0164.794] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b3b0000, lpmodinfo=0x2711848, cb=0x18 | out: lpmodinfo=0x2711848*(lpBaseOfDll=0x7ff87b3b0000, SizeOfImage=0x30000, EntryPoint=0x7ff87b3bf7c0)) returned 1 [0164.796] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.796] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b3b0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="psmsrv.dll") returned 0xa [0164.799] CoTaskMemFree (pv=0x6b3340) [0164.799] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.799] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b3b0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\psmsrv.dll" (normalized: "c:\\windows\\system32\\psmsrv.dll")) returned 0x1e [0164.801] CoTaskMemFree (pv=0x6b1140) [0164.801] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c640000, lpmodinfo=0x27139f0, cb=0x18 | out: lpmodinfo=0x27139f0*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0164.803] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.804] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c640000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0164.806] CoTaskMemFree (pv=0x6b08c0) [0164.806] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.806] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c640000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0164.809] CoTaskMemFree (pv=0x6b3340) [0164.809] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c430000, lpmodinfo=0x2715bb8, cb=0x18 | out: lpmodinfo=0x2715bb8*(lpBaseOfDll=0x7ff87c430000, SizeOfImage=0x19000, EntryPoint=0x7ff87c435e10)) returned 1 [0164.812] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.813] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c430000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="EventAggregation.dll") returned 0x14 [0164.815] CoTaskMemFree (pv=0x6b2ac0) [0164.815] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.816] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c430000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll")) returned 0x28 [0164.818] CoTaskMemFree (pv=0x6b2ac0) [0164.818] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b380000, lpmodinfo=0x2717d90, cb=0x18 | out: lpmodinfo=0x2717d90*(lpBaseOfDll=0x7ff87b380000, SizeOfImage=0x2a000, EntryPoint=0x7ff87b388b90)) returned 1 [0164.821] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.821] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b380000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="RMCLIENT.dll") returned 0xc [0164.823] CoTaskMemFree (pv=0x6b0040) [0164.823] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.823] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b380000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\RMCLIENT.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")) returned 0x20 [0164.826] CoTaskMemFree (pv=0x6b19c0) [0164.826] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fd30000, lpmodinfo=0x2719f48, cb=0x18 | out: lpmodinfo=0x2719f48*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0164.828] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.828] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0164.831] CoTaskMemFree (pv=0x6b1140) [0164.831] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.831] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fd30000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0164.834] CoTaskMemFree (pv=0x6b19c0) [0164.834] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b280000, lpmodinfo=0x271c100, cb=0x18 | out: lpmodinfo=0x271c100*(lpBaseOfDll=0x7ff87b280000, SizeOfImage=0xbc000, EntryPoint=0x7ff87b2bc480)) returned 1 [0164.837] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.837] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b280000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="lsm.dll") returned 0x7 [0164.839] CoTaskMemFree (pv=0x6b1140) [0164.839] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.840] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b280000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\lsm.dll" (normalized: "c:\\windows\\system32\\lsm.dll")) returned 0x1b [0164.842] CoTaskMemFree (pv=0x6b3340) [0164.843] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b270000, lpmodinfo=0x271e298, cb=0x18 | out: lpmodinfo=0x271e298*(lpBaseOfDll=0x7ff87b270000, SizeOfImage=0xc000, EntryPoint=0x7ff87b272480)) returned 1 [0164.845] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.845] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b270000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="SYSNTFY.dll") returned 0xb [0164.848] CoTaskMemFree (pv=0x6b0040) [0164.848] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.848] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b270000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SYSNTFY.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")) returned 0x1f [0164.851] CoTaskMemFree (pv=0x6b2240) [0164.851] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b1e0000, lpmodinfo=0x2720440, cb=0x18 | out: lpmodinfo=0x2720440*(lpBaseOfDll=0x7ff87b1e0000, SizeOfImage=0x8d000, EntryPoint=0x7ff87b20ac70)) returned 1 [0164.854] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.854] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b1e0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="psmserviceexthost.dll") returned 0x15 [0164.857] CoTaskMemFree (pv=0x6b19c0) [0164.857] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.857] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b1e0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\psmserviceexthost.dll" (normalized: "c:\\windows\\system32\\psmserviceexthost.dll")) returned 0x29 [0164.860] CoTaskMemFree (pv=0x6b1140) [0164.860] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpmodinfo=0x2722618, cb=0x18 | out: lpmodinfo=0x2722618*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0164.863] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.863] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0164.866] CoTaskMemFree (pv=0x6b3340) [0164.866] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.866] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87b0e0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0164.869] CoTaskMemFree (pv=0x6b08c0) [0164.869] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c450000, lpmodinfo=0x27247e0, cb=0x18 | out: lpmodinfo=0x27247e0*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0164.872] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.872] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c450000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0164.875] CoTaskMemFree (pv=0x6b2240) [0164.875] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.875] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c450000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0164.878] CoTaskMemFree (pv=0x6b1140) [0164.878] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bd20000, lpmodinfo=0x2726ba0, cb=0x18 | out: lpmodinfo=0x2726ba0*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0164.882] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.882] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="Userenv.dll") returned 0xb [0164.885] CoTaskMemFree (pv=0x6b2ac0) [0164.885] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.886] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bd20000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Userenv.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0164.890] CoTaskMemFree (pv=0x6b19c0) [0164.890] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpmodinfo=0x2728d48, cb=0x18 | out: lpmodinfo=0x2728d48*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0164.893] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.894] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0164.897] CoTaskMemFree (pv=0x6b19c0) [0164.897] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.897] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c5d0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0164.900] CoTaskMemFree (pv=0x6b2240) [0164.900] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87afe0000, lpmodinfo=0x272aef0, cb=0x18 | out: lpmodinfo=0x272aef0*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0164.903] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.904] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87afe0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0164.907] CoTaskMemFree (pv=0x6b2240) [0164.907] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0164.907] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87afe0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0164.911] CoTaskMemFree (pv=0x6b3340) [0164.911] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87aeb0000, lpmodinfo=0x272d098, cb=0x18 | out: lpmodinfo=0x272d098*(lpBaseOfDll=0x7ff87aeb0000, SizeOfImage=0x63000, EntryPoint=0x7ff87aecc010)) returned 1 [0164.914] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.914] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87aeb0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="systemeventsbrokerserver.dll") returned 0x1c [0164.925] CoTaskMemFree (pv=0x6b2240) [0164.925] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.926] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87aeb0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\systemeventsbrokerserver.dll" (normalized: "c:\\windows\\system32\\systemeventsbrokerserver.dll")) returned 0x30 [0164.929] CoTaskMemFree (pv=0x6b2240) [0164.929] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ae70000, lpmodinfo=0x272f290, cb=0x18 | out: lpmodinfo=0x272f290*(lpBaseOfDll=0x7ff87ae70000, SizeOfImage=0x40000, EntryPoint=0x7ff87ae81960)) returned 1 [0164.932] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.932] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ae70000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="BrokerLib.dll") returned 0xd [0164.936] CoTaskMemFree (pv=0x6b08c0) [0164.936] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.936] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ae70000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")) returned 0x21 [0164.940] CoTaskMemFree (pv=0x6b19c0) [0164.940] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a200000, lpmodinfo=0x2731448, cb=0x18 | out: lpmodinfo=0x2731448*(lpBaseOfDll=0x7ff87a200000, SizeOfImage=0x21000, EntryPoint=0x7ff87a2092a0)) returned 1 [0164.943] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.943] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a200000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="DAB.dll") returned 0x7 [0164.947] CoTaskMemFree (pv=0x6b19c0) [0164.947] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.947] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a200000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DAB.dll" (normalized: "c:\\windows\\system32\\dab.dll")) returned 0x1b [0164.951] CoTaskMemFree (pv=0x6b19c0) [0164.951] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ad00000, lpmodinfo=0x27335e0, cb=0x18 | out: lpmodinfo=0x27335e0*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0164.954] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0164.954] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0164.958] CoTaskMemFree (pv=0x6b08c0) [0164.958] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0164.958] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ad00000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0164.964] CoTaskMemFree (pv=0x6b1140) [0164.964] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpmodinfo=0x2735798, cb=0x18 | out: lpmodinfo=0x2735798*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0164.967] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.967] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0164.971] CoTaskMemFree (pv=0x6b19c0) [0164.971] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.971] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c3d0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0164.975] CoTaskMemFree (pv=0x6b19c0) [0164.975] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpmodinfo=0x2737940, cb=0x18 | out: lpmodinfo=0x2737940*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0164.979] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0164.979] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0164.983] CoTaskMemFree (pv=0x6b2ac0) [0164.983] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0164.983] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f9d0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0164.987] CoTaskMemFree (pv=0x6b19c0) [0164.987] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878150000, lpmodinfo=0x2739ae8, cb=0x18 | out: lpmodinfo=0x2739ae8*(lpBaseOfDll=0x7ff878150000, SizeOfImage=0xc000, EntryPoint=0x7ff878152830)) returned 1 [0164.991] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0164.991] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878150000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="bi.dll") returned 0x6 [0164.996] CoTaskMemFree (pv=0x6b2240) [0164.996] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0164.996] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878150000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")) returned 0x1a [0165.001] CoTaskMemFree (pv=0x6b0040) [0165.001] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff875b40000, lpmodinfo=0x273bc80, cb=0x18 | out: lpmodinfo=0x273bc80*(lpBaseOfDll=0x7ff875b40000, SizeOfImage=0x10000, EntryPoint=0x7ff875b42c60)) returned 1 [0165.005] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.005] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff875b40000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="usermgrcli.dll") returned 0xe [0165.009] CoTaskMemFree (pv=0x6b3340) [0165.009] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.009] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff875b40000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")) returned 0x22 [0165.013] CoTaskMemFree (pv=0x6b19c0) [0165.013] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c060000, lpmodinfo=0x273de38, cb=0x18 | out: lpmodinfo=0x273de38*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0165.017] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.017] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c060000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="CRYPTBASE.DLL") returned 0xd [0165.021] CoTaskMemFree (pv=0x6b08c0) [0165.021] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.021] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c060000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.DLL" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0165.025] CoTaskMemFree (pv=0x6b2240) [0165.025] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ed60000, lpmodinfo=0x273fff0, cb=0x18 | out: lpmodinfo=0x273fff0*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0165.029] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.029] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0165.034] CoTaskMemFree (pv=0x6b19c0) [0165.034] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.035] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ed60000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0165.039] CoTaskMemFree (pv=0x6b2ac0) [0165.039] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpmodinfo=0x2742198, cb=0x18 | out: lpmodinfo=0x2742198*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0165.043] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.043] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0165.047] CoTaskMemFree (pv=0x6b2ac0) [0165.048] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.048] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f3e0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0165.052] CoTaskMemFree (pv=0x6b2ac0) [0165.052] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff879c90000, lpmodinfo=0x2744340, cb=0x18 | out: lpmodinfo=0x2744340*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0165.056] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.056] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff879c90000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0165.060] CoTaskMemFree (pv=0x6b3340) [0165.061] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.061] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff879c90000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0165.065] CoTaskMemFree (pv=0x6b19c0) [0165.065] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873bb0000, lpmodinfo=0x27464f8, cb=0x18 | out: lpmodinfo=0x27464f8*(lpBaseOfDll=0x7ff873bb0000, SizeOfImage=0x10000, EntryPoint=0x7ff873bb23f0)) returned 1 [0165.070] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.070] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873bb0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="BackgroundMediaPolicy.dll") returned 0x19 [0165.074] CoTaskMemFree (pv=0x6b08c0) [0165.074] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.074] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873bb0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\BackgroundMediaPolicy.dll" (normalized: "c:\\windows\\system32\\backgroundmediapolicy.dll")) returned 0x2d [0165.078] CoTaskMemFree (pv=0x6b08c0) [0165.078] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873b80000, lpmodinfo=0x27486e0, cb=0x18 | out: lpmodinfo=0x27486e0*(lpBaseOfDll=0x7ff873b80000, SizeOfImage=0x26000, EntryPoint=0x7ff873b87a80)) returned 1 [0165.085] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.085] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873b80000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ACPBackgroundManagerPolicy.dll") returned 0x1e [0165.089] CoTaskMemFree (pv=0x6b08c0) [0165.089] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.090] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873b80000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ACPBackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\acpbackgroundmanagerpolicy.dll")) returned 0x32 [0165.094] CoTaskMemFree (pv=0x6b2ac0) [0165.096] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873b70000, lpmodinfo=0x274a8d8, cb=0x18 | out: lpmodinfo=0x274a8d8*(lpBaseOfDll=0x7ff873b70000, SizeOfImage=0xc000, EntryPoint=0x7ff873b74b50)) returned 1 [0165.100] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.100] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873b70000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="CbtBackgroundManagerPolicy.dll") returned 0x1e [0165.105] CoTaskMemFree (pv=0x6b3340) [0165.105] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.105] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873b70000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CbtBackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\cbtbackgroundmanagerpolicy.dll")) returned 0x32 [0165.110] CoTaskMemFree (pv=0x6b0040) [0165.110] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873b50000, lpmodinfo=0x274cad0, cb=0x18 | out: lpmodinfo=0x274cad0*(lpBaseOfDll=0x7ff873b50000, SizeOfImage=0x18000, EntryPoint=0x7ff873b53f00)) returned 1 [0165.115] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.115] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873b50000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll") returned 0x41 [0165.119] CoTaskMemFree (pv=0x6b0040) [0165.119] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.119] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873b50000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\windows.networking.backgroundtransfer.backgroundmanagerpolicy.dll")) returned 0x55 [0165.124] CoTaskMemFree (pv=0x6b0040) [0165.124] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873b40000, lpmodinfo=0x274ed58, cb=0x18 | out: lpmodinfo=0x274ed58*(lpBaseOfDll=0x7ff873b40000, SizeOfImage=0xe000, EntryPoint=0x7ff873b422f0)) returned 1 [0165.128] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.128] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873b40000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="SebBackgroundManagerPolicy.dll") returned 0x1e [0165.133] CoTaskMemFree (pv=0x6b1140) [0165.133] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.133] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873b40000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SebBackgroundManagerPolicy.dll" (normalized: "c:\\windows\\system32\\sebbackgroundmanagerpolicy.dll")) returned 0x32 [0165.138] CoTaskMemFree (pv=0x6b2240) [0165.138] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpmodinfo=0x2750f50, cb=0x18 | out: lpmodinfo=0x2750f50*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0165.143] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.143] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0165.148] CoTaskMemFree (pv=0x6b2240) [0165.148] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.148] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87d3a0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0165.153] CoTaskMemFree (pv=0x6b19c0) [0165.153] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87f5d0000, lpmodinfo=0x27530f8, cb=0x18 | out: lpmodinfo=0x27530f8*(lpBaseOfDll=0x7ff87f5d0000, SizeOfImage=0x6f000, EntryPoint=0x7ff87f5f5f70)) returned 1 [0165.158] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.158] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87f5d0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="coml2.dll") returned 0x9 [0165.162] CoTaskMemFree (pv=0x6b2240) [0165.163] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.163] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87f5d0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll")) returned 0x1d [0165.168] CoTaskMemFree (pv=0x6b2240) [0165.168] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873b20000, lpmodinfo=0x27552a0, cb=0x18 | out: lpmodinfo=0x27552a0*(lpBaseOfDll=0x7ff873b20000, SizeOfImage=0x15000, EntryPoint=0x7ff873b21ab0)) returned 1 [0165.172] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.172] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873b20000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="execmodelproxy.dll") returned 0x12 [0165.178] CoTaskMemFree (pv=0x6b08c0) [0165.178] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.178] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873b20000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll")) returned 0x26 [0165.183] CoTaskMemFree (pv=0x6b0040) [0165.183] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c760000, lpmodinfo=0x2757468, cb=0x18 | out: lpmodinfo=0x2757468*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0165.188] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.188] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c760000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0165.193] CoTaskMemFree (pv=0x6b2240) [0165.193] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.193] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c760000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0165.199] CoTaskMemFree (pv=0x6b0040) [0165.199] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87fb50000, lpmodinfo=0x2759630, cb=0x18 | out: lpmodinfo=0x2759630*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0165.204] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.204] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0165.209] CoTaskMemFree (pv=0x6b19c0) [0165.209] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.210] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87fb50000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0165.215] CoTaskMemFree (pv=0x6b3340) [0165.215] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87c650000, lpmodinfo=0x275b7d8, cb=0x18 | out: lpmodinfo=0x275b7d8*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0165.220] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.220] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87c650000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0165.224] CoTaskMemFree (pv=0x6b0040) [0165.224] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.224] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87c650000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0165.230] CoTaskMemFree (pv=0x6b0040) [0165.230] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873f90000, lpmodinfo=0x275d980, cb=0x18 | out: lpmodinfo=0x275d980*(lpBaseOfDll=0x7ff873f90000, SizeOfImage=0x44000, EntryPoint=0x7ff873f9c010)) returned 1 [0165.257] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.258] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873f90000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="execmodelclient.dll") returned 0x13 [0165.262] CoTaskMemFree (pv=0x6b1140) [0165.262] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.263] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873f90000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\execmodelclient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")) returned 0x27 [0165.268] CoTaskMemFree (pv=0x6b19c0) [0165.268] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpmodinfo=0x275fb48, cb=0x18 | out: lpmodinfo=0x275fb48*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0165.274] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.274] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="CoreMessaging.dll") returned 0x11 [0165.279] CoTaskMemFree (pv=0x6b2240) [0165.280] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.280] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87a5e0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0165.285] CoTaskMemFree (pv=0x6b0040) [0165.285] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873b00000, lpmodinfo=0x2761d10, cb=0x18 | out: lpmodinfo=0x2761d10*(lpBaseOfDll=0x7ff873b00000, SizeOfImage=0x11000, EntryPoint=0x7ff873b05e90)) returned 1 [0165.290] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.290] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873b00000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="licensemanagerapi.dll") returned 0x15 [0165.295] CoTaskMemFree (pv=0x6b1140) [0165.295] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.295] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873b00000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\licensemanagerapi.dll" (normalized: "c:\\windows\\system32\\licensemanagerapi.dll")) returned 0x29 [0165.302] CoTaskMemFree (pv=0x6b08c0) [0165.302] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff878e80000, lpmodinfo=0x2763ee8, cb=0x18 | out: lpmodinfo=0x2763ee8*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0165.307] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.307] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff878e80000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0165.379] CoTaskMemFree (pv=0x6b2ac0) [0165.379] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.380] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff878e80000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0165.385] CoTaskMemFree (pv=0x6b3340) [0165.385] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873ae0000, lpmodinfo=0x27660b0, cb=0x18 | out: lpmodinfo=0x27660b0*(lpBaseOfDll=0x7ff873ae0000, SizeOfImage=0x1b000, EntryPoint=0x7ff873aeaf40)) returned 1 [0165.390] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.391] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873ae0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="capauthz.dll") returned 0xc [0165.396] CoTaskMemFree (pv=0x6b2ac0) [0165.396] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.397] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873ae0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll")) returned 0x20 [0165.402] CoTaskMemFree (pv=0x6b3340) [0165.402] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87aa90000, lpmodinfo=0x2768268, cb=0x18 | out: lpmodinfo=0x2768268*(lpBaseOfDll=0x7ff87aa90000, SizeOfImage=0x79000, EntryPoint=0x7ff87aaafb90)) returned 1 [0165.422] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.422] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87aa90000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0165.428] CoTaskMemFree (pv=0x6b0040) [0165.428] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.428] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87aa90000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0165.434] CoTaskMemFree (pv=0x6b19c0) [0165.434] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff8736c0000, lpmodinfo=0x276a828, cb=0x18 | out: lpmodinfo=0x276a828*(lpBaseOfDll=0x7ff8736c0000, SizeOfImage=0x2a3000, EntryPoint=0x7ff8736e6190)) returned 1 [0165.440] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.440] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff8736c0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="Windows.StateRepository.dll") returned 0x1b [0165.445] CoTaskMemFree (pv=0x6b1140) [0165.445] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.445] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff8736c0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")) returned 0x2f [0165.451] CoTaskMemFree (pv=0x6b19c0) [0165.451] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff873620000, lpmodinfo=0x276ca10, cb=0x18 | out: lpmodinfo=0x276ca10*(lpBaseOfDll=0x7ff873620000, SizeOfImage=0x94000, EntryPoint=0x7ff873659210)) returned 1 [0165.457] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.457] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff873620000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="StateRepository.Core.dll") returned 0x18 [0165.463] CoTaskMemFree (pv=0x6b0040) [0165.463] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.464] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff873620000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")) returned 0x2c [0165.469] CoTaskMemFree (pv=0x6b3340) [0165.470] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bf40000, lpmodinfo=0x276ebf8, cb=0x18 | out: lpmodinfo=0x276ebf8*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0165.475] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.475] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0165.481] CoTaskMemFree (pv=0x6b3340) [0165.481] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.481] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bf40000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0165.487] CoTaskMemFree (pv=0x6b1140) [0165.487] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpmodinfo=0x2770da0, cb=0x18 | out: lpmodinfo=0x2770da0*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0165.500] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.500] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0165.507] CoTaskMemFree (pv=0x6b19c0) [0165.507] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.507] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87bbd0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0165.514] CoTaskMemFree (pv=0x6b19c0) [0165.514] CloseHandle (hObject=0x260) returned 1 [0165.514] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0165.514] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x338) returned 0x260 [0165.514] EnumProcessModules (in: hProcess=0x260, lphModule=0x2774a50, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2774a50, lpcbNeeded=0x14ef68) returned 1 [0165.515] GetModuleInformation (in: hProcess=0x260, hModule=0x870000, lpmodinfo=0x2774cc0, cb=0x18 | out: lpmodinfo=0x2774cc0*(lpBaseOfDll=0x870000, SizeOfImage=0x17000, EntryPoint=0x8714a1)) returned 1 [0165.515] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.516] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x870000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="speakhe.exe") returned 0xb [0165.516] CoTaskMemFree (pv=0x6b19c0) [0165.516] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.517] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x870000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\speakhe.exe" (normalized: "c:\\program files (x86)\\windows media player\\speakhe.exe")) returned 0x37 [0165.517] CoTaskMemFree (pv=0x6b2ac0) [0165.517] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2776ed0, cb=0x18 | out: lpmodinfo=0x2776ed0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0165.518] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.518] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0165.518] CoTaskMemFree (pv=0x6b2240) [0165.519] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.519] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0165.519] CoTaskMemFree (pv=0x6b19c0) [0165.519] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x2779078, cb=0x18 | out: lpmodinfo=0x2779078*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0165.520] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.520] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0165.521] CoTaskMemFree (pv=0x6b19c0) [0165.521] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.521] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0165.522] CoTaskMemFree (pv=0x6b3340) [0165.522] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x277b220, cb=0x18 | out: lpmodinfo=0x277b220*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0165.523] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.523] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0165.524] CoTaskMemFree (pv=0x6b2ac0) [0165.524] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.524] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0165.525] CoTaskMemFree (pv=0x6b2ac0) [0165.525] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x277d3d8, cb=0x18 | out: lpmodinfo=0x277d3d8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0165.526] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.526] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0165.526] CoTaskMemFree (pv=0x6b1140) [0165.526] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.526] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0165.527] CoTaskMemFree (pv=0x6b08c0) [0165.527] CloseHandle (hObject=0x260) returned 1 [0165.527] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0165.527] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa24) returned 0x260 [0165.528] EnumProcessModules (in: hProcess=0x260, lphModule=0x277faf0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x277faf0, lpcbNeeded=0x14ef68) returned 1 [0165.531] GetModuleInformation (in: hProcess=0x260, hModule=0xe40000, lpmodinfo=0x277fd60, cb=0x18 | out: lpmodinfo=0x277fd60*(lpBaseOfDll=0xe40000, SizeOfImage=0xe000, EntryPoint=0xe44887)) returned 1 [0165.533] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.533] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xe40000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="SkypeHost.exe") returned 0xd [0165.535] CoTaskMemFree (pv=0x6b2ac0) [0165.535] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.535] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xe40000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsApps\\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\\SkypeHost.exe" (normalized: "c:\\program files\\windowsapps\\microsoft.messaging_1.10.22012.0_x86__8wekyb3d8bbwe\\skypehost.exe")) returned 0x5e [0165.536] CoTaskMemFree (pv=0x6b3340) [0165.537] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2781fc8, cb=0x18 | out: lpmodinfo=0x2781fc8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0165.538] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.538] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0165.540] CoTaskMemFree (pv=0x6b08c0) [0165.540] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.541] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0165.543] CoTaskMemFree (pv=0x6b2240) [0165.543] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x2784170, cb=0x18 | out: lpmodinfo=0x2784170*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0165.545] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.545] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0165.547] CoTaskMemFree (pv=0x6b3340) [0165.548] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.548] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0165.550] CoTaskMemFree (pv=0x6b0040) [0165.550] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x2786318, cb=0x18 | out: lpmodinfo=0x2786318*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0165.553] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.553] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0165.556] CoTaskMemFree (pv=0x6b1140) [0165.556] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.556] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0165.559] CoTaskMemFree (pv=0x6b3340) [0165.559] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x27884d0, cb=0x18 | out: lpmodinfo=0x27884d0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0165.562] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.562] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0165.565] CoTaskMemFree (pv=0x6b1140) [0165.565] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.565] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0165.568] CoTaskMemFree (pv=0x6b3340) [0165.568] CloseHandle (hObject=0x260) returned 1 [0165.569] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0165.569] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1148) returned 0x260 [0165.569] EnumProcessModules (in: hProcess=0x260, lphModule=0x278abe8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x278abe8, lpcbNeeded=0x14ef68) returned 1 [0165.569] GetModuleInformation (in: hProcess=0x260, hModule=0x1260000, lpmodinfo=0x278ae58, cb=0x18 | out: lpmodinfo=0x278ae58*(lpBaseOfDll=0x1260000, SizeOfImage=0x17000, EntryPoint=0x12614a1)) returned 1 [0165.570] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.570] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x1260000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="edcsvr.exe") returned 0xa [0165.570] CoTaskMemFree (pv=0x6b08c0) [0165.570] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.570] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x1260000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Portable Devices\\edcsvr.exe" (normalized: "c:\\program files (x86)\\windows portable devices\\edcsvr.exe")) returned 0x3a [0165.571] CoTaskMemFree (pv=0x6b0040) [0165.571] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x278d070, cb=0x18 | out: lpmodinfo=0x278d070*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0165.571] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.571] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0165.572] CoTaskMemFree (pv=0x6b2240) [0165.572] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.572] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0165.573] CoTaskMemFree (pv=0x6b3340) [0165.573] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x278f218, cb=0x18 | out: lpmodinfo=0x278f218*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0165.574] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.574] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0165.574] CoTaskMemFree (pv=0x6b3340) [0165.575] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.575] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0165.575] CoTaskMemFree (pv=0x6b08c0) [0165.575] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x27913c0, cb=0x18 | out: lpmodinfo=0x27913c0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0165.576] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.576] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0165.577] CoTaskMemFree (pv=0x6b3340) [0165.577] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.578] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0165.578] CoTaskMemFree (pv=0x6b2ac0) [0165.578] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x2793578, cb=0x18 | out: lpmodinfo=0x2793578*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0165.579] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.579] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0165.580] CoTaskMemFree (pv=0x6b3340) [0165.580] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.581] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0165.581] CoTaskMemFree (pv=0x6b19c0) [0165.581] CloseHandle (hObject=0x260) returned 1 [0165.582] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0165.582] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11d4) returned 0x260 [0165.582] EnumProcessModules (in: hProcess=0x260, lphModule=0x2795c90, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2795c90, lpcbNeeded=0x14ef68) returned 1 [0165.583] GetModuleInformation (in: hProcess=0x260, hModule=0xb50000, lpmodinfo=0x2795f00, cb=0x18 | out: lpmodinfo=0x2795f00*(lpBaseOfDll=0xb50000, SizeOfImage=0x17000, EntryPoint=0xb514a1)) returned 1 [0165.583] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.583] GetModuleBaseNameW (in: hProcess=0x260, hModule=0xb50000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="that_customer_tend.exe") returned 0x16 [0165.584] CoTaskMemFree (pv=0x6b08c0) [0165.585] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.585] GetModuleFileNameExW (in: hProcess=0x260, hModule=0xb50000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Defender\\that_customer_tend.exe" (normalized: "c:\\program files (x86)\\windows defender\\that_customer_tend.exe")) returned 0x3e [0165.585] CoTaskMemFree (pv=0x6b19c0) [0165.586] GetModuleInformation (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpmodinfo=0x2798138, cb=0x18 | out: lpmodinfo=0x2798138*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0165.586] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.586] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0165.587] CoTaskMemFree (pv=0x6b3340) [0165.587] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.587] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x7ff87ffa0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0165.588] CoTaskMemFree (pv=0x6b3340) [0165.588] GetModuleInformation (in: hProcess=0x260, hModule=0x66350000, lpmodinfo=0x279a2e0, cb=0x18 | out: lpmodinfo=0x279a2e0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0165.588] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.589] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x66350000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0165.589] CoTaskMemFree (pv=0x6b3340) [0165.589] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.590] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x66350000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0165.591] CoTaskMemFree (pv=0x6b3340) [0165.591] GetModuleInformation (in: hProcess=0x260, hModule=0x662d0000, lpmodinfo=0x279c488, cb=0x18 | out: lpmodinfo=0x279c488*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0165.591] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.591] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x662d0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0165.593] CoTaskMemFree (pv=0x6b2240) [0165.593] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.593] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x662d0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0165.597] CoTaskMemFree (pv=0x6b0040) [0165.597] GetModuleInformation (in: hProcess=0x260, hModule=0x663a0000, lpmodinfo=0x25b06d0, cb=0x18 | out: lpmodinfo=0x25b06d0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0165.598] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.598] GetModuleBaseNameW (in: hProcess=0x260, hModule=0x663a0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0165.599] CoTaskMemFree (pv=0x6b2240) [0165.599] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.599] GetModuleFileNameExW (in: hProcess=0x260, hModule=0x663a0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0165.600] CoTaskMemFree (pv=0x6b19c0) [0165.600] CloseHandle (hObject=0x260) returned 1 [0165.600] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0165.600] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x12d0) returned 0x0 [0165.600] EnumProcesses (in: lpidProcess=0x25b2de8, cb=0x400, lpcbNeeded=0x14ee58 | out: lpidProcess=0x25b2de8, lpcbNeeded=0x14ee58) returned 1 [0165.625] EtwEventRegister () returned 0x0 [0165.628] EtwEventSetInformation () returned 0x0 [0165.650] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1048) returned 0x264 [0165.650] EnumProcessModules (in: hProcess=0x264, lphModule=0x25b6a90, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25b6a90, lpcbNeeded=0x14ef68) returned 1 [0165.651] GetModuleInformation (in: hProcess=0x264, hModule=0x850000, lpmodinfo=0x25b6d00, cb=0x18 | out: lpmodinfo=0x25b6d00*(lpBaseOfDll=0x850000, SizeOfImage=0x17000, EntryPoint=0x8514a1)) returned 1 [0165.651] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.651] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x850000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="leechftp.exe") returned 0xc [0165.651] CoTaskMemFree (pv=0x6b0040) [0165.651] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.652] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x850000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Internet Explorer\\leechftp.exe" (normalized: "c:\\program files\\internet explorer\\leechftp.exe")) returned 0x2f [0165.652] CoTaskMemFree (pv=0x6b2ac0) [0165.652] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpmodinfo=0x25b8f08, cb=0x18 | out: lpmodinfo=0x25b8f08*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0165.653] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.653] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0165.653] CoTaskMemFree (pv=0x6b08c0) [0165.653] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.654] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0165.654] CoTaskMemFree (pv=0x6b2240) [0165.654] GetModuleInformation (in: hProcess=0x264, hModule=0x66350000, lpmodinfo=0x25bb0b0, cb=0x18 | out: lpmodinfo=0x25bb0b0*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0165.656] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.656] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x66350000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0165.657] CoTaskMemFree (pv=0x6b19c0) [0165.657] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.657] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x66350000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0165.658] CoTaskMemFree (pv=0x6b3340) [0165.658] GetModuleInformation (in: hProcess=0x264, hModule=0x662d0000, lpmodinfo=0x25bd258, cb=0x18 | out: lpmodinfo=0x25bd258*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0165.658] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.659] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x662d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0165.659] CoTaskMemFree (pv=0x6b2ac0) [0165.659] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.660] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x662d0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0165.660] CoTaskMemFree (pv=0x6b1140) [0165.660] GetModuleInformation (in: hProcess=0x264, hModule=0x663a0000, lpmodinfo=0x25bf410, cb=0x18 | out: lpmodinfo=0x25bf410*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0165.661] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.661] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x663a0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0165.662] CoTaskMemFree (pv=0x6b19c0) [0165.662] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.662] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x663a0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0165.663] CoTaskMemFree (pv=0x6b2ac0) [0165.663] CloseHandle (hObject=0x264) returned 1 [0165.664] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0165.664] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x110c) returned 0x264 [0165.664] EnumProcessModules (in: hProcess=0x264, lphModule=0x25c1b28, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25c1b28, lpcbNeeded=0x14ef68) returned 1 [0165.665] GetModuleInformation (in: hProcess=0x264, hModule=0x1320000, lpmodinfo=0x25c1d98, cb=0x18 | out: lpmodinfo=0x25c1d98*(lpBaseOfDll=0x1320000, SizeOfImage=0x17000, EntryPoint=0x13214a1)) returned 1 [0165.665] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.665] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x1320000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="accupos.exe") returned 0xb [0165.665] CoTaskMemFree (pv=0x6b1140) [0165.665] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.665] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x1320000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Defender\\accupos.exe" (normalized: "c:\\program files (x86)\\windows defender\\accupos.exe")) returned 0x33 [0165.666] CoTaskMemFree (pv=0x6b08c0) [0165.666] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpmodinfo=0x25c3fa0, cb=0x18 | out: lpmodinfo=0x25c3fa0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0165.666] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.666] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0165.667] CoTaskMemFree (pv=0x6b2240) [0165.667] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.667] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0165.668] CoTaskMemFree (pv=0x6b08c0) [0165.668] GetModuleInformation (in: hProcess=0x264, hModule=0x66350000, lpmodinfo=0x25c6148, cb=0x18 | out: lpmodinfo=0x25c6148*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0165.668] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.668] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x66350000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0165.669] CoTaskMemFree (pv=0x6b08c0) [0165.669] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.669] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x66350000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0165.670] CoTaskMemFree (pv=0x6b19c0) [0165.670] GetModuleInformation (in: hProcess=0x264, hModule=0x662d0000, lpmodinfo=0x25c82f0, cb=0x18 | out: lpmodinfo=0x25c82f0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0165.670] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.670] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x662d0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0165.671] CoTaskMemFree (pv=0x6b08c0) [0165.671] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.671] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x662d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0165.672] CoTaskMemFree (pv=0x6b2ac0) [0165.672] GetModuleInformation (in: hProcess=0x264, hModule=0x663a0000, lpmodinfo=0x25ca4a8, cb=0x18 | out: lpmodinfo=0x25ca4a8*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0165.673] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.673] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x663a0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0165.674] CoTaskMemFree (pv=0x6b1140) [0165.674] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.674] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x663a0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0165.675] CoTaskMemFree (pv=0x6b1140) [0165.675] CloseHandle (hObject=0x264) returned 1 [0165.675] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0165.675] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x57c) returned 0x264 [0165.675] EnumProcessModules (in: hProcess=0x264, lphModule=0x25ccbc0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25ccbc0, lpcbNeeded=0x14ef68) returned 1 [0165.676] GetModuleInformation (in: hProcess=0x264, hModule=0x400000, lpmodinfo=0x25cce30, cb=0x18 | out: lpmodinfo=0x25cce30*(lpBaseOfDll=0x400000, SizeOfImage=0xc000, EntryPoint=0x0)) returned 1 [0165.676] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.676] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x400000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0165.676] CoTaskMemFree (pv=0x6b0040) [0165.676] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.676] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x400000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\svchost.exe")) returned 0x31 [0165.676] CoTaskMemFree (pv=0x6b2240) [0165.677] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpmodinfo=0x25cf038, cb=0x18 | out: lpmodinfo=0x25cf038*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0165.677] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.677] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0165.677] CoTaskMemFree (pv=0x6b0040) [0165.677] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.677] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0165.677] CoTaskMemFree (pv=0x6b3340) [0165.678] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff865560000, lpmodinfo=0x25d11e0, cb=0x18 | out: lpmodinfo=0x25d11e0*(lpBaseOfDll=0x7ff865560000, SizeOfImage=0x68000, EntryPoint=0x7ff865564970)) returned 1 [0165.678] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.678] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff865560000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="MSCOREE.DLL") returned 0xb [0165.678] CoTaskMemFree (pv=0x6b0040) [0165.678] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.678] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff865560000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSCOREE.DLL" (normalized: "c:\\windows\\system32\\mscoree.dll")) returned 0x1f [0165.678] CoTaskMemFree (pv=0x6b2240) [0165.679] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f640000, lpmodinfo=0x25d3388, cb=0x18 | out: lpmodinfo=0x25d3388*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0165.679] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.679] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f640000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="KERNEL32.dll") returned 0xc [0165.679] CoTaskMemFree (pv=0x6b3340) [0165.679] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.680] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f640000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.dll" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0165.680] CoTaskMemFree (pv=0x6b19c0) [0165.680] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ce40000, lpmodinfo=0x25d5540, cb=0x18 | out: lpmodinfo=0x25d5540*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0165.680] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.680] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ce40000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0165.681] CoTaskMemFree (pv=0x6b0040) [0165.681] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.681] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ce40000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0165.681] CoTaskMemFree (pv=0x6b19c0) [0165.681] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87aa90000, lpmodinfo=0x25d7750, cb=0x18 | out: lpmodinfo=0x25d7750*(lpBaseOfDll=0x7ff87aa90000, SizeOfImage=0x79000, EntryPoint=0x7ff87aaafb90)) returned 1 [0165.682] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.682] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87aa90000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0165.682] CoTaskMemFree (pv=0x6b19c0) [0165.682] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.682] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87aa90000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0165.683] CoTaskMemFree (pv=0x6b1140) [0165.683] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fd30000, lpmodinfo=0x25d98f8, cb=0x18 | out: lpmodinfo=0x25d98f8*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0165.683] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.683] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fd30000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ADVAPI32.dll") returned 0xc [0165.683] CoTaskMemFree (pv=0x6b08c0) [0165.683] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.683] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fd30000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ADVAPI32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0165.684] CoTaskMemFree (pv=0x6b3340) [0165.684] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fde0000, lpmodinfo=0x25dbab0, cb=0x18 | out: lpmodinfo=0x25dbab0*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0165.684] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.684] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fde0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0165.685] CoTaskMemFree (pv=0x6b2240) [0165.685] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.685] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fde0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0165.685] CoTaskMemFree (pv=0x6b2240) [0165.686] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f970000, lpmodinfo=0x25ddc58, cb=0x18 | out: lpmodinfo=0x25ddc58*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0165.686] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.686] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f970000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0165.686] CoTaskMemFree (pv=0x6b0040) [0165.686] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.686] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f970000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0165.686] CoTaskMemFree (pv=0x6b0040) [0165.687] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fe80000, lpmodinfo=0x25dfe98, cb=0x18 | out: lpmodinfo=0x25dfe98*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0165.687] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.687] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fe80000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0165.687] CoTaskMemFree (pv=0x6b2240) [0165.687] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.688] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fe80000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0165.688] CoTaskMemFree (pv=0x6b3340) [0165.688] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8654c0000, lpmodinfo=0x25e2040, cb=0x18 | out: lpmodinfo=0x25e2040*(lpBaseOfDll=0x7ff8654c0000, SizeOfImage=0x98000, EntryPoint=0x7ff8654c1000)) returned 1 [0165.688] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.689] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8654c0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="mscoreei.dll") returned 0xc [0165.689] CoTaskMemFree (pv=0x6b08c0) [0165.689] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.689] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8654c0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll")) returned 0x3c [0165.689] CoTaskMemFree (pv=0x6b1140) [0165.689] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fb50000, lpmodinfo=0x25e4230, cb=0x18 | out: lpmodinfo=0x25e4230*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0165.690] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.690] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fb50000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0165.690] CoTaskMemFree (pv=0x6b19c0) [0165.691] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.691] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fb50000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0165.691] CoTaskMemFree (pv=0x6b0040) [0165.691] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f6f0000, lpmodinfo=0x25e63d8, cb=0x18 | out: lpmodinfo=0x25e63d8*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0165.691] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.692] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f6f0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0165.692] CoTaskMemFree (pv=0x6b2ac0) [0165.692] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.693] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f6f0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0165.693] CoTaskMemFree (pv=0x6b2ac0) [0165.693] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d030000, lpmodinfo=0x25e8580, cb=0x18 | out: lpmodinfo=0x25e8580*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0165.694] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.694] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d030000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0165.694] CoTaskMemFree (pv=0x6b2240) [0165.694] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.694] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d030000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0165.695] CoTaskMemFree (pv=0x6b1140) [0165.695] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f3e0000, lpmodinfo=0x25ea758, cb=0x18 | out: lpmodinfo=0x25ea758*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0165.695] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.695] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f3e0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0165.696] CoTaskMemFree (pv=0x6b1140) [0165.696] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.696] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f3e0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0165.696] CoTaskMemFree (pv=0x6b3340) [0165.696] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ed60000, lpmodinfo=0x25ec900, cb=0x18 | out: lpmodinfo=0x25ec900*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0165.697] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.697] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ed60000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0165.697] CoTaskMemFree (pv=0x6b2240) [0165.698] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.698] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ed60000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0165.698] CoTaskMemFree (pv=0x6b2240) [0165.698] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d4f0000, lpmodinfo=0x25eeaa8, cb=0x18 | out: lpmodinfo=0x25eeaa8*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0165.699] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.699] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d4f0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0165.699] CoTaskMemFree (pv=0x6b0040) [0165.699] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.699] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d4f0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0165.700] CoTaskMemFree (pv=0x6b19c0) [0165.700] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c640000, lpmodinfo=0x25f0d68, cb=0x18 | out: lpmodinfo=0x25f0d68*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0165.701] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.701] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c640000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0165.701] CoTaskMemFree (pv=0x6b3340) [0165.702] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.703] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c640000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0165.704] CoTaskMemFree (pv=0x6b2ac0) [0165.704] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff870d80000, lpmodinfo=0x25f2f30, cb=0x18 | out: lpmodinfo=0x25f2f30*(lpBaseOfDll=0x7ff870d80000, SizeOfImage=0xa000, EntryPoint=0x7ff870d81350)) returned 1 [0165.704] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.705] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff870d80000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0165.705] CoTaskMemFree (pv=0x6b2ac0) [0165.705] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.705] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff870d80000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0165.706] CoTaskMemFree (pv=0x6b1140) [0165.706] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff85fa20000, lpmodinfo=0x25f50d8, cb=0x18 | out: lpmodinfo=0x25f50d8*(lpBaseOfDll=0x7ff85fa20000, SizeOfImage=0x98e000, EntryPoint=0x7ff85fb4d9f0)) returned 1 [0165.706] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.706] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff85fa20000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="clr.dll") returned 0x7 [0165.707] CoTaskMemFree (pv=0x6b3340) [0165.707] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.707] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff85fa20000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clr.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clr.dll")) returned 0x37 [0165.708] CoTaskMemFree (pv=0x6b08c0) [0165.708] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff873350000, lpmodinfo=0x25f72a8, cb=0x18 | out: lpmodinfo=0x25f72a8*(lpBaseOfDll=0x7ff873350000, SizeOfImage=0xf7000, EntryPoint=0x7ff873374d80)) returned 1 [0165.708] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.708] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff873350000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="MSVCR120_CLR0400.dll") returned 0x14 [0165.709] CoTaskMemFree (pv=0x6b2ac0) [0165.709] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.709] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff873350000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MSVCR120_CLR0400.dll" (normalized: "c:\\windows\\system32\\msvcr120_clr0400.dll")) returned 0x28 [0165.710] CoTaskMemFree (pv=0x6b0040) [0165.710] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff85e550000, lpmodinfo=0x25f9480, cb=0x18 | out: lpmodinfo=0x25f9480*(lpBaseOfDll=0x7ff85e550000, SizeOfImage=0x14c6000, EntryPoint=0x0)) returned 1 [0165.710] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.710] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff85e550000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="mscorlib.ni.dll") returned 0xf [0165.711] CoTaskMemFree (pv=0x6b0040) [0165.711] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.711] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff85e550000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\mscorlib\\e24742a3939bece9db8105d99720b0e0\\mscorlib.ni.dll")) returned 0x68 [0165.711] CoTaskMemFree (pv=0x6b08c0) [0165.711] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d3a0000, lpmodinfo=0x25fb6c8, cb=0x18 | out: lpmodinfo=0x25fb6c8*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0165.712] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.712] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d3a0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0165.713] CoTaskMemFree (pv=0x6b1140) [0165.713] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.713] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d3a0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0165.714] CoTaskMemFree (pv=0x6b2ac0) [0165.714] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff873240000, lpmodinfo=0x25fd870, cb=0x18 | out: lpmodinfo=0x25fd870*(lpBaseOfDll=0x7ff873240000, SizeOfImage=0x105000, EntryPoint=0x7ff87324107c)) returned 1 [0165.714] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.714] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff873240000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="clrjit.dll") returned 0xa [0165.715] CoTaskMemFree (pv=0x6b19c0) [0165.715] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.715] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff873240000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\clrjit.dll" (normalized: "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\clrjit.dll")) returned 0x3a [0165.716] CoTaskMemFree (pv=0x6b19c0) [0165.716] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fa80000, lpmodinfo=0x25ffa50, cb=0x18 | out: lpmodinfo=0x25ffa50*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0165.717] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.717] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fa80000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0165.717] CoTaskMemFree (pv=0x6b0040) [0165.717] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.717] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fa80000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0165.718] CoTaskMemFree (pv=0x6b19c0) [0165.718] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8606d0000, lpmodinfo=0x2601c08, cb=0x18 | out: lpmodinfo=0x2601c08*(lpBaseOfDll=0x7ff8606d0000, SizeOfImage=0xc14000, EntryPoint=0x0)) returned 1 [0165.719] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.719] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8606d0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="System.ni.dll") returned 0xd [0165.719] CoTaskMemFree (pv=0x6b08c0) [0165.719] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.720] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8606d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\assembly\\NativeImages_v4.0.30319_64\\System\\cb0700ff6398b8e9d0d936cfc4894ba1\\System.ni.dll" (normalized: "c:\\windows\\assembly\\nativeimages_v4.0.30319_64\\system\\cb0700ff6398b8e9d0d936cfc4894ba1\\system.ni.dll")) returned 0x64 [0165.720] CoTaskMemFree (pv=0x6b2ac0) [0165.720] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c240000, lpmodinfo=0x2603e48, cb=0x18 | out: lpmodinfo=0x2603e48*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0165.721] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.721] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c240000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0165.722] CoTaskMemFree (pv=0x6b3340) [0165.722] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.722] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c240000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0165.723] CoTaskMemFree (pv=0x6b0040) [0165.723] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87eec0000, lpmodinfo=0x2605ff0, cb=0x18 | out: lpmodinfo=0x2605ff0*(lpBaseOfDll=0x7ff87eec0000, SizeOfImage=0x8000, EntryPoint=0x7ff87eec10b0)) returned 1 [0165.723] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.724] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87eec0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="psapi.dll") returned 0x9 [0165.724] CoTaskMemFree (pv=0x6b0040) [0165.724] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.724] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87eec0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\psapi.dll" (normalized: "c:\\windows\\system32\\psapi.dll")) returned 0x1d [0165.725] CoTaskMemFree (pv=0x6b1140) [0165.725] CloseHandle (hObject=0x264) returned 1 [0165.725] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0165.727] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1040) returned 0x264 [0165.727] EnumProcessModules (in: hProcess=0x264, lphModule=0x2608e88, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2608e88, lpcbNeeded=0x14ef68) returned 1 [0165.728] GetModuleInformation (in: hProcess=0x264, hModule=0x1280000, lpmodinfo=0x26090f8, cb=0x18 | out: lpmodinfo=0x26090f8*(lpBaseOfDll=0x1280000, SizeOfImage=0x17000, EntryPoint=0x12814a1)) returned 1 [0165.728] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.728] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x1280000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="icq.exe") returned 0x7 [0165.729] CoTaskMemFree (pv=0x6b0040) [0165.729] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.729] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x1280000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows NT\\icq.exe" (normalized: "c:\\program files\\windows nt\\icq.exe")) returned 0x23 [0165.729] CoTaskMemFree (pv=0x6b2240) [0165.730] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpmodinfo=0x260b2d8, cb=0x18 | out: lpmodinfo=0x260b2d8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0165.730] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.730] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0165.731] CoTaskMemFree (pv=0x6b2240) [0165.731] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.731] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0165.732] CoTaskMemFree (pv=0x6b19c0) [0165.732] GetModuleInformation (in: hProcess=0x264, hModule=0x66350000, lpmodinfo=0x260d480, cb=0x18 | out: lpmodinfo=0x260d480*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0165.732] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.732] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x66350000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0165.733] CoTaskMemFree (pv=0x6b08c0) [0165.733] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.733] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x66350000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0165.734] CoTaskMemFree (pv=0x6b19c0) [0165.734] GetModuleInformation (in: hProcess=0x264, hModule=0x662d0000, lpmodinfo=0x260f628, cb=0x18 | out: lpmodinfo=0x260f628*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0165.735] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.735] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x662d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0165.736] CoTaskMemFree (pv=0x6b2ac0) [0165.736] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.736] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x662d0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0165.737] CoTaskMemFree (pv=0x6b3340) [0165.737] GetModuleInformation (in: hProcess=0x264, hModule=0x663a0000, lpmodinfo=0x26117e0, cb=0x18 | out: lpmodinfo=0x26117e0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0165.737] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.738] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x663a0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0165.738] CoTaskMemFree (pv=0x6b3340) [0165.739] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.739] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x663a0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0165.740] CoTaskMemFree (pv=0x6b2240) [0165.740] CloseHandle (hObject=0x264) returned 1 [0165.740] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0165.740] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1104) returned 0x264 [0165.740] EnumProcessModules (in: hProcess=0x264, lphModule=0x2613ef8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2613ef8, lpcbNeeded=0x14ef68) returned 1 [0165.741] GetModuleInformation (in: hProcess=0x264, hModule=0x130000, lpmodinfo=0x2614168, cb=0x18 | out: lpmodinfo=0x2614168*(lpBaseOfDll=0x130000, SizeOfImage=0x17000, EntryPoint=0x1314a1)) returned 1 [0165.742] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.742] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x130000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="active-charge.exe") returned 0x11 [0165.742] CoTaskMemFree (pv=0x6b1140) [0165.742] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.742] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x130000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsPowerShell\\active-charge.exe" (normalized: "c:\\program files\\windowspowershell\\active-charge.exe")) returned 0x34 [0165.743] CoTaskMemFree (pv=0x6b08c0) [0165.743] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpmodinfo=0x2616388, cb=0x18 | out: lpmodinfo=0x2616388*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0165.743] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.743] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0165.744] CoTaskMemFree (pv=0x6b0040) [0165.744] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.744] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0165.745] CoTaskMemFree (pv=0x6b2ac0) [0165.745] GetModuleInformation (in: hProcess=0x264, hModule=0x66350000, lpmodinfo=0x2618530, cb=0x18 | out: lpmodinfo=0x2618530*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0165.745] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.745] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x66350000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0165.746] CoTaskMemFree (pv=0x6b1140) [0165.746] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.746] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x66350000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0165.746] CoTaskMemFree (pv=0x6b0040) [0165.746] GetModuleInformation (in: hProcess=0x264, hModule=0x662d0000, lpmodinfo=0x261a6d8, cb=0x18 | out: lpmodinfo=0x261a6d8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0165.747] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.747] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x662d0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0165.748] CoTaskMemFree (pv=0x6b3340) [0165.748] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.748] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x662d0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0165.749] CoTaskMemFree (pv=0x6b3340) [0165.749] GetModuleInformation (in: hProcess=0x264, hModule=0x663a0000, lpmodinfo=0x261c890, cb=0x18 | out: lpmodinfo=0x261c890*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0165.750] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.750] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x663a0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0165.750] CoTaskMemFree (pv=0x6b1140) [0165.751] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.751] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x663a0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0165.752] CoTaskMemFree (pv=0x6b19c0) [0165.752] CloseHandle (hObject=0x264) returned 1 [0165.752] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0165.752] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11c8) returned 0x264 [0165.752] EnumProcessModules (in: hProcess=0x264, lphModule=0x261efa8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x261efa8, lpcbNeeded=0x14ef68) returned 1 [0165.753] GetModuleInformation (in: hProcess=0x264, hModule=0x11f0000, lpmodinfo=0x261f218, cb=0x18 | out: lpmodinfo=0x261f218*(lpBaseOfDll=0x11f0000, SizeOfImage=0x17000, EntryPoint=0x11f14a1)) returned 1 [0165.753] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.753] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x11f0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="if sometimes.exe") returned 0x10 [0165.754] CoTaskMemFree (pv=0x6b08c0) [0165.754] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.754] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x11f0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsPowerShell\\if sometimes.exe" (normalized: "c:\\program files\\windowspowershell\\if sometimes.exe")) returned 0x33 [0165.754] CoTaskMemFree (pv=0x6b3340) [0165.755] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpmodinfo=0x2621430, cb=0x18 | out: lpmodinfo=0x2621430*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0165.755] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.755] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0165.756] CoTaskMemFree (pv=0x6b19c0) [0165.766] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.766] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0165.767] CoTaskMemFree (pv=0x6b08c0) [0165.767] GetModuleInformation (in: hProcess=0x264, hModule=0x66350000, lpmodinfo=0x26235d8, cb=0x18 | out: lpmodinfo=0x26235d8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0165.767] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.767] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x66350000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0165.768] CoTaskMemFree (pv=0x6b0040) [0165.768] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.768] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x66350000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0165.769] CoTaskMemFree (pv=0x6b3340) [0165.769] GetModuleInformation (in: hProcess=0x264, hModule=0x662d0000, lpmodinfo=0x2625780, cb=0x18 | out: lpmodinfo=0x2625780*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0165.770] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.770] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x662d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0165.770] CoTaskMemFree (pv=0x6b1140) [0165.770] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.770] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x662d0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0165.771] CoTaskMemFree (pv=0x6b08c0) [0165.771] GetModuleInformation (in: hProcess=0x264, hModule=0x663a0000, lpmodinfo=0x2627938, cb=0x18 | out: lpmodinfo=0x2627938*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0165.772] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.772] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x663a0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0165.773] CoTaskMemFree (pv=0x6b08c0) [0165.773] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.773] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x663a0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0165.774] CoTaskMemFree (pv=0x6b08c0) [0165.774] CloseHandle (hObject=0x264) returned 1 [0165.774] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0165.774] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x3e8) returned 0x264 [0165.775] EnumProcessModules (in: hProcess=0x264, lphModule=0x262a050, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x262a050, lpcbNeeded=0x14ef68) returned 1 [0165.792] EnumProcessModules (in: hProcess=0x264, lphModule=0x262a268, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x262a268, lpcbNeeded=0x14ef68) returned 1 [0165.812] EnumProcessModules (in: hProcess=0x264, lphModule=0x262a680, cb=0x800, lpcbNeeded=0x14ef68 | out: lphModule=0x262a680, lpcbNeeded=0x14ef68) returned 1 [0165.829] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff6a3140000, lpmodinfo=0x262aef0, cb=0x18 | out: lpmodinfo=0x262aef0*(lpBaseOfDll=0x7ff6a3140000, SizeOfImage=0xd000, EntryPoint=0x7ff6a3143980)) returned 1 [0165.829] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.829] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff6a3140000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="svchost.exe") returned 0xb [0165.830] CoTaskMemFree (pv=0x6b0040) [0165.830] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.830] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff6a3140000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\svchost.exe" (normalized: "c:\\windows\\system32\\svchost.exe")) returned 0x1f [0165.830] CoTaskMemFree (pv=0x6b2240) [0165.831] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpmodinfo=0x262d0d0, cb=0x18 | out: lpmodinfo=0x262d0d0*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0165.831] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.831] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0165.832] CoTaskMemFree (pv=0x6b08c0) [0165.832] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.832] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0165.832] CoTaskMemFree (pv=0x6b3340) [0165.832] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f640000, lpmodinfo=0x262f278, cb=0x18 | out: lpmodinfo=0x262f278*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0165.833] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.833] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f640000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0165.834] CoTaskMemFree (pv=0x6b2240) [0165.834] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.834] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f640000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0165.834] CoTaskMemFree (pv=0x6b1140) [0165.835] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ce40000, lpmodinfo=0x2631430, cb=0x18 | out: lpmodinfo=0x2631430*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0165.835] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.835] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ce40000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0165.836] CoTaskMemFree (pv=0x6b2ac0) [0165.836] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.837] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ce40000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0165.837] CoTaskMemFree (pv=0x6b2ac0) [0165.837] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f970000, lpmodinfo=0x26335e8, cb=0x18 | out: lpmodinfo=0x26335e8*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0165.838] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.838] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f970000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0165.839] CoTaskMemFree (pv=0x6b3340) [0165.839] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.840] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f970000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0165.840] CoTaskMemFree (pv=0x6b2ac0) [0165.841] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fe80000, lpmodinfo=0x26357e8, cb=0x18 | out: lpmodinfo=0x26357e8*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0165.841] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.842] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fe80000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0165.842] CoTaskMemFree (pv=0x6b3340) [0165.843] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.843] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fe80000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0165.843] CoTaskMemFree (pv=0x6b0040) [0165.843] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87b760000, lpmodinfo=0x2637990, cb=0x18 | out: lpmodinfo=0x2637990*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0165.844] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.845] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87b760000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0165.846] CoTaskMemFree (pv=0x6b19c0) [0165.846] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.846] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87b760000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0165.847] CoTaskMemFree (pv=0x6b2240) [0165.847] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f6f0000, lpmodinfo=0x2639b48, cb=0x18 | out: lpmodinfo=0x2639b48*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0165.848] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.848] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f6f0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0165.849] CoTaskMemFree (pv=0x6b2240) [0165.849] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.849] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f6f0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0165.850] CoTaskMemFree (pv=0x6b1140) [0165.850] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fde0000, lpmodinfo=0x263bcf0, cb=0x18 | out: lpmodinfo=0x263bcf0*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0165.851] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.852] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fde0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0165.853] CoTaskMemFree (pv=0x6b19c0) [0165.853] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.853] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fde0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0165.854] CoTaskMemFree (pv=0x6b2240) [0165.854] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d030000, lpmodinfo=0x263df30, cb=0x18 | out: lpmodinfo=0x263df30*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0165.855] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.855] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d030000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0165.857] CoTaskMemFree (pv=0x6b2240) [0165.857] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.857] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d030000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0165.858] CoTaskMemFree (pv=0x6b2240) [0165.859] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c640000, lpmodinfo=0x2640108, cb=0x18 | out: lpmodinfo=0x2640108*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0165.860] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.860] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c640000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0165.861] CoTaskMemFree (pv=0x6b08c0) [0165.861] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.861] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c640000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0165.862] CoTaskMemFree (pv=0x6b3340) [0165.862] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ed60000, lpmodinfo=0x26422d0, cb=0x18 | out: lpmodinfo=0x26422d0*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0165.864] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.864] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ed60000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="user32.dll") returned 0xa [0165.865] CoTaskMemFree (pv=0x6b3340) [0165.865] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.865] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ed60000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\user32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0165.867] CoTaskMemFree (pv=0x6b08c0) [0165.867] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f3e0000, lpmodinfo=0x2644478, cb=0x18 | out: lpmodinfo=0x2644478*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0165.868] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.868] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f3e0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0165.869] CoTaskMemFree (pv=0x6b08c0) [0165.869] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.870] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f3e0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0165.871] CoTaskMemFree (pv=0x6b19c0) [0165.871] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878de0000, lpmodinfo=0x2646620, cb=0x18 | out: lpmodinfo=0x2646620*(lpBaseOfDll=0x7ff878de0000, SizeOfImage=0xb000, EntryPoint=0x7ff878de1770)) returned 1 [0165.873] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.873] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878de0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="lfsvc.dll") returned 0x9 [0165.874] CoTaskMemFree (pv=0x6b08c0) [0165.874] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.874] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878de0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\lfsvc.dll" (normalized: "c:\\windows\\system32\\lfsvc.dll")) returned 0x1d [0165.876] CoTaskMemFree (pv=0x6b2240) [0165.876] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878e80000, lpmodinfo=0x26487c8, cb=0x18 | out: lpmodinfo=0x26487c8*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0165.877] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.877] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878e80000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0165.880] CoTaskMemFree (pv=0x6b08c0) [0165.880] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.880] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878e80000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0165.882] CoTaskMemFree (pv=0x6b1140) [0165.882] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878c60000, lpmodinfo=0x264a990, cb=0x18 | out: lpmodinfo=0x264a990*(lpBaseOfDll=0x7ff878c60000, SizeOfImage=0x17c000, EntryPoint=0x7ff878cb1650)) returned 1 [0165.883] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.883] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878c60000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="LocationFramework.dll") returned 0x15 [0165.885] CoTaskMemFree (pv=0x6b2240) [0165.885] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.885] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878c60000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\LocationFramework.dll" (normalized: "c:\\windows\\system32\\locationframework.dll")) returned 0x29 [0165.887] CoTaskMemFree (pv=0x6b2240) [0165.887] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fa80000, lpmodinfo=0x264cb68, cb=0x18 | out: lpmodinfo=0x264cb68*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0165.889] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.889] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fa80000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0165.891] CoTaskMemFree (pv=0x6b2ac0) [0165.891] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.891] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fa80000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0165.893] CoTaskMemFree (pv=0x6b2240) [0165.893] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c5f0000, lpmodinfo=0x264ee38, cb=0x18 | out: lpmodinfo=0x264ee38*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0165.895] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.895] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c5f0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0165.897] CoTaskMemFree (pv=0x6b08c0) [0165.897] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.897] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c5f0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0165.899] CoTaskMemFree (pv=0x6b1140) [0165.899] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fd30000, lpmodinfo=0x2650ff0, cb=0x18 | out: lpmodinfo=0x2650ff0*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0165.900] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.901] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fd30000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0165.902] CoTaskMemFree (pv=0x6b2ac0) [0165.903] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.903] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fd30000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0165.904] CoTaskMemFree (pv=0x6b1140) [0165.905] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d170000, lpmodinfo=0x26531a8, cb=0x18 | out: lpmodinfo=0x26531a8*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0165.906] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.908] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d170000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0165.910] CoTaskMemFree (pv=0x6b19c0) [0165.910] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.910] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d170000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0165.912] CoTaskMemFree (pv=0x6b0040) [0165.912] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c5c0000, lpmodinfo=0x2655350, cb=0x18 | out: lpmodinfo=0x2655350*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0165.914] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.914] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c5c0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0165.916] CoTaskMemFree (pv=0x6b2240) [0165.916] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.917] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c5c0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0165.919] CoTaskMemFree (pv=0x6b3340) [0165.919] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87eed0000, lpmodinfo=0x26574f8, cb=0x18 | out: lpmodinfo=0x26574f8*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0165.921] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.921] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87eed0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0165.923] CoTaskMemFree (pv=0x6b08c0) [0165.923] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0165.923] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87eed0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0165.925] CoTaskMemFree (pv=0x6b19c0) [0165.925] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ae70000, lpmodinfo=0x26596a0, cb=0x18 | out: lpmodinfo=0x26596a0*(lpBaseOfDll=0x7ff87ae70000, SizeOfImage=0x40000, EntryPoint=0x7ff87ae81960)) returned 1 [0165.927] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.927] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ae70000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="BrokerLib.dll") returned 0xd [0165.930] CoTaskMemFree (pv=0x6b1140) [0165.930] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.930] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ae70000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\BrokerLib.dll" (normalized: "c:\\windows\\system32\\brokerlib.dll")) returned 0x21 [0165.932] CoTaskMemFree (pv=0x6b2240) [0165.933] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878bf0000, lpmodinfo=0x265b858, cb=0x18 | out: lpmodinfo=0x265b858*(lpBaseOfDll=0x7ff878bf0000, SizeOfImage=0x61000, EntryPoint=0x7ff878bf4b50)) returned 1 [0165.935] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.935] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878bf0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wlanapi.dll") returned 0xb [0165.940] CoTaskMemFree (pv=0x6b2240) [0165.940] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.940] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878bf0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")) returned 0x1f [0165.942] CoTaskMemFree (pv=0x6b3340) [0165.943] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878b20000, lpmodinfo=0x265da00, cb=0x18 | out: lpmodinfo=0x265da00*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0165.945] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.945] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878b20000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="WINHTTP.dll") returned 0xb [0165.947] CoTaskMemFree (pv=0x6b0040) [0165.947] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.947] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878b20000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINHTTP.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0165.950] CoTaskMemFree (pv=0x6b1140) [0165.950] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878ff0000, lpmodinfo=0x265fba8, cb=0x18 | out: lpmodinfo=0x265fba8*(lpBaseOfDll=0x7ff878ff0000, SizeOfImage=0x36000, EntryPoint=0x7ff879000070)) returned 1 [0165.952] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0165.952] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878ff0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="XmlLite.dll") returned 0xb [0165.957] CoTaskMemFree (pv=0x6b3340) [0165.957] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.957] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878ff0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\XmlLite.dll" (normalized: "c:\\windows\\system32\\xmllite.dll")) returned 0x1f [0165.960] CoTaskMemFree (pv=0x6b2240) [0165.960] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f9d0000, lpmodinfo=0x2661d50, cb=0x18 | out: lpmodinfo=0x2661d50*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0165.962] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.963] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f9d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0165.965] CoTaskMemFree (pv=0x6b2ac0) [0165.965] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.965] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f9d0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0165.968] CoTaskMemFree (pv=0x6b08c0) [0165.968] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8788d0000, lpmodinfo=0x2663ef8, cb=0x18 | out: lpmodinfo=0x2663ef8*(lpBaseOfDll=0x7ff8788d0000, SizeOfImage=0x20000, EntryPoint=0x7ff8788d39a0)) returned 1 [0165.970] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.970] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8788d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="LocationWinPalMisc.dll") returned 0x16 [0165.973] CoTaskMemFree (pv=0x6b1140) [0165.973] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0165.973] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8788d0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\LocationWinPalMisc.dll" (normalized: "c:\\windows\\system32\\locationwinpalmisc.dll")) returned 0x2a [0165.976] CoTaskMemFree (pv=0x6b2240) [0165.976] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d650000, lpmodinfo=0x26660d0, cb=0x18 | out: lpmodinfo=0x26660d0*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0165.978] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.979] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d650000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0165.982] CoTaskMemFree (pv=0x6b2ac0) [0165.982] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0165.982] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d650000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0165.985] CoTaskMemFree (pv=0x6b2ac0) [0165.985] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c710000, lpmodinfo=0x2668278, cb=0x18 | out: lpmodinfo=0x2668278*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0165.987] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.987] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c710000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0165.991] CoTaskMemFree (pv=0x6b1140) [0165.991] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0165.991] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c710000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0165.993] CoTaskMemFree (pv=0x6b1140) [0165.993] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c760000, lpmodinfo=0x266a430, cb=0x18 | out: lpmodinfo=0x266a430*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0165.996] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0165.996] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c760000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0165.999] CoTaskMemFree (pv=0x6b08c0) [0165.999] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0165.999] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c760000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0166.002] CoTaskMemFree (pv=0x6b0040) [0166.002] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fb50000, lpmodinfo=0x266c5f8, cb=0x18 | out: lpmodinfo=0x266c5f8*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0166.005] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0166.005] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fb50000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0166.009] CoTaskMemFree (pv=0x6b1140) [0166.009] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0166.009] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fb50000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0166.012] CoTaskMemFree (pv=0x6b2240) [0166.012] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c650000, lpmodinfo=0x266e7a0, cb=0x18 | out: lpmodinfo=0x266e7a0*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0166.015] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0166.015] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c650000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0166.018] CoTaskMemFree (pv=0x6b3340) [0166.018] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.018] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c650000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0166.021] CoTaskMemFree (pv=0x6b0040) [0166.021] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c5d0000, lpmodinfo=0x2670b60, cb=0x18 | out: lpmodinfo=0x2670b60*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0166.024] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0166.024] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c5d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0166.028] CoTaskMemFree (pv=0x6b1140) [0166.029] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0166.029] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c5d0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0166.032] CoTaskMemFree (pv=0x6b19c0) [0166.032] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87bd20000, lpmodinfo=0x2672d08, cb=0x18 | out: lpmodinfo=0x2672d08*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0166.035] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0166.035] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87bd20000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0166.038] CoTaskMemFree (pv=0x6b19c0) [0166.038] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0166.039] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87bd20000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0166.042] CoTaskMemFree (pv=0x6b3340) [0166.042] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87afe0000, lpmodinfo=0x2674eb0, cb=0x18 | out: lpmodinfo=0x2674eb0*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0166.045] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0166.045] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87afe0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0166.048] CoTaskMemFree (pv=0x6b08c0) [0166.048] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0166.049] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87afe0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0166.052] CoTaskMemFree (pv=0x6b1140) [0166.052] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878890000, lpmodinfo=0x2677058, cb=0x18 | out: lpmodinfo=0x2677058*(lpBaseOfDll=0x7ff878890000, SizeOfImage=0x37000, EntryPoint=0x7ff878896020)) returned 1 [0166.055] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0166.055] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878890000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="GnssAdapter.dll") returned 0xf [0166.058] CoTaskMemFree (pv=0x6b2240) [0166.058] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0166.059] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878890000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\GnssAdapter.dll" (normalized: "c:\\windows\\system32\\gnssadapter.dll")) returned 0x23 [0166.062] CoTaskMemFree (pv=0x6b3340) [0166.062] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878830000, lpmodinfo=0x2679210, cb=0x18 | out: lpmodinfo=0x2679210*(lpBaseOfDll=0x7ff878830000, SizeOfImage=0x55000, EntryPoint=0x7ff878833fb0)) returned 1 [0166.066] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.066] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878830000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="policymanager.dll") returned 0x11 [0166.069] CoTaskMemFree (pv=0x6b0040) [0166.069] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0166.069] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878830000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")) returned 0x25 [0166.073] CoTaskMemFree (pv=0x6b2240) [0166.073] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878820000, lpmodinfo=0x267b3d8, cb=0x18 | out: lpmodinfo=0x267b3d8*(lpBaseOfDll=0x7ff878820000, SizeOfImage=0xc000, EntryPoint=0x7ff8788214d0)) returned 1 [0166.076] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0166.076] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878820000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="LocationFrameworkPS.dll") returned 0x17 [0166.080] CoTaskMemFree (pv=0x6b2240) [0166.080] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0166.080] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878820000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\LocationFrameworkPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkps.dll")) returned 0x2b [0166.084] CoTaskMemFree (pv=0x6b19c0) [0166.084] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8786d0000, lpmodinfo=0x267d5b0, cb=0x18 | out: lpmodinfo=0x267d5b0*(lpBaseOfDll=0x7ff8786d0000, SizeOfImage=0x14d000, EntryPoint=0x7ff878713da0)) returned 1 [0166.089] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.089] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8786d0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="gpsvc.dll") returned 0x9 [0166.093] CoTaskMemFree (pv=0x6b0040) [0166.093] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0166.093] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8786d0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\gpsvc.dll" (normalized: "c:\\windows\\system32\\gpsvc.dll")) returned 0x1d [0166.098] CoTaskMemFree (pv=0x6b1140) [0166.098] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87b270000, lpmodinfo=0x267f758, cb=0x18 | out: lpmodinfo=0x267f758*(lpBaseOfDll=0x7ff87b270000, SizeOfImage=0xc000, EntryPoint=0x7ff87b272480)) returned 1 [0166.101] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0166.102] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87b270000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="SYSNTFY.dll") returned 0xb [0166.105] CoTaskMemFree (pv=0x6b2240) [0166.105] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0166.105] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87b270000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SYSNTFY.dll" (normalized: "c:\\windows\\system32\\sysntfy.dll")) returned 0x1f [0166.110] CoTaskMemFree (pv=0x6b08c0) [0166.110] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8786b0000, lpmodinfo=0x2681900, cb=0x18 | out: lpmodinfo=0x2681900*(lpBaseOfDll=0x7ff8786b0000, SizeOfImage=0x18000, EntryPoint=0x7ff8786b5910)) returned 1 [0166.113] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0166.114] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8786b0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="nlaapi.dll") returned 0xa [0166.117] CoTaskMemFree (pv=0x6b2ac0) [0166.117] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0166.117] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8786b0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\nlaapi.dll" (normalized: "c:\\windows\\system32\\nlaapi.dll")) returned 0x1e [0166.121] CoTaskMemFree (pv=0x6b3340) [0166.121] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8786a0000, lpmodinfo=0x2683aa8, cb=0x18 | out: lpmodinfo=0x2683aa8*(lpBaseOfDll=0x7ff8786a0000, SizeOfImage=0xa000, EntryPoint=0x7ff8786a1660)) returned 1 [0166.125] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0166.125] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8786a0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="DSROLE.dll") returned 0xa [0166.129] CoTaskMemFree (pv=0x6b2ac0) [0166.129] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0166.129] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8786a0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DSROLE.dll" (normalized: "c:\\windows\\system32\\dsrole.dll")) returned 0x1e [0166.133] CoTaskMemFree (pv=0x6b1140) [0166.133] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878640000, lpmodinfo=0x2685c50, cb=0x18 | out: lpmodinfo=0x2685c50*(lpBaseOfDll=0x7ff878640000, SizeOfImage=0x55000, EntryPoint=0x7ff87864fc00)) returned 1 [0166.137] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.137] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878640000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="profsvc.dll") returned 0xb [0166.141] CoTaskMemFree (pv=0x6b0040) [0166.141] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.141] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878640000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\profsvc.dll" (normalized: "c:\\windows\\system32\\profsvc.dll")) returned 0x1f [0166.145] CoTaskMemFree (pv=0x6b0040) [0166.145] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878620000, lpmodinfo=0x2687df8, cb=0x18 | out: lpmodinfo=0x2687df8*(lpBaseOfDll=0x7ff878620000, SizeOfImage=0x1a000, EntryPoint=0x7ff878622cf0)) returned 1 [0166.149] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0166.149] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878620000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="LocationPeLegacyWinLocation.dll") returned 0x1f [0166.153] CoTaskMemFree (pv=0x6b2ac0) [0166.153] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.154] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878620000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\LocationPeLegacyWinLocation.dll" (normalized: "c:\\windows\\system32\\locationpelegacywinlocation.dll")) returned 0x33 [0166.157] CoTaskMemFree (pv=0x6b0040) [0166.157] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d3a0000, lpmodinfo=0x2689ff0, cb=0x18 | out: lpmodinfo=0x2689ff0*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0166.161] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.161] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d3a0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0166.165] CoTaskMemFree (pv=0x6b0040) [0166.165] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.165] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d3a0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0166.171] CoTaskMemFree (pv=0x6b0040) [0166.171] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878600000, lpmodinfo=0x268c198, cb=0x18 | out: lpmodinfo=0x268c198*(lpBaseOfDll=0x7ff878600000, SizeOfImage=0x13000, EntryPoint=0x7ff8786057f0)) returned 1 [0166.174] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.175] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878600000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="themeservice.dll") returned 0x10 [0166.179] CoTaskMemFree (pv=0x6b0040) [0166.179] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.179] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878600000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\themeservice.dll" (normalized: "c:\\windows\\system32\\themeservice.dll")) returned 0x24 [0166.183] CoTaskMemFree (pv=0x6b0040) [0166.183] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c3d0000, lpmodinfo=0x268e360, cb=0x18 | out: lpmodinfo=0x268e360*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0166.187] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0166.187] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c3d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="winsta.dll") returned 0xa [0166.191] CoTaskMemFree (pv=0x6b1140) [0166.191] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0166.191] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c3d0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\winsta.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0166.195] CoTaskMemFree (pv=0x6b08c0) [0166.195] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878550000, lpmodinfo=0x2690508, cb=0x18 | out: lpmodinfo=0x2690508*(lpBaseOfDll=0x7ff878550000, SizeOfImage=0x27000, EntryPoint=0x7ff878553bf0)) returned 1 [0166.199] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0166.199] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878550000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="profsvcext.dll") returned 0xe [0166.204] CoTaskMemFree (pv=0x6b08c0) [0166.204] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0166.204] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878550000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profsvcext.dll" (normalized: "c:\\windows\\system32\\profsvcext.dll")) returned 0x22 [0166.209] CoTaskMemFree (pv=0x6b08c0) [0166.209] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f570000, lpmodinfo=0x26926c0, cb=0x18 | out: lpmodinfo=0x26926c0*(lpBaseOfDll=0x7ff87f570000, SizeOfImage=0x5c000, EntryPoint=0x7ff87f58b720)) returned 1 [0166.214] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0166.214] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f570000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="WLDAP32.dll") returned 0xb [0166.218] CoTaskMemFree (pv=0x6b19c0) [0166.218] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0166.218] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f570000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WLDAP32.dll" (normalized: "c:\\windows\\system32\\wldap32.dll")) returned 0x1f [0166.223] CoTaskMemFree (pv=0x6b2240) [0166.223] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87b9d0000, lpmodinfo=0x2694868, cb=0x18 | out: lpmodinfo=0x2694868*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0166.227] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0166.227] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87b9d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0166.256] CoTaskMemFree (pv=0x6b1140) [0166.256] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0166.257] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87b9d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0166.261] CoTaskMemFree (pv=0x6b2ac0) [0166.261] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878510000, lpmodinfo=0x2696a20, cb=0x18 | out: lpmodinfo=0x2696a20*(lpBaseOfDll=0x7ff878510000, SizeOfImage=0x3e000, EntryPoint=0x7ff87851a050)) returned 1 [0166.267] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0166.267] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878510000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="logoncli.dll") returned 0xc [0166.271] CoTaskMemFree (pv=0x6b1140) [0166.271] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.271] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878510000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\logoncli.dll" (normalized: "c:\\windows\\system32\\logoncli.dll")) returned 0x20 [0166.276] CoTaskMemFree (pv=0x6b0040) [0166.276] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8784f0000, lpmodinfo=0x2698bd8, cb=0x18 | out: lpmodinfo=0x2698bd8*(lpBaseOfDll=0x7ff8784f0000, SizeOfImage=0x11000, EntryPoint=0x7ff8784f7ea0)) returned 1 [0166.280] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0166.281] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8784f0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="dcpapi.dll") returned 0xa [0166.285] CoTaskMemFree (pv=0x6b2ac0) [0166.285] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0166.285] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8784f0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dcpapi.dll" (normalized: "c:\\windows\\system32\\dcpapi.dll")) returned 0x1e [0166.290] CoTaskMemFree (pv=0x6b08c0) [0166.290] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8784c0000, lpmodinfo=0x269ad80, cb=0x18 | out: lpmodinfo=0x269ad80*(lpBaseOfDll=0x7ff8784c0000, SizeOfImage=0x25000, EntryPoint=0x7ff8784d2f20)) returned 1 [0166.295] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.295] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8784c0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wificonnapi.dll") returned 0xf [0166.300] CoTaskMemFree (pv=0x6b0040) [0166.300] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0166.301] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8784c0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wificonnapi.dll" (normalized: "c:\\windows\\system32\\wificonnapi.dll")) returned 0x23 [0166.313] CoTaskMemFree (pv=0x6b2240) [0166.314] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878400000, lpmodinfo=0x269cf38, cb=0x18 | out: lpmodinfo=0x269cf38*(lpBaseOfDll=0x7ff878400000, SizeOfImage=0xb1000, EntryPoint=0x7ff8784788b0)) returned 1 [0166.318] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.319] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878400000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="CellularAPI.dll") returned 0xf [0166.324] CoTaskMemFree (pv=0x6b0040) [0166.324] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0166.324] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878400000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CellularAPI.dll" (normalized: "c:\\windows\\system32\\cellularapi.dll")) returned 0x23 [0166.328] CoTaskMemFree (pv=0x6b19c0) [0166.328] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c450000, lpmodinfo=0x269f0f0, cb=0x18 | out: lpmodinfo=0x269f0f0*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0166.334] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0166.334] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c450000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0166.339] CoTaskMemFree (pv=0x6b3340) [0166.339] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0166.339] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c450000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0166.346] CoTaskMemFree (pv=0x6b08c0) [0166.346] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8783e0000, lpmodinfo=0x26a1298, cb=0x18 | out: lpmodinfo=0x26a1298*(lpBaseOfDll=0x7ff8783e0000, SizeOfImage=0x12000, EntryPoint=0x7ff8783e9260)) returned 1 [0166.350] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0166.350] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8783e0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="rilProxy.dll") returned 0xc [0166.355] CoTaskMemFree (pv=0x6b19c0) [0166.355] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0166.356] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8783e0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rilProxy.dll" (normalized: "c:\\windows\\system32\\rilproxy.dll")) returned 0x20 [0166.360] CoTaskMemFree (pv=0x6b19c0) [0166.360] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87b5c0000, lpmodinfo=0x26a3450, cb=0x18 | out: lpmodinfo=0x26a3450*(lpBaseOfDll=0x7ff87b5c0000, SizeOfImage=0x24000, EntryPoint=0x7ff87b5c3260)) returned 1 [0166.365] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.365] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87b5c0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="gpapi.dll") returned 0x9 [0166.370] CoTaskMemFree (pv=0x6b0040) [0166.370] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0166.370] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87b5c0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\gpapi.dll" (normalized: "c:\\windows\\system32\\gpapi.dll")) returned 0x1d [0166.375] CoTaskMemFree (pv=0x6b19c0) [0166.375] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878310000, lpmodinfo=0x26a55f8, cb=0x18 | out: lpmodinfo=0x26a55f8*(lpBaseOfDll=0x7ff878310000, SizeOfImage=0x17000, EntryPoint=0x7ff878315630)) returned 1 [0166.381] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.381] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878310000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="sens.dll") returned 0x8 [0166.386] CoTaskMemFree (pv=0x6b0040) [0166.386] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0166.387] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878310000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\sens.dll" (normalized: "c:\\windows\\system32\\sens.dll")) returned 0x1c [0166.391] CoTaskMemFree (pv=0x6b2ac0) [0166.392] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878150000, lpmodinfo=0x26a77a0, cb=0x18 | out: lpmodinfo=0x26a77a0*(lpBaseOfDll=0x7ff878150000, SizeOfImage=0xc000, EntryPoint=0x7ff878152830)) returned 1 [0166.397] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0166.397] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878150000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="bi.dll") returned 0x6 [0166.402] CoTaskMemFree (pv=0x6b08c0) [0166.402] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.402] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878150000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bi.dll" (normalized: "c:\\windows\\system32\\bi.dll")) returned 0x1a [0166.407] CoTaskMemFree (pv=0x6b0040) [0166.407] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875d90000, lpmodinfo=0x26a9938, cb=0x18 | out: lpmodinfo=0x26a9938*(lpBaseOfDll=0x7ff875d90000, SizeOfImage=0xfc000, EntryPoint=0x7ff875dc6df0)) returned 1 [0166.414] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0166.414] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875d90000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="schedsvc.dll") returned 0xc [0166.418] CoTaskMemFree (pv=0x6b1140) [0166.418] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0166.419] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875d90000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\schedsvc.dll" (normalized: "c:\\windows\\system32\\schedsvc.dll")) returned 0x20 [0166.424] CoTaskMemFree (pv=0x6b1140) [0166.424] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875d40000, lpmodinfo=0x26abaf0, cb=0x18 | out: lpmodinfo=0x26abaf0*(lpBaseOfDll=0x7ff875d40000, SizeOfImage=0x41000, EntryPoint=0x7ff875d57eb0)) returned 1 [0166.429] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0166.429] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875d40000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="UBPM.dll") returned 0x8 [0166.434] CoTaskMemFree (pv=0x6b2240) [0166.434] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0166.434] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875d40000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\UBPM.dll" (normalized: "c:\\windows\\system32\\ubpm.dll")) returned 0x1c [0166.439] CoTaskMemFree (pv=0x6b1140) [0166.439] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c430000, lpmodinfo=0x26adc98, cb=0x18 | out: lpmodinfo=0x26adc98*(lpBaseOfDll=0x7ff87c430000, SizeOfImage=0x19000, EntryPoint=0x7ff87c435e10)) returned 1 [0166.445] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.445] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c430000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="EventAggregation.dll") returned 0x14 [0166.450] CoTaskMemFree (pv=0x6b0040) [0166.450] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.450] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c430000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\EventAggregation.dll" (normalized: "c:\\windows\\system32\\eventaggregation.dll")) returned 0x28 [0166.456] CoTaskMemFree (pv=0x6b0040) [0166.456] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87b8b0000, lpmodinfo=0x26afe70, cb=0x18 | out: lpmodinfo=0x26afe70*(lpBaseOfDll=0x7ff87b8b0000, SizeOfImage=0x49000, EntryPoint=0x7ff87b8ba090)) returned 1 [0166.461] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0166.461] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87b8b0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="AUTHZ.dll") returned 0x9 [0166.467] CoTaskMemFree (pv=0x6b2ac0) [0166.467] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0166.467] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87b8b0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\AUTHZ.dll" (normalized: "c:\\windows\\system32\\authz.dll")) returned 0x1d [0166.473] CoTaskMemFree (pv=0x6b19c0) [0166.473] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875d20000, lpmodinfo=0x26b2018, cb=0x18 | out: lpmodinfo=0x26b2018*(lpBaseOfDll=0x7ff875d20000, SizeOfImage=0x11000, EntryPoint=0x7ff875d23320)) returned 1 [0166.478] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0166.478] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875d20000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="WMICLNT.dll") returned 0xb [0166.485] CoTaskMemFree (pv=0x6b3340) [0166.485] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.485] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875d20000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WMICLNT.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")) returned 0x1f [0166.491] CoTaskMemFree (pv=0x6b0040) [0166.491] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c240000, lpmodinfo=0x26b45d8, cb=0x18 | out: lpmodinfo=0x26b45d8*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0166.503] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0166.503] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c240000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0166.508] CoTaskMemFree (pv=0x6b08c0) [0166.509] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0166.509] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c240000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0166.516] CoTaskMemFree (pv=0x6b08c0) [0166.516] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875c60000, lpmodinfo=0x26b6780, cb=0x18 | out: lpmodinfo=0x26b6780*(lpBaseOfDll=0x7ff875c60000, SizeOfImage=0x6e000, EntryPoint=0x7ff875c67f60)) returned 1 [0166.521] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0166.521] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875c60000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="taskcomp.dll") returned 0xc [0166.527] CoTaskMemFree (pv=0x6b08c0) [0166.527] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0166.527] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875c60000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\taskcomp.dll" (normalized: "c:\\windows\\system32\\taskcomp.dll")) returned 0x20 [0166.533] CoTaskMemFree (pv=0x6b3340) [0166.533] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87aca0000, lpmodinfo=0x26b8938, cb=0x18 | out: lpmodinfo=0x26b8938*(lpBaseOfDll=0x7ff87aca0000, SizeOfImage=0x1c000, EntryPoint=0x7ff87aca37a0)) returned 1 [0166.539] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.539] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87aca0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="SAMLIB.dll") returned 0xa [0166.545] CoTaskMemFree (pv=0x6b0040) [0166.545] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0166.545] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87aca0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\SAMLIB.dll" (normalized: "c:\\windows\\system32\\samlib.dll")) returned 0x1e [0166.551] CoTaskMemFree (pv=0x6b2240) [0166.551] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87bab0000, lpmodinfo=0x26baae0, cb=0x18 | out: lpmodinfo=0x26baae0*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0166.557] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.557] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87bab0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0166.564] CoTaskMemFree (pv=0x6b0040) [0166.564] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0166.564] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87bab0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0166.570] CoTaskMemFree (pv=0x6b19c0) [0166.570] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875320000, lpmodinfo=0x26bcc88, cb=0x18 | out: lpmodinfo=0x26bcc88*(lpBaseOfDll=0x7ff875320000, SizeOfImage=0xe6000, EntryPoint=0x7ff87533cf10)) returned 1 [0166.576] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0166.576] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875320000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="usermgr.dll") returned 0xb [0166.582] CoTaskMemFree (pv=0x6b2ac0) [0166.582] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0166.582] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875320000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\usermgr.dll" (normalized: "c:\\windows\\system32\\usermgr.dll")) returned 0x1f [0166.588] CoTaskMemFree (pv=0x6b08c0) [0166.588] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff876870000, lpmodinfo=0x26bee30, cb=0x18 | out: lpmodinfo=0x26bee30*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0166.595] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0166.595] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff876870000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0166.601] CoTaskMemFree (pv=0x6b3340) [0166.601] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.602] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff876870000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0166.608] CoTaskMemFree (pv=0x6b0040) [0166.608] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8752a0000, lpmodinfo=0x26c0fe8, cb=0x18 | out: lpmodinfo=0x26c0fe8*(lpBaseOfDll=0x7ff8752a0000, SizeOfImage=0x2f000, EntryPoint=0x7ff8752a8910)) returned 1 [0166.615] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0166.615] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8752a0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="WPTaskScheduler.dll") returned 0x13 [0166.621] CoTaskMemFree (pv=0x6b3340) [0166.621] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0166.621] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8752a0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WPTaskScheduler.dll" (normalized: "c:\\windows\\system32\\wptaskscheduler.dll")) returned 0x27 [0166.627] CoTaskMemFree (pv=0x6b3340) [0166.627] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875290000, lpmodinfo=0x26c31b0, cb=0x18 | out: lpmodinfo=0x26c31b0*(lpBaseOfDll=0x7ff875290000, SizeOfImage=0xd000, EntryPoint=0x7ff875292ca0)) returned 1 [0166.634] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0166.635] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875290000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="CSystemEventsBrokerClient.dll") returned 0x1d [0166.641] CoTaskMemFree (pv=0x6b19c0) [0166.641] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0166.641] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875290000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CSystemEventsBrokerClient.dll" (normalized: "c:\\windows\\system32\\csystemeventsbrokerclient.dll")) returned 0x31 [0166.647] CoTaskMemFree (pv=0x6b2240) [0166.647] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875230000, lpmodinfo=0x26c53a8, cb=0x18 | out: lpmodinfo=0x26c53a8*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff875231b60)) returned 1 [0166.654] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0166.654] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875230000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0166.660] CoTaskMemFree (pv=0x6b19c0) [0166.660] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0166.660] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875230000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0166.667] CoTaskMemFree (pv=0x6b2ac0) [0166.667] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875200000, lpmodinfo=0x26c7550, cb=0x18 | out: lpmodinfo=0x26c7550*(lpBaseOfDll=0x7ff875200000, SizeOfImage=0x2e000, EntryPoint=0x7ff875207550)) returned 1 [0166.673] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.673] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875200000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="netjoin.dll") returned 0xb [0166.680] CoTaskMemFree (pv=0x6b0040) [0166.680] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0166.680] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875200000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\netjoin.dll" (normalized: "c:\\windows\\system32\\netjoin.dll")) returned 0x1f [0166.686] CoTaskMemFree (pv=0x6b2ac0) [0166.687] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c0a0000, lpmodinfo=0x26c96f8, cb=0x18 | out: lpmodinfo=0x26c96f8*(lpBaseOfDll=0x7ff87c0a0000, SizeOfImage=0x21000, EntryPoint=0x7ff87c0b0250)) returned 1 [0166.693] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.693] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c0a0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="JoinUtil.dll") returned 0xc [0166.699] CoTaskMemFree (pv=0x6b0040) [0166.699] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0166.699] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c0a0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\JoinUtil.dll" (normalized: "c:\\windows\\system32\\joinutil.dll")) returned 0x20 [0166.707] CoTaskMemFree (pv=0x6b2ac0) [0166.707] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87be90000, lpmodinfo=0x26cb8b0, cb=0x18 | out: lpmodinfo=0x26cb8b0*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0166.715] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0166.715] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87be90000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0166.721] CoTaskMemFree (pv=0x6b2240) [0166.721] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0166.722] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87be90000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0166.738] CoTaskMemFree (pv=0x6b3340) [0166.739] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875080000, lpmodinfo=0x26cda58, cb=0x18 | out: lpmodinfo=0x26cda58*(lpBaseOfDll=0x7ff875080000, SizeOfImage=0x41000, EntryPoint=0x7ff875084840)) returned 1 [0166.747] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0166.748] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875080000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="usermgrproxy.dll") returned 0x10 [0166.756] CoTaskMemFree (pv=0x6b3340) [0166.757] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0166.757] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875080000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\usermgrproxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")) returned 0x24 [0166.765] CoTaskMemFree (pv=0x6b08c0) [0166.765] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ad00000, lpmodinfo=0x26cfc20, cb=0x18 | out: lpmodinfo=0x26cfc20*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0166.774] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0166.774] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ad00000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="WTSAPI32.dll") returned 0xc [0166.786] CoTaskMemFree (pv=0x6b19c0) [0166.786] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.786] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ad00000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WTSAPI32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0166.795] CoTaskMemFree (pv=0x6b0040) [0166.795] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874f10000, lpmodinfo=0x26d1dd8, cb=0x18 | out: lpmodinfo=0x26d1dd8*(lpBaseOfDll=0x7ff874f10000, SizeOfImage=0x9a000, EntryPoint=0x7ff874f2ada0)) returned 1 [0166.803] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0166.803] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874f10000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="shsvcs.dll") returned 0xa [0166.811] CoTaskMemFree (pv=0x6b19c0) [0166.811] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0166.811] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874f10000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\shsvcs.dll" (normalized: "c:\\windows\\system32\\shsvcs.dll")) returned 0x1e [0166.819] CoTaskMemFree (pv=0x6b1140) [0166.819] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87a1f0000, lpmodinfo=0x26d3f80, cb=0x18 | out: lpmodinfo=0x26d3f80*(lpBaseOfDll=0x7ff87a1f0000, SizeOfImage=0x8000, EntryPoint=0x7ff87a1f13e0)) returned 1 [0166.825] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0166.826] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87a1f0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="DABAPI.dll") returned 0xa [0166.832] CoTaskMemFree (pv=0x6b2ac0) [0166.832] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0166.832] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87a1f0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DABAPI.dll" (normalized: "c:\\windows\\system32\\dabapi.dll")) returned 0x1e [0166.839] CoTaskMemFree (pv=0x6b1140) [0166.839] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8788f0000, lpmodinfo=0x26d6128, cb=0x18 | out: lpmodinfo=0x26d6128*(lpBaseOfDll=0x7ff8788f0000, SizeOfImage=0x64000, EntryPoint=0x7ff878905ae0)) returned 1 [0166.846] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0166.846] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8788f0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0166.852] CoTaskMemFree (pv=0x6b1140) [0166.852] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.852] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8788f0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0166.860] CoTaskMemFree (pv=0x6b0040) [0166.861] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874e50000, lpmodinfo=0x26d82d0, cb=0x18 | out: lpmodinfo=0x26d82d0*(lpBaseOfDll=0x7ff874e50000, SizeOfImage=0xc0000, EntryPoint=0x7ff874e7fd20)) returned 1 [0166.868] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0166.868] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874e50000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="FVEAPI.dll") returned 0xa [0166.875] CoTaskMemFree (pv=0x6b1140) [0166.875] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0166.875] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874e50000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\FVEAPI.dll" (normalized: "c:\\windows\\system32\\fveapi.dll")) returned 0x1e [0166.882] CoTaskMemFree (pv=0x6b3340) [0166.882] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874b10000, lpmodinfo=0x26da478, cb=0x18 | out: lpmodinfo=0x26da478*(lpBaseOfDll=0x7ff874b10000, SizeOfImage=0x52000, EntryPoint=0x7ff874b138e0)) returned 1 [0166.889] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0166.889] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874b10000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ProximityService.dll") returned 0x14 [0166.896] CoTaskMemFree (pv=0x6b1140) [0166.896] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0166.896] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874b10000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ProximityService.dll" (normalized: "c:\\windows\\system32\\proximityservice.dll")) returned 0x28 [0166.903] CoTaskMemFree (pv=0x6b1140) [0166.903] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874ae0000, lpmodinfo=0x26dc650, cb=0x18 | out: lpmodinfo=0x26dc650*(lpBaseOfDll=0x7ff874ae0000, SizeOfImage=0x2d000, EntryPoint=0x7ff874ae2290)) returned 1 [0166.910] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0166.910] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874ae0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ProximityCommon.dll") returned 0x13 [0166.918] CoTaskMemFree (pv=0x6b08c0) [0166.919] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0166.919] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874ae0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ProximityCommon.dll" (normalized: "c:\\windows\\system32\\proximitycommon.dll")) returned 0x27 [0166.927] CoTaskMemFree (pv=0x6b3340) [0166.927] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874ad0000, lpmodinfo=0x26de818, cb=0x18 | out: lpmodinfo=0x26de818*(lpBaseOfDll=0x7ff874ad0000, SizeOfImage=0x9000, EntryPoint=0x7ff874ad1ed0)) returned 1 [0166.934] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.934] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874ad0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ProximityCommonPal.dll") returned 0x16 [0166.941] CoTaskMemFree (pv=0x6b0040) [0166.941] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0166.941] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874ad0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ProximityCommonPal.dll" (normalized: "c:\\windows\\system32\\proximitycommonpal.dll")) returned 0x2a [0166.949] CoTaskMemFree (pv=0x6b2240) [0166.949] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875480000, lpmodinfo=0x26e09f0, cb=0x18 | out: lpmodinfo=0x26e09f0*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0166.956] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.956] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875480000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0166.963] CoTaskMemFree (pv=0x6b0040) [0166.963] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0166.963] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875480000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0166.988] CoTaskMemFree (pv=0x6b0040) [0166.988] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874aa0000, lpmodinfo=0x26e2ba8, cb=0x18 | out: lpmodinfo=0x26e2ba8*(lpBaseOfDll=0x7ff874aa0000, SizeOfImage=0x10000, EntryPoint=0x7ff874aa1700)) returned 1 [0166.996] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0166.996] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874aa0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ProximityServicePAL.dll") returned 0x17 [0167.003] CoTaskMemFree (pv=0x6b1140) [0167.003] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0167.004] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874aa0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ProximityServicePAL.dll" (normalized: "c:\\windows\\system32\\proximityservicepal.dll")) returned 0x2b [0167.011] CoTaskMemFree (pv=0x6b2ac0) [0167.011] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87cdb0000, lpmodinfo=0x26e4d80, cb=0x18 | out: lpmodinfo=0x26e4d80*(lpBaseOfDll=0x7ff87cdb0000, SizeOfImage=0x86000, EntryPoint=0x7ff87cdbd8f0)) returned 1 [0167.024] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0167.024] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87cdb0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="firewallapi.dll") returned 0xf [0167.031] CoTaskMemFree (pv=0x6b0040) [0167.031] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0167.032] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87cdb0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\firewallapi.dll" (normalized: "c:\\windows\\system32\\firewallapi.dll")) returned 0x23 [0167.039] CoTaskMemFree (pv=0x6b2ac0) [0167.039] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87b340000, lpmodinfo=0x26e6f38, cb=0x18 | out: lpmodinfo=0x26e6f38*(lpBaseOfDll=0x7ff87b340000, SizeOfImage=0x32000, EntryPoint=0x7ff87b352340)) returned 1 [0167.047] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0167.047] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87b340000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="fwbase.dll") returned 0xa [0167.054] CoTaskMemFree (pv=0x6b19c0) [0167.055] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0167.055] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87b340000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\fwbase.dll" (normalized: "c:\\windows\\system32\\fwbase.dll")) returned 0x1e [0167.062] CoTaskMemFree (pv=0x6b2240) [0167.062] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874a90000, lpmodinfo=0x26e90e0, cb=0x18 | out: lpmodinfo=0x26e90e0*(lpBaseOfDll=0x7ff874a90000, SizeOfImage=0xe000, EntryPoint=0x7ff874a91460)) returned 1 [0167.070] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0167.070] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874a90000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0167.078] CoTaskMemFree (pv=0x6b2240) [0167.079] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0167.079] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874a90000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0167.101] CoTaskMemFree (pv=0x6b2240) [0167.102] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ab10000, lpmodinfo=0x26eb298, cb=0x18 | out: lpmodinfo=0x26eb298*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0167.110] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0167.110] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ab10000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0167.118] CoTaskMemFree (pv=0x6b08c0) [0167.118] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0167.119] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ab10000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0167.126] CoTaskMemFree (pv=0x6b2240) [0167.126] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87b5b0000, lpmodinfo=0x26ed440, cb=0x18 | out: lpmodinfo=0x26ed440*(lpBaseOfDll=0x7ff87b5b0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b5b2790)) returned 1 [0167.133] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0167.134] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87b5b0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="HID.DLL") returned 0x7 [0167.142] CoTaskMemFree (pv=0x6b2240) [0167.142] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0167.142] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87b5b0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\HID.DLL" (normalized: "c:\\windows\\system32\\hid.dll")) returned 0x1b [0167.150] CoTaskMemFree (pv=0x6b1140) [0167.150] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875b40000, lpmodinfo=0x26ef5d8, cb=0x18 | out: lpmodinfo=0x26ef5d8*(lpBaseOfDll=0x7ff875b40000, SizeOfImage=0x10000, EntryPoint=0x7ff875b42c60)) returned 1 [0167.157] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0167.158] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875b40000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="usermgrcli.dll") returned 0xe [0167.165] CoTaskMemFree (pv=0x6b19c0) [0167.165] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0167.165] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875b40000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\usermgrcli.dll" (normalized: "c:\\windows\\system32\\usermgrcli.dll")) returned 0x22 [0167.174] CoTaskMemFree (pv=0x6b08c0) [0167.174] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878580000, lpmodinfo=0x26f1790, cb=0x18 | out: lpmodinfo=0x26f1790*(lpBaseOfDll=0x7ff878580000, SizeOfImage=0x7a000, EntryPoint=0x7ff8785a7630)) returned 1 [0167.182] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0167.182] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878580000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="ES.DLL") returned 0x6 [0167.190] CoTaskMemFree (pv=0x6b3340) [0167.190] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0167.190] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878580000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ES.DLL" (normalized: "c:\\windows\\system32\\es.dll")) returned 0x1a [0167.198] CoTaskMemFree (pv=0x6b2240) [0167.198] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c480000, lpmodinfo=0x26f3928, cb=0x18 | out: lpmodinfo=0x26f3928*(lpBaseOfDll=0x7ff87c480000, SizeOfImage=0x99000, EntryPoint=0x7ff87c4af4e0)) returned 1 [0167.206] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0167.206] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c480000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="sxs.dll") returned 0x7 [0167.214] CoTaskMemFree (pv=0x6b2ac0) [0167.214] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0167.214] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c480000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0167.223] CoTaskMemFree (pv=0x6b08c0) [0167.223] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d340000, lpmodinfo=0x26f5ac0, cb=0x18 | out: lpmodinfo=0x26f5ac0*(lpBaseOfDll=0x7ff87d340000, SizeOfImage=0x55000, EntryPoint=0x7ff87d357970)) returned 1 [0167.231] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0167.231] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d340000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0167.258] CoTaskMemFree (pv=0x6b3340) [0167.258] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0167.259] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d340000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0167.267] CoTaskMemFree (pv=0x6b19c0) [0167.268] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff873450000, lpmodinfo=0x26f7c78, cb=0x18 | out: lpmodinfo=0x26f7c78*(lpBaseOfDll=0x7ff873450000, SizeOfImage=0x22000, EntryPoint=0x7ff873462540)) returned 1 [0167.275] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0167.276] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff873450000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="UpdatePolicy.dll") returned 0x10 [0167.284] CoTaskMemFree (pv=0x6b2ac0) [0167.284] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0167.284] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff873450000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\UpdatePolicy.dll" (normalized: "c:\\windows\\system32\\updatepolicy.dll")) returned 0x24 [0167.292] CoTaskMemFree (pv=0x6b1140) [0167.292] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87efb0000, lpmodinfo=0x26f9e40, cb=0x18 | out: lpmodinfo=0x26f9e40*(lpBaseOfDll=0x7ff87efb0000, SizeOfImage=0x429000, EntryPoint=0x7ff87efd8740)) returned 1 [0167.301] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0167.301] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87efb0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0167.309] CoTaskMemFree (pv=0x6b08c0) [0167.309] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0167.309] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87efb0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0167.318] CoTaskMemFree (pv=0x6b19c0) [0167.318] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87bf40000, lpmodinfo=0x26fbff8, cb=0x18 | out: lpmodinfo=0x26fbff8*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0167.326] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0167.326] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87bf40000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0167.335] CoTaskMemFree (pv=0x6b1140) [0167.335] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0167.335] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87bf40000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0167.344] CoTaskMemFree (pv=0x6b3340) [0167.344] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff872a10000, lpmodinfo=0x26fe1a0, cb=0x18 | out: lpmodinfo=0x26fe1a0*(lpBaseOfDll=0x7ff872a10000, SizeOfImage=0x10000, EntryPoint=0x7ff872a11690)) returned 1 [0167.352] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0167.352] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff872a10000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wups.dll") returned 0x8 [0167.361] CoTaskMemFree (pv=0x6b3340) [0167.361] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0167.361] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff872a10000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wups.dll" (normalized: "c:\\windows\\system32\\wups.dll")) returned 0x1c [0167.369] CoTaskMemFree (pv=0x6b08c0) [0167.369] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c060000, lpmodinfo=0x2700348, cb=0x18 | out: lpmodinfo=0x2700348*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0167.378] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0167.378] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c060000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="CRYPTBASE.DLL") returned 0xd [0167.386] CoTaskMemFree (pv=0x6b2ac0) [0167.387] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0167.387] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c060000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTBASE.DLL" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0167.395] CoTaskMemFree (pv=0x6b3340) [0167.395] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8727c0000, lpmodinfo=0x2702500, cb=0x18 | out: lpmodinfo=0x2702500*(lpBaseOfDll=0x7ff8727c0000, SizeOfImage=0x40000, EntryPoint=0x7ff8727d6c60)) returned 1 [0167.420] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0167.420] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8727c0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0167.428] CoTaskMemFree (pv=0x6b08c0) [0167.428] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0167.428] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8727c0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0167.436] CoTaskMemFree (pv=0x6b0040) [0167.436] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff872540000, lpmodinfo=0x27046b8, cb=0x18 | out: lpmodinfo=0x27046b8*(lpBaseOfDll=0x7ff872540000, SizeOfImage=0x27a000, EntryPoint=0x7ff87255a7a0)) returned 1 [0167.445] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0167.445] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff872540000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="msxml6.dll") returned 0xa [0167.454] CoTaskMemFree (pv=0x6b2ac0) [0167.454] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0167.454] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff872540000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\msxml6.dll" (normalized: "c:\\windows\\system32\\msxml6.dll")) returned 0x1e [0167.463] CoTaskMemFree (pv=0x6b2ac0) [0167.463] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87bbd0000, lpmodinfo=0x2706860, cb=0x18 | out: lpmodinfo=0x2706860*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0167.471] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0167.471] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87bbd0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0167.480] CoTaskMemFree (pv=0x6b3340) [0167.480] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0167.480] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87bbd0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0167.489] CoTaskMemFree (pv=0x6b0040) [0167.489] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff870cf0000, lpmodinfo=0x2708a08, cb=0x18 | out: lpmodinfo=0x2708a08*(lpBaseOfDll=0x7ff870cf0000, SizeOfImage=0x3c000, EntryPoint=0x7ff870cf6aa0)) returned 1 [0167.505] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0167.505] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff870cf0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wmisvc.dll") returned 0xa [0167.514] CoTaskMemFree (pv=0x6b2ac0) [0167.514] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0167.514] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff870cf0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wbem\\wmisvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wmisvc.dll")) returned 0x23 [0167.523] CoTaskMemFree (pv=0x6b19c0) [0167.524] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff870c70000, lpmodinfo=0x270abb8, cb=0x18 | out: lpmodinfo=0x270abb8*(lpBaseOfDll=0x7ff870c70000, SizeOfImage=0x7f000, EntryPoint=0x7ff870c87110)) returned 1 [0167.532] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0167.533] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff870c70000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wbemcomn.dll") returned 0xc [0167.541] CoTaskMemFree (pv=0x6b2ac0) [0167.541] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0167.541] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff870c70000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wbemcomn.dll" (normalized: "c:\\windows\\system32\\wbemcomn.dll")) returned 0x20 [0167.550] CoTaskMemFree (pv=0x6b0040) [0167.550] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8704c0000, lpmodinfo=0x270cd70, cb=0x18 | out: lpmodinfo=0x270cd70*(lpBaseOfDll=0x7ff8704c0000, SizeOfImage=0x4c000, EntryPoint=0x7ff8704d5310)) returned 1 [0167.559] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0167.559] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8704c0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="srvsvc.dll") returned 0xa [0167.574] CoTaskMemFree (pv=0x6b2240) [0167.575] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0167.575] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8704c0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\srvsvc.dll" (normalized: "c:\\windows\\system32\\srvsvc.dll")) returned 0x1e [0167.583] CoTaskMemFree (pv=0x6b0040) [0167.583] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87efa0000, lpmodinfo=0x270ef18, cb=0x18 | out: lpmodinfo=0x270ef18*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0167.592] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0167.592] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87efa0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0167.602] CoTaskMemFree (pv=0x6b2240) [0167.602] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0167.602] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87efa0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0167.611] CoTaskMemFree (pv=0x6b0040) [0167.611] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8750d0000, lpmodinfo=0x27110b0, cb=0x18 | out: lpmodinfo=0x27110b0*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0167.620] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0167.620] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8750d0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0167.630] CoTaskMemFree (pv=0x6b2240) [0167.630] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0167.630] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8750d0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0167.640] CoTaskMemFree (pv=0x6b1140) [0167.640] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8703c0000, lpmodinfo=0x2713258, cb=0x18 | out: lpmodinfo=0x2713258*(lpBaseOfDll=0x7ff8703c0000, SizeOfImage=0xf3000, EntryPoint=0x7ff8703e5d80)) returned 1 [0167.649] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0167.649] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8703c0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="iphlpsvc.dll") returned 0xc [0167.658] CoTaskMemFree (pv=0x6b3340) [0167.658] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0167.658] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8703c0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\iphlpsvc.dll" (normalized: "c:\\windows\\system32\\iphlpsvc.dll")) returned 0x20 [0167.667] CoTaskMemFree (pv=0x6b1140) [0167.667] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874fc0000, lpmodinfo=0x2715410, cb=0x18 | out: lpmodinfo=0x2715410*(lpBaseOfDll=0x7ff874fc0000, SizeOfImage=0x67000, EntryPoint=0x7ff874fc63e0)) returned 1 [0167.684] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0167.684] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874fc0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="fwpuclnt.dll") returned 0xc [0167.730] CoTaskMemFree (pv=0x6b19c0) [0167.730] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0167.731] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874fc0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\fwpuclnt.dll" (normalized: "c:\\windows\\system32\\fwpuclnt.dll")) returned 0x20 [0167.739] CoTaskMemFree (pv=0x6b0040) [0167.739] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875560000, lpmodinfo=0x27175c8, cb=0x18 | out: lpmodinfo=0x27175c8*(lpBaseOfDll=0x7ff875560000, SizeOfImage=0x14000, EntryPoint=0x7ff875562d50)) returned 1 [0167.749] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0167.749] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875560000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="rtutils.dll") returned 0xb [0167.762] CoTaskMemFree (pv=0x6b19c0) [0167.762] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0167.762] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875560000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\rtutils.dll" (normalized: "c:\\windows\\system32\\rtutils.dll")) returned 0x1f [0167.771] CoTaskMemFree (pv=0x6b2ac0) [0167.772] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff870370000, lpmodinfo=0x2719770, cb=0x18 | out: lpmodinfo=0x2719770*(lpBaseOfDll=0x7ff870370000, SizeOfImage=0x41000, EntryPoint=0x7ff870373750)) returned 1 [0167.781] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0167.782] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff870370000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="sqmapi.dll") returned 0xa [0167.794] CoTaskMemFree (pv=0x6b2ac0) [0167.794] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0167.794] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff870370000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sqmapi.dll" (normalized: "c:\\windows\\system32\\sqmapi.dll")) returned 0x1e [0167.804] CoTaskMemFree (pv=0x6b1140) [0167.804] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f6c0000, lpmodinfo=0x271b918, cb=0x18 | out: lpmodinfo=0x271b918*(lpBaseOfDll=0x7ff86f6c0000, SizeOfImage=0x25000, EntryPoint=0x7ff86f6c5ca0)) returned 1 [0167.813] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0167.813] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f6c0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="httpprxm.dll") returned 0xc [0167.822] CoTaskMemFree (pv=0x6b0040) [0167.822] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0167.823] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f6c0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\httpprxm.dll" (normalized: "c:\\windows\\system32\\httpprxm.dll")) returned 0x20 [0167.834] CoTaskMemFree (pv=0x6b0040) [0167.834] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f6a0000, lpmodinfo=0x271dad0, cb=0x18 | out: lpmodinfo=0x271dad0*(lpBaseOfDll=0x7ff86f6a0000, SizeOfImage=0x18000, EntryPoint=0x7ff86f6a4e10)) returned 1 [0167.843] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0167.843] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f6a0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="adhsvc.dll") returned 0xa [0167.853] CoTaskMemFree (pv=0x6b0040) [0167.853] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0167.853] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f6a0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\adhsvc.dll" (normalized: "c:\\windows\\system32\\adhsvc.dll")) returned 0x1e [0167.862] CoTaskMemFree (pv=0x6b0040) [0167.862] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff872410000, lpmodinfo=0x271fc78, cb=0x18 | out: lpmodinfo=0x271fc78*(lpBaseOfDll=0x7ff872410000, SizeOfImage=0x9000, EntryPoint=0x7ff8724121d0)) returned 1 [0167.871] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0167.871] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff872410000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="httpprxc.dll") returned 0xc [0167.881] CoTaskMemFree (pv=0x6b08c0) [0167.881] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0167.881] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff872410000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\httpprxc.dll" (normalized: "c:\\windows\\system32\\httpprxc.dll")) returned 0x20 [0167.891] CoTaskMemFree (pv=0x6b0040) [0167.891] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875270000, lpmodinfo=0x2721e30, cb=0x18 | out: lpmodinfo=0x2721e30*(lpBaseOfDll=0x7ff875270000, SizeOfImage=0x16000, EntryPoint=0x7ff8752719f0)) returned 1 [0167.901] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0167.901] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875270000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0167.911] CoTaskMemFree (pv=0x6b08c0) [0167.911] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0167.911] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875270000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0167.921] CoTaskMemFree (pv=0x6b08c0) [0167.921] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875250000, lpmodinfo=0x2723fe8, cb=0x18 | out: lpmodinfo=0x2723fe8*(lpBaseOfDll=0x7ff875250000, SizeOfImage=0x1a000, EntryPoint=0x7ff875252430)) returned 1 [0167.931] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0167.931] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875250000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0167.941] CoTaskMemFree (pv=0x6b2240) [0167.942] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0167.942] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875250000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0167.951] CoTaskMemFree (pv=0x6b0040) [0167.951] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f670000, lpmodinfo=0x27261a0, cb=0x18 | out: lpmodinfo=0x27261a0*(lpBaseOfDll=0x7ff86f670000, SizeOfImage=0x11000, EntryPoint=0x7ff86f671d30)) returned 1 [0167.961] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0167.961] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f670000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="SSCORE.DLL") returned 0xa [0167.972] CoTaskMemFree (pv=0x6b08c0) [0167.972] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0167.973] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f670000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSCORE.DLL" (normalized: "c:\\windows\\system32\\sscore.dll")) returned 0x1e [0167.982] CoTaskMemFree (pv=0x6b19c0) [0167.982] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f660000, lpmodinfo=0x2728348, cb=0x18 | out: lpmodinfo=0x2728348*(lpBaseOfDll=0x7ff86f660000, SizeOfImage=0x9000, EntryPoint=0x7ff86f6618f0)) returned 1 [0167.992] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0167.992] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f660000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="sscoreext.dll") returned 0xd [0168.002] CoTaskMemFree (pv=0x6b0040) [0168.002] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0168.002] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f660000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sscoreext.dll" (normalized: "c:\\windows\\system32\\sscoreext.dll")) returned 0x21 [0168.013] CoTaskMemFree (pv=0x6b2240) [0168.013] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f640000, lpmodinfo=0x272a500, cb=0x18 | out: lpmodinfo=0x272a500*(lpBaseOfDll=0x7ff86f640000, SizeOfImage=0x20000, EntryPoint=0x7ff86f641f50)) returned 1 [0168.023] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0168.023] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f640000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="mi.dll") returned 0x6 [0168.033] CoTaskMemFree (pv=0x6b3340) [0168.034] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0168.034] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f640000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mi.dll" (normalized: "c:\\windows\\system32\\mi.dll")) returned 0x1a [0168.045] CoTaskMemFree (pv=0x6b08c0) [0168.045] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f5e0000, lpmodinfo=0x272c698, cb=0x18 | out: lpmodinfo=0x272c698*(lpBaseOfDll=0x7ff86f5e0000, SizeOfImage=0x5e000, EntryPoint=0x7ff86f5e5080)) returned 1 [0168.055] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0168.055] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f5e0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="miutils.dll") returned 0xb [0168.065] CoTaskMemFree (pv=0x6b08c0) [0168.065] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0168.065] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f5e0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\miutils.dll" (normalized: "c:\\windows\\system32\\miutils.dll")) returned 0x1f [0168.075] CoTaskMemFree (pv=0x6b1140) [0168.075] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f5b0000, lpmodinfo=0x272e840, cb=0x18 | out: lpmodinfo=0x272e840*(lpBaseOfDll=0x7ff86f5b0000, SizeOfImage=0x2e000, EntryPoint=0x7ff86f5b2300)) returned 1 [0168.085] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0168.085] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f5b0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wmidcom.dll") returned 0xb [0168.096] CoTaskMemFree (pv=0x6b3340) [0168.096] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0168.096] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f5b0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wmidcom.dll" (normalized: "c:\\windows\\system32\\wmidcom.dll")) returned 0x1f [0168.108] CoTaskMemFree (pv=0x6b1140) [0168.108] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87bc10000, lpmodinfo=0x27309e8, cb=0x18 | out: lpmodinfo=0x27309e8*(lpBaseOfDll=0x7ff87bc10000, SizeOfImage=0xa000, EntryPoint=0x7ff87bc11830)) returned 1 [0168.119] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0168.119] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87bc10000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="DPAPI.DLL") returned 0x9 [0168.129] CoTaskMemFree (pv=0x6b19c0) [0168.129] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0168.129] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87bc10000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DPAPI.DLL" (normalized: "c:\\windows\\system32\\dpapi.dll")) returned 0x1d [0168.140] CoTaskMemFree (pv=0x6b19c0) [0168.141] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f550000, lpmodinfo=0x2732b90, cb=0x18 | out: lpmodinfo=0x2732b90*(lpBaseOfDll=0x7ff86f550000, SizeOfImage=0x52000, EntryPoint=0x7ff86f555770)) returned 1 [0168.151] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0168.151] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f550000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="RESUTILS.DLL") returned 0xc [0168.161] CoTaskMemFree (pv=0x6b2ac0) [0168.161] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0168.161] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f550000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RESUTILS.DLL" (normalized: "c:\\windows\\system32\\resutils.dll")) returned 0x20 [0168.175] CoTaskMemFree (pv=0x6b0040) [0168.175] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f4a0000, lpmodinfo=0x2734d48, cb=0x18 | out: lpmodinfo=0x2734d48*(lpBaseOfDll=0x7ff86f4a0000, SizeOfImage=0xa3000, EntryPoint=0x7ff86f4a2c10)) returned 1 [0168.186] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0168.186] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f4a0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="CLUSAPI.dll") returned 0xb [0168.196] CoTaskMemFree (pv=0x6b0040) [0168.196] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0168.196] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f4a0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CLUSAPI.dll" (normalized: "c:\\windows\\system32\\clusapi.dll")) returned 0x1f [0168.206] CoTaskMemFree (pv=0x6b08c0) [0168.206] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c130000, lpmodinfo=0x2736ef0, cb=0x18 | out: lpmodinfo=0x2736ef0*(lpBaseOfDll=0x7ff87c130000, SizeOfImage=0x27000, EntryPoint=0x7ff87c140aa0)) returned 1 [0168.216] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0168.216] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c130000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0168.227] CoTaskMemFree (pv=0x6b2ac0) [0168.227] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0168.227] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c130000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0168.251] CoTaskMemFree (pv=0x6b0040) [0168.251] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c0f0000, lpmodinfo=0x2739098, cb=0x18 | out: lpmodinfo=0x2739098*(lpBaseOfDll=0x7ff87c0f0000, SizeOfImage=0x3a000, EntryPoint=0x7ff87c0f8d20)) returned 1 [0168.261] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0168.262] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c0f0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0168.303] CoTaskMemFree (pv=0x6b08c0) [0168.303] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0168.303] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c0f0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0168.329] CoTaskMemFree (pv=0x6b08c0) [0168.329] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f3b0000, lpmodinfo=0x273ba58, cb=0x18 | out: lpmodinfo=0x273ba58*(lpBaseOfDll=0x7ff86f3b0000, SizeOfImage=0x79000, EntryPoint=0x7ff86f3b76a0)) returned 1 [0168.339] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0168.340] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f3b0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="NetSetupShim.dll") returned 0x10 [0168.352] CoTaskMemFree (pv=0x6b1140) [0168.352] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0168.352] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f3b0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll")) returned 0x24 [0168.363] CoTaskMemFree (pv=0x6b1140) [0168.363] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f390000, lpmodinfo=0x273dc20, cb=0x18 | out: lpmodinfo=0x273dc20*(lpBaseOfDll=0x7ff86f390000, SizeOfImage=0x1f000, EntryPoint=0x7ff86f3937e0)) returned 1 [0168.373] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0168.373] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f390000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="NetSetupApi.dll") returned 0xf [0168.384] CoTaskMemFree (pv=0x6b0040) [0168.384] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0168.385] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f390000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll")) returned 0x23 [0168.395] CoTaskMemFree (pv=0x6b2ac0) [0168.395] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f240000, lpmodinfo=0x273fdd8, cb=0x18 | out: lpmodinfo=0x273fdd8*(lpBaseOfDll=0x7ff86f240000, SizeOfImage=0x42000, EntryPoint=0x7ff86f243670)) returned 1 [0168.406] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0168.406] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f240000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="WDSCORE.dll") returned 0xb [0168.417] CoTaskMemFree (pv=0x6b2240) [0168.418] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0168.418] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f240000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\WDSCORE.dll" (normalized: "c:\\windows\\system32\\wdscore.dll")) returned 0x1f [0168.429] CoTaskMemFree (pv=0x6b2240) [0168.429] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f100000, lpmodinfo=0x2741f80, cb=0x18 | out: lpmodinfo=0x2741f80*(lpBaseOfDll=0x7ff86f100000, SizeOfImage=0x47000, EntryPoint=0x7ff86f101d10)) returned 1 [0168.440] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0168.440] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f100000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ACTIVEDS.dll") returned 0xc [0168.451] CoTaskMemFree (pv=0x6b0040) [0168.451] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0168.451] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f100000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ACTIVEDS.dll" (normalized: "c:\\windows\\system32\\activeds.dll")) returned 0x20 [0168.462] CoTaskMemFree (pv=0x6b0040) [0168.462] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f0c0000, lpmodinfo=0x2744138, cb=0x18 | out: lpmodinfo=0x2744138*(lpBaseOfDll=0x7ff86f0c0000, SizeOfImage=0x40000, EntryPoint=0x7ff86f0ccbe0)) returned 1 [0168.473] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0168.473] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f0c0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="adsldpc.dll") returned 0xb [0168.484] CoTaskMemFree (pv=0x6b3340) [0168.484] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0168.484] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f0c0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\adsldpc.dll" (normalized: "c:\\windows\\system32\\adsldpc.dll")) returned 0x1f [0168.502] CoTaskMemFree (pv=0x6b2ac0) [0168.503] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d0a0000, lpmodinfo=0x27462e0, cb=0x18 | out: lpmodinfo=0x27462e0*(lpBaseOfDll=0x7ff87d0a0000, SizeOfImage=0x17000, EntryPoint=0x7ff87d0a1390)) returned 1 [0168.514] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0168.515] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d0a0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="NETAPI32.DLL") returned 0xc [0168.525] CoTaskMemFree (pv=0x6b2240) [0168.526] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0168.526] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d0a0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NETAPI32.DLL" (normalized: "c:\\windows\\system32\\netapi32.dll")) returned 0x20 [0168.537] CoTaskMemFree (pv=0x6b2ac0) [0168.537] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff870dc0000, lpmodinfo=0x2748498, cb=0x18 | out: lpmodinfo=0x2748498*(lpBaseOfDll=0x7ff870dc0000, SizeOfImage=0xc000, EntryPoint=0x7ff870dc35c0)) returned 1 [0168.547] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0168.548] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff870dc0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="SECUR32.DLL") returned 0xb [0168.559] CoTaskMemFree (pv=0x6b08c0) [0168.559] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0168.559] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff870dc0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SECUR32.DLL" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0168.571] CoTaskMemFree (pv=0x6b08c0) [0168.571] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8744b0000, lpmodinfo=0x274a640, cb=0x18 | out: lpmodinfo=0x274a640*(lpBaseOfDll=0x7ff8744b0000, SizeOfImage=0x12000, EntryPoint=0x7ff8744b3580)) returned 1 [0168.581] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0168.582] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8744b0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="cscapi.dll") returned 0xa [0168.593] CoTaskMemFree (pv=0x6b2240) [0168.593] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0168.593] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8744b0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")) returned 0x1e [0168.604] CoTaskMemFree (pv=0x6b2240) [0168.604] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87b030000, lpmodinfo=0x274c7e8, cb=0x18 | out: lpmodinfo=0x274c7e8*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0168.615] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0168.615] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87b030000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0168.626] CoTaskMemFree (pv=0x6b3340) [0168.627] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0168.627] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87b030000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0168.638] CoTaskMemFree (pv=0x6b08c0) [0168.639] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874830000, lpmodinfo=0x274e990, cb=0x18 | out: lpmodinfo=0x274e990*(lpBaseOfDll=0x7ff874830000, SizeOfImage=0xa000, EntryPoint=0x7ff8748314c0)) returned 1 [0168.649] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0168.650] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874830000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0168.661] CoTaskMemFree (pv=0x6b3340) [0168.661] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0168.662] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874830000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0168.673] CoTaskMemFree (pv=0x6b19c0) [0168.673] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86efe0000, lpmodinfo=0x2750b48, cb=0x18 | out: lpmodinfo=0x2750b48*(lpBaseOfDll=0x7ff86efe0000, SizeOfImage=0x82000, EntryPoint=0x7ff86efe2a10)) returned 1 [0168.684] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0168.685] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86efe0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="hnetcfg.dll") returned 0xb [0168.696] CoTaskMemFree (pv=0x6b3340) [0168.696] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0168.696] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86efe0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\hnetcfg.dll" (normalized: "c:\\windows\\system32\\hnetcfg.dll")) returned 0x1f [0168.709] CoTaskMemFree (pv=0x6b1140) [0168.709] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86efc0000, lpmodinfo=0x2752cf0, cb=0x18 | out: lpmodinfo=0x2752cf0*(lpBaseOfDll=0x7ff86efc0000, SizeOfImage=0x1e000, EntryPoint=0x7ff86efc3a40)) returned 1 [0168.720] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0168.720] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86efc0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="ATL.DLL") returned 0x7 [0168.731] CoTaskMemFree (pv=0x6b2ac0) [0168.732] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0168.732] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86efc0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ATL.DLL" (normalized: "c:\\windows\\system32\\atl.dll")) returned 0x1b [0168.749] CoTaskMemFree (pv=0x6b3340) [0168.749] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86efa0000, lpmodinfo=0x2754e88, cb=0x18 | out: lpmodinfo=0x2754e88*(lpBaseOfDll=0x7ff86efa0000, SizeOfImage=0x11000, EntryPoint=0x7ff86efa2fc0)) returned 1 [0168.761] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0168.762] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86efa0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wbemprox.dll") returned 0xc [0168.773] CoTaskMemFree (pv=0x6b2ac0) [0168.773] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0168.774] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86efa0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemprox.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemprox.dll")) returned 0x25 [0168.787] CoTaskMemFree (pv=0x6b3340) [0168.787] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8706b0000, lpmodinfo=0x2757048, cb=0x18 | out: lpmodinfo=0x2757048*(lpBaseOfDll=0x7ff8706b0000, SizeOfImage=0x182000, EntryPoint=0x7ff8706c82a0)) returned 1 [0168.799] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0168.799] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8706b0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="VSSAPI.DLL") returned 0xa [0168.810] CoTaskMemFree (pv=0x6b19c0) [0168.811] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0168.811] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8706b0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VSSAPI.DLL" (normalized: "c:\\windows\\system32\\vssapi.dll")) returned 0x1e [0168.824] CoTaskMemFree (pv=0x6b1140) [0168.824] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff870690000, lpmodinfo=0x27591f0, cb=0x18 | out: lpmodinfo=0x27591f0*(lpBaseOfDll=0x7ff870690000, SizeOfImage=0x18000, EntryPoint=0x7ff870692000)) returned 1 [0168.835] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0168.835] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff870690000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="VssTrace.DLL") returned 0xc [0168.847] CoTaskMemFree (pv=0x6b1140) [0168.847] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0168.848] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff870690000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VssTrace.DLL" (normalized: "c:\\windows\\system32\\vsstrace.dll")) returned 0x20 [0168.861] CoTaskMemFree (pv=0x6b2ac0) [0168.861] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875a10000, lpmodinfo=0x275b3a8, cb=0x18 | out: lpmodinfo=0x275b3a8*(lpBaseOfDll=0x7ff875a10000, SizeOfImage=0x19000, EntryPoint=0x7ff875a14520)) returned 1 [0168.943] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0168.943] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875a10000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="samcli.dll") returned 0xa [0168.962] CoTaskMemFree (pv=0x6b0040) [0168.962] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0168.962] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875a10000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")) returned 0x1e [0168.974] CoTaskMemFree (pv=0x6b1140) [0168.974] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86ef10000, lpmodinfo=0x275d550, cb=0x18 | out: lpmodinfo=0x275d550*(lpBaseOfDll=0x7ff86ef10000, SizeOfImage=0xf000, EntryPoint=0x7ff86ef14960)) returned 1 [0168.986] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0168.986] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86ef10000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="NCI.dll") returned 0x7 [0168.998] CoTaskMemFree (pv=0x6b0040) [0168.998] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0168.998] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86ef10000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\NCI.dll" (normalized: "c:\\windows\\system32\\nci.dll")) returned 0x1b [0169.014] CoTaskMemFree (pv=0x6b08c0) [0169.014] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86eb10000, lpmodinfo=0x275f6e8, cb=0x18 | out: lpmodinfo=0x275f6e8*(lpBaseOfDll=0x7ff86eb10000, SizeOfImage=0x137000, EntryPoint=0x7ff86eb50480)) returned 1 [0169.026] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0169.026] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86eb10000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wbemcore.dll") returned 0xc [0169.039] CoTaskMemFree (pv=0x6b2240) [0169.039] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0169.040] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86eb10000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemcore.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemcore.dll")) returned 0x25 [0169.052] CoTaskMemFree (pv=0x6b2ac0) [0169.052] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86ea90000, lpmodinfo=0x27618a8, cb=0x18 | out: lpmodinfo=0x27618a8*(lpBaseOfDll=0x7ff86ea90000, SizeOfImage=0x74000, EntryPoint=0x7ff86eaa5eb0)) returned 1 [0169.065] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0169.066] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86ea90000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="esscli.dll") returned 0xa [0169.078] CoTaskMemFree (pv=0x6b19c0) [0169.078] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0169.078] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86ea90000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\esscli.dll" (normalized: "c:\\windows\\system32\\wbem\\esscli.dll")) returned 0x23 [0169.090] CoTaskMemFree (pv=0x6b3340) [0169.090] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86e990000, lpmodinfo=0x2763a58, cb=0x18 | out: lpmodinfo=0x2763a58*(lpBaseOfDll=0x7ff86e990000, SizeOfImage=0xf6000, EntryPoint=0x7ff86e9c9590)) returned 1 [0169.105] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0169.105] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86e990000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="FastProx.dll") returned 0xc [0169.117] CoTaskMemFree (pv=0x6b3340) [0169.117] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0169.117] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86e990000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\FastProx.dll" (normalized: "c:\\windows\\system32\\wbem\\fastprox.dll")) returned 0x25 [0169.130] CoTaskMemFree (pv=0x6b2ac0) [0169.130] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86e970000, lpmodinfo=0x2765c18, cb=0x18 | out: lpmodinfo=0x2765c18*(lpBaseOfDll=0x7ff86e970000, SizeOfImage=0x14000, EntryPoint=0x7ff86e971800)) returned 1 [0169.148] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0169.148] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86e970000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wbemsvc.dll") returned 0xb [0169.161] CoTaskMemFree (pv=0x6b0040) [0169.161] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0169.162] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86e970000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemsvc.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemsvc.dll")) returned 0x24 [0169.174] CoTaskMemFree (pv=0x6b3340) [0169.174] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86e940000, lpmodinfo=0x2767dd0, cb=0x18 | out: lpmodinfo=0x2767dd0*(lpBaseOfDll=0x7ff86e940000, SizeOfImage=0x25000, EntryPoint=0x7ff86e949900)) returned 1 [0169.187] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0169.187] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86e940000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wmiutils.dll") returned 0xc [0169.200] CoTaskMemFree (pv=0x6b0040) [0169.200] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0169.200] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86e940000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiutils.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiutils.dll")) returned 0x25 [0169.213] CoTaskMemFree (pv=0x6b0040) [0169.213] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86e8d0000, lpmodinfo=0x2769f90, cb=0x18 | out: lpmodinfo=0x2769f90*(lpBaseOfDll=0x7ff86e8d0000, SizeOfImage=0x64000, EntryPoint=0x7ff86e8ebed0)) returned 1 [0169.225] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0169.225] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86e8d0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="repdrvfs.dll") returned 0xc [0169.251] CoTaskMemFree (pv=0x6b08c0) [0169.251] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0169.252] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86e8d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\repdrvfs.dll" (normalized: "c:\\windows\\system32\\wbem\\repdrvfs.dll")) returned 0x25 [0169.266] CoTaskMemFree (pv=0x6b2ac0) [0169.266] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86e6d0000, lpmodinfo=0x276c150, cb=0x18 | out: lpmodinfo=0x276c150*(lpBaseOfDll=0x7ff86e6d0000, SizeOfImage=0xd000, EntryPoint=0x7ff86e6d1420)) returned 1 [0169.279] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0169.279] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86e6d0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="winrnr.dll") returned 0xa [0169.291] CoTaskMemFree (pv=0x6b3340) [0169.292] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0169.292] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86e6d0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\winrnr.dll" (normalized: "c:\\windows\\system32\\winrnr.dll")) returned 0x1e [0169.305] CoTaskMemFree (pv=0x6b3340) [0169.305] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86e6b0000, lpmodinfo=0x276e2f8, cb=0x18 | out: lpmodinfo=0x276e2f8*(lpBaseOfDll=0x7ff86e6b0000, SizeOfImage=0x1a000, EntryPoint=0x7ff86e6b2330)) returned 1 [0169.317] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0169.317] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86e6b0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="pnrpnsp.dll") returned 0xb [0169.330] CoTaskMemFree (pv=0x6b08c0) [0169.330] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0169.330] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86e6b0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\pnrpnsp.dll" (normalized: "c:\\windows\\system32\\pnrpnsp.dll")) returned 0x1f [0169.361] CoTaskMemFree (pv=0x6b08c0) [0169.361] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86e690000, lpmodinfo=0x27704a0, cb=0x18 | out: lpmodinfo=0x27704a0*(lpBaseOfDll=0x7ff86e690000, SizeOfImage=0x16000, EntryPoint=0x7ff86e691af0)) returned 1 [0169.374] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0169.374] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86e690000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="napinsp.dll") returned 0xb [0169.393] CoTaskMemFree (pv=0x6b2240) [0169.394] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0169.394] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86e690000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\napinsp.dll" (normalized: "c:\\windows\\system32\\napinsp.dll")) returned 0x1f [0169.406] CoTaskMemFree (pv=0x6b19c0) [0169.406] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86e5b0000, lpmodinfo=0x2772648, cb=0x18 | out: lpmodinfo=0x2772648*(lpBaseOfDll=0x7ff86e5b0000, SizeOfImage=0xd6000, EntryPoint=0x7ff86e5da800)) returned 1 [0169.419] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0169.419] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86e5b0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wmiprvsd.dll") returned 0xc [0169.433] CoTaskMemFree (pv=0x6b3340) [0169.433] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0169.433] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86e5b0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wmiprvsd.dll" (normalized: "c:\\windows\\system32\\wbem\\wmiprvsd.dll")) returned 0x25 [0169.446] CoTaskMemFree (pv=0x6b0040) [0169.446] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86e590000, lpmodinfo=0x2774808, cb=0x18 | out: lpmodinfo=0x2774808*(lpBaseOfDll=0x7ff86e590000, SizeOfImage=0x16000, EntryPoint=0x7ff86e5955e0)) returned 1 [0169.459] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0169.459] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86e590000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="NCObjAPI.DLL") returned 0xc [0169.480] CoTaskMemFree (pv=0x6b3340) [0169.480] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0169.480] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86e590000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NCObjAPI.DLL" (normalized: "c:\\windows\\system32\\ncobjapi.dll")) returned 0x20 [0169.500] CoTaskMemFree (pv=0x6b1140) [0169.500] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86e400000, lpmodinfo=0x27769c0, cb=0x18 | out: lpmodinfo=0x27769c0*(lpBaseOfDll=0x7ff86e400000, SizeOfImage=0x84000, EntryPoint=0x7ff86e418d50)) returned 1 [0169.514] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0169.515] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86e400000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wbemess.dll") returned 0xb [0169.527] CoTaskMemFree (pv=0x6b1140) [0169.527] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0169.527] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86e400000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\wbemess.dll" (normalized: "c:\\windows\\system32\\wbem\\wbemess.dll")) returned 0x24 [0169.540] CoTaskMemFree (pv=0x6b0040) [0169.540] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86e3e0000, lpmodinfo=0x2778b78, cb=0x18 | out: lpmodinfo=0x2778b78*(lpBaseOfDll=0x7ff86e3e0000, SizeOfImage=0x11000, EntryPoint=0x7ff86e3e7480)) returned 1 [0169.553] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0169.553] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86e3e0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="TetheringClient.dll") returned 0x13 [0169.567] CoTaskMemFree (pv=0x6b0040) [0169.567] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0169.568] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86e3e0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\TetheringClient.dll" (normalized: "c:\\windows\\system32\\tetheringclient.dll")) returned 0x27 [0169.582] CoTaskMemFree (pv=0x6b2240) [0169.582] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff872420000, lpmodinfo=0x277ad40, cb=0x18 | out: lpmodinfo=0x277ad40*(lpBaseOfDll=0x7ff872420000, SizeOfImage=0x35000, EntryPoint=0x7ff87242a270)) returned 1 [0169.595] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0169.596] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff872420000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="FWPolicyIOMgr.dll") returned 0x11 [0169.609] CoTaskMemFree (pv=0x6b3340) [0169.609] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0169.609] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff872420000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\FWPolicyIOMgr.dll" (normalized: "c:\\windows\\system32\\fwpolicyiomgr.dll")) returned 0x25 [0169.622] CoTaskMemFree (pv=0x6b0040) [0169.622] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86d180000, lpmodinfo=0x277cf08, cb=0x18 | out: lpmodinfo=0x277cf08*(lpBaseOfDll=0x7ff86d180000, SizeOfImage=0x80000, EntryPoint=0x7ff86d1ad280)) returned 1 [0169.635] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0169.635] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86d180000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0169.649] CoTaskMemFree (pv=0x6b0040) [0169.649] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0169.649] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86d180000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")) returned 0x1d [0169.662] CoTaskMemFree (pv=0x6b1140) [0169.662] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87bb10000, lpmodinfo=0x277f0b0, cb=0x18 | out: lpmodinfo=0x277f0b0*(lpBaseOfDll=0x7ff87bb10000, SizeOfImage=0x7a000, EntryPoint=0x7ff87bb31a50)) returned 1 [0169.677] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0169.677] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87bb10000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0169.690] CoTaskMemFree (pv=0x6b19c0) [0169.691] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0169.691] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87bb10000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0169.704] CoTaskMemFree (pv=0x6b1140) [0169.704] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c8b0000, lpmodinfo=0x2781268, cb=0x18 | out: lpmodinfo=0x2781268*(lpBaseOfDll=0x7ff86c8b0000, SizeOfImage=0x14000, EntryPoint=0x7ff86c8b3710)) returned 1 [0169.717] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0169.717] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c8b0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0169.740] CoTaskMemFree (pv=0x6b08c0) [0169.740] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0169.740] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c8b0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0169.754] CoTaskMemFree (pv=0x6b1140) [0169.755] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c960000, lpmodinfo=0x2783430, cb=0x18 | out: lpmodinfo=0x2783430*(lpBaseOfDll=0x7ff86c960000, SizeOfImage=0x1e000, EntryPoint=0x7ff86c96ef80)) returned 1 [0169.769] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0169.769] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c960000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0169.783] CoTaskMemFree (pv=0x6b1140) [0169.783] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0169.783] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c960000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0169.795] CoTaskMemFree (pv=0x6b2240) [0169.796] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8736c0000, lpmodinfo=0x27855e8, cb=0x18 | out: lpmodinfo=0x27855e8*(lpBaseOfDll=0x7ff8736c0000, SizeOfImage=0x2a3000, EntryPoint=0x7ff8736e6190)) returned 1 [0169.810] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0169.810] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8736c0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="Windows.StateRepository.dll") returned 0x1b [0169.824] CoTaskMemFree (pv=0x6b3340) [0169.824] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0169.824] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8736c0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")) returned 0x2f [0169.838] CoTaskMemFree (pv=0x6b0040) [0169.838] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff873620000, lpmodinfo=0x27877d0, cb=0x18 | out: lpmodinfo=0x27877d0*(lpBaseOfDll=0x7ff873620000, SizeOfImage=0x94000, EntryPoint=0x7ff873659210)) returned 1 [0169.852] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0169.852] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff873620000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="StateRepository.Core.dll") returned 0x18 [0169.865] CoTaskMemFree (pv=0x6b2240) [0169.865] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0169.865] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff873620000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")) returned 0x2c [0169.881] CoTaskMemFree (pv=0x6b2ac0) [0169.881] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86d220000, lpmodinfo=0x27899b8, cb=0x18 | out: lpmodinfo=0x27899b8*(lpBaseOfDll=0x7ff86d220000, SizeOfImage=0x14000, EntryPoint=0x7ff86d225080)) returned 1 [0169.895] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0169.895] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86d220000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="Windows.StateRepositoryBroker.dll") returned 0x21 [0169.909] CoTaskMemFree (pv=0x6b2ac0) [0169.909] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0169.910] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86d220000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.StateRepositoryBroker.dll" (normalized: "c:\\windows\\system32\\windows.staterepositorybroker.dll")) returned 0x35 [0169.930] CoTaskMemFree (pv=0x6b2ac0) [0169.931] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff877aa0000, lpmodinfo=0x278bbc0, cb=0x18 | out: lpmodinfo=0x278bbc0*(lpBaseOfDll=0x7ff877aa0000, SizeOfImage=0x10e000, EntryPoint=0x7ff877aeeaa0)) returned 1 [0169.948] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0169.948] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff877aa0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="mrmcorer.dll") returned 0xc [0169.962] CoTaskMemFree (pv=0x6b3340) [0169.962] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0169.962] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff877aa0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mrmcorer.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")) returned 0x20 [0169.977] CoTaskMemFree (pv=0x6b3340) [0169.977] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8764e0000, lpmodinfo=0x278dd78, cb=0x18 | out: lpmodinfo=0x278dd78*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0169.996] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0169.997] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8764e0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0170.011] CoTaskMemFree (pv=0x6b3340) [0170.011] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0170.011] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8764e0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0170.027] CoTaskMemFree (pv=0x6b19c0) [0170.028] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8779f0000, lpmodinfo=0x278ff30, cb=0x18 | out: lpmodinfo=0x278ff30*(lpBaseOfDll=0x7ff8779f0000, SizeOfImage=0xa9000, EntryPoint=0x7ff877a19010)) returned 1 [0170.042] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0170.042] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8779f0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="Windows.UI.dll") returned 0xe [0170.056] CoTaskMemFree (pv=0x6b2ac0) [0170.056] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0170.056] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8779f0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll")) returned 0x22 [0170.071] CoTaskMemFree (pv=0x6b2ac0) [0170.071] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87a130000, lpmodinfo=0x27920e8, cb=0x18 | out: lpmodinfo=0x27920e8*(lpBaseOfDll=0x7ff87a130000, SizeOfImage=0x67000, EntryPoint=0x7ff87a14e710)) returned 1 [0170.086] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0170.087] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87a130000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="Bcp47Langs.dll") returned 0xe [0170.103] CoTaskMemFree (pv=0x6b3340) [0170.103] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0170.103] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87a130000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Bcp47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")) returned 0x22 [0170.116] CoTaskMemFree (pv=0x6b1140) [0170.116] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c730000, lpmodinfo=0x27942a0, cb=0x18 | out: lpmodinfo=0x27942a0*(lpBaseOfDll=0x7ff86c730000, SizeOfImage=0x2f000, EntryPoint=0x7ff86c73ec60)) returned 1 [0170.130] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0170.131] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c730000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="cryptnet.dll") returned 0xc [0170.145] CoTaskMemFree (pv=0x6b3340) [0170.145] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0170.145] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c730000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cryptnet.dll" (normalized: "c:\\windows\\system32\\cryptnet.dll")) returned 0x20 [0170.159] CoTaskMemFree (pv=0x6b08c0) [0170.159] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c8d0000, lpmodinfo=0x2796458, cb=0x18 | out: lpmodinfo=0x2796458*(lpBaseOfDll=0x7ff86c8d0000, SizeOfImage=0x28000, EntryPoint=0x7ff86c8defc0)) returned 1 [0170.174] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0170.174] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c8d0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="dssenh.dll") returned 0xa [0170.193] CoTaskMemFree (pv=0x6b08c0) [0170.193] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0170.193] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c8d0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dssenh.dll" (normalized: "c:\\windows\\system32\\dssenh.dll")) returned 0x1e [0170.207] CoTaskMemFree (pv=0x6b19c0) [0170.208] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8782f0000, lpmodinfo=0x2798600, cb=0x18 | out: lpmodinfo=0x2798600*(lpBaseOfDll=0x7ff8782f0000, SizeOfImage=0x1f000, EntryPoint=0x7ff8782f4960)) returned 1 [0170.222] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0170.222] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8782f0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ncprov.dll") returned 0xa [0170.247] CoTaskMemFree (pv=0x6b2240) [0170.247] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0170.247] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8782f0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wbem\\ncprov.dll" (normalized: "c:\\windows\\system32\\wbem\\ncprov.dll")) returned 0x23 [0170.262] CoTaskMemFree (pv=0x6b2ac0) [0170.263] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878330000, lpmodinfo=0x279a7b0, cb=0x18 | out: lpmodinfo=0x279a7b0*(lpBaseOfDll=0x7ff878330000, SizeOfImage=0xae000, EntryPoint=0x7ff8783480c0)) returned 1 [0170.278] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0170.278] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878330000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="Windows.Networking.Connectivity.dll") returned 0x23 [0170.293] CoTaskMemFree (pv=0x6b2240) [0170.294] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0170.294] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878330000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")) returned 0x37 [0170.308] CoTaskMemFree (pv=0x6b2ac0) [0170.309] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874ab0000, lpmodinfo=0x279c9b8, cb=0x18 | out: lpmodinfo=0x279c9b8*(lpBaseOfDll=0x7ff874ab0000, SizeOfImage=0x15000, EntryPoint=0x7ff874ab2dc0)) returned 1 [0170.324] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0170.324] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874ab0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ondemandconnroutehelper.dll") returned 0x1b [0170.338] CoTaskMemFree (pv=0x6b1140) [0170.338] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0170.338] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874ab0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ondemandconnroutehelper.dll" (normalized: "c:\\windows\\system32\\ondemandconnroutehelper.dll")) returned 0x2f [0170.353] CoTaskMemFree (pv=0x6b1140) [0170.353] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86d310000, lpmodinfo=0x279eba0, cb=0x18 | out: lpmodinfo=0x279eba0*(lpBaseOfDll=0x7ff86d310000, SizeOfImage=0x16000, EntryPoint=0x7ff86d311d50)) returned 1 [0170.368] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0170.368] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86d310000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wwapi.dll") returned 0x9 [0170.383] CoTaskMemFree (pv=0x6b3340) [0170.384] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0170.384] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86d310000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll")) returned 0x1d [0170.399] CoTaskMemFree (pv=0x6b08c0) [0170.399] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff865ab0000, lpmodinfo=0x27a0d48, cb=0x18 | out: lpmodinfo=0x27a0d48*(lpBaseOfDll=0x7ff865ab0000, SizeOfImage=0x11d000, EntryPoint=0x7ff865adfe60)) returned 1 [0170.414] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0170.414] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff865ab0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="qmgr.dll") returned 0x8 [0170.428] CoTaskMemFree (pv=0x6b08c0) [0170.428] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0170.428] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff865ab0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\qmgr.dll" (normalized: "c:\\windows\\system32\\qmgr.dll")) returned 0x1c [0170.443] CoTaskMemFree (pv=0x6b1140) [0170.443] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875a30000, lpmodinfo=0x27a2ef0, cb=0x18 | out: lpmodinfo=0x27a2ef0*(lpBaseOfDll=0x7ff875a30000, SizeOfImage=0xb000, EntryPoint=0x7ff875a31de0)) returned 1 [0170.457] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0170.458] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875a30000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="bitsperf.dll") returned 0xc [0170.473] CoTaskMemFree (pv=0x6b2ac0) [0170.474] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0170.474] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875a30000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\bitsperf.dll" (normalized: "c:\\windows\\system32\\bitsperf.dll")) returned 0x20 [0170.489] CoTaskMemFree (pv=0x6b0040) [0170.489] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff865a90000, lpmodinfo=0x27a50a8, cb=0x18 | out: lpmodinfo=0x27a50a8*(lpBaseOfDll=0x7ff865a90000, SizeOfImage=0x14000, EntryPoint=0x7ff865a92a00)) returned 1 [0170.511] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0170.511] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff865a90000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="bitsigd.dll") returned 0xb [0170.525] CoTaskMemFree (pv=0x6b08c0) [0170.525] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0170.526] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff865a90000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bitsigd.dll" (normalized: "c:\\windows\\system32\\bitsigd.dll")) returned 0x1f [0170.540] CoTaskMemFree (pv=0x6b3340) [0170.540] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff865a20000, lpmodinfo=0x27a7250, cb=0x18 | out: lpmodinfo=0x27a7250*(lpBaseOfDll=0x7ff865a20000, SizeOfImage=0x67000, EntryPoint=0x7ff865a2b160)) returned 1 [0170.556] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0170.556] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff865a20000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="upnp.dll") returned 0x8 [0170.570] CoTaskMemFree (pv=0x6b08c0) [0170.571] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0170.571] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff865a20000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\upnp.dll" (normalized: "c:\\windows\\system32\\upnp.dll")) returned 0x1c [0170.587] CoTaskMemFree (pv=0x6b2240) [0170.587] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874d60000, lpmodinfo=0x27a93f8, cb=0x18 | out: lpmodinfo=0x27a93f8*(lpBaseOfDll=0x7ff874d60000, SizeOfImage=0x15000, EntryPoint=0x7ff874d63460)) returned 1 [0170.602] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0170.602] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874d60000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="SSDPAPI.dll") returned 0xb [0170.618] CoTaskMemFree (pv=0x6b08c0) [0170.618] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0170.618] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874d60000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SSDPAPI.dll" (normalized: "c:\\windows\\system32\\ssdpapi.dll")) returned 0x1f [0170.632] CoTaskMemFree (pv=0x6b2240) [0170.633] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86d2d0000, lpmodinfo=0x27ab5a0, cb=0x18 | out: lpmodinfo=0x27ab5a0*(lpBaseOfDll=0x7ff86d2d0000, SizeOfImage=0x36000, EntryPoint=0x7ff86d2d27f0)) returned 1 [0170.646] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0170.646] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86d2d0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="Windows.Networking.HostName.dll") returned 0x1f [0170.661] CoTaskMemFree (pv=0x6b0040) [0170.661] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0170.662] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86d2d0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll")) returned 0x33 [0170.676] CoTaskMemFree (pv=0x6b1140) [0170.676] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff865920000, lpmodinfo=0x27ad798, cb=0x18 | out: lpmodinfo=0x27ad798*(lpBaseOfDll=0x7ff865920000, SizeOfImage=0x46000, EntryPoint=0x7ff8659279a0)) returned 1 [0170.693] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0170.693] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff865920000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="adsldp.dll") returned 0xa [0170.707] CoTaskMemFree (pv=0x6b1140) [0170.707] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0170.708] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff865920000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\adsldp.dll" (normalized: "c:\\windows\\system32\\adsldp.dll")) returned 0x1e [0170.723] CoTaskMemFree (pv=0x6b19c0) [0170.723] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87b0e0000, lpmodinfo=0x27af940, cb=0x18 | out: lpmodinfo=0x27af940*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0170.744] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0170.744] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87b0e0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0170.760] CoTaskMemFree (pv=0x6b0040) [0170.760] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0170.761] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87b0e0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0170.775] CoTaskMemFree (pv=0x6b19c0) [0170.775] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff864130000, lpmodinfo=0x25c1ab8, cb=0x18 | out: lpmodinfo=0x25c1ab8*(lpBaseOfDll=0x7ff864130000, SizeOfImage=0x10f000, EntryPoint=0x7ff86416c010)) returned 1 [0170.791] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0170.792] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff864130000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="dosvc.dll") returned 0x9 [0170.807] CoTaskMemFree (pv=0x6b2240) [0170.807] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0170.807] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff864130000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\dosvc.dll" (normalized: "c:\\windows\\system32\\dosvc.dll")) returned 0x1d [0170.822] CoTaskMemFree (pv=0x6b0040) [0170.822] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875860000, lpmodinfo=0x25c3c60, cb=0x18 | out: lpmodinfo=0x25c3c60*(lpBaseOfDll=0x7ff875860000, SizeOfImage=0x93000, EntryPoint=0x7ff875869680)) returned 1 [0170.838] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0170.838] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875860000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="msvcp_win.dll") returned 0xd [0170.853] CoTaskMemFree (pv=0x6b2ac0) [0170.853] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0170.853] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875860000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\msvcp_win.dll" (normalized: "c:\\windows\\system32\\msvcp_win.dll")) returned 0x21 [0170.869] CoTaskMemFree (pv=0x6b1140) [0170.869] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff870d80000, lpmodinfo=0x25c5e18, cb=0x18 | out: lpmodinfo=0x25c5e18*(lpBaseOfDll=0x7ff870d80000, SizeOfImage=0xa000, EntryPoint=0x7ff870d81350)) returned 1 [0170.884] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0170.884] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff870d80000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0170.901] CoTaskMemFree (pv=0x6b2ac0) [0170.902] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0170.902] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff870d80000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0170.917] CoTaskMemFree (pv=0x6b19c0) [0170.917] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff863f10000, lpmodinfo=0x25c7fc0, cb=0x18 | out: lpmodinfo=0x25c7fc0*(lpBaseOfDll=0x7ff863f10000, SizeOfImage=0x12000, EntryPoint=0x7ff863f11a80)) returned 1 [0170.933] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0170.933] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff863f10000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="BitsProxy.dll") returned 0xd [0170.948] CoTaskMemFree (pv=0x6b1140) [0170.948] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0170.948] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff863f10000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\BitsProxy.dll" (normalized: "c:\\windows\\system32\\bitsproxy.dll")) returned 0x21 [0170.963] CoTaskMemFree (pv=0x6b08c0) [0170.963] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff863bc0000, lpmodinfo=0x25ca178, cb=0x18 | out: lpmodinfo=0x25ca178*(lpBaseOfDll=0x7ff863bc0000, SizeOfImage=0x2b0000, EntryPoint=0x7ff863bc1cf0)) returned 1 [0170.980] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0170.981] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff863bc0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="netshell.dll") returned 0xc [0170.999] CoTaskMemFree (pv=0x6b2ac0) [0171.000] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0171.000] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff863bc0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netshell.dll" (normalized: "c:\\windows\\system32\\netshell.dll")) returned 0x20 [0171.015] CoTaskMemFree (pv=0x6b0040) [0171.015] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff862050000, lpmodinfo=0x25cc330, cb=0x18 | out: lpmodinfo=0x25cc330*(lpBaseOfDll=0x7ff862050000, SizeOfImage=0x200000, EntryPoint=0x7ff8620c5240)) returned 1 [0171.031] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0171.031] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff862050000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wlidsvc.dll") returned 0xb [0171.048] CoTaskMemFree (pv=0x6b2ac0) [0171.048] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0171.048] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff862050000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\wlidsvc.dll" (normalized: "c:\\windows\\system32\\wlidsvc.dll")) returned 0x1f [0171.063] CoTaskMemFree (pv=0x6b2ac0) [0171.064] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff873970000, lpmodinfo=0x25ce4d8, cb=0x18 | out: lpmodinfo=0x25ce4d8*(lpBaseOfDll=0x7ff873970000, SizeOfImage=0x16000, EntryPoint=0x7ff87397b550)) returned 1 [0171.079] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0171.079] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff873970000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="CLIPC.dll") returned 0x9 [0171.094] CoTaskMemFree (pv=0x6b0040) [0171.094] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0171.094] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff873970000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\CLIPC.dll" (normalized: "c:\\windows\\system32\\clipc.dll")) returned 0x1d [0171.113] CoTaskMemFree (pv=0x6b3340) [0171.113] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f220000, lpmodinfo=0x25d0680, cb=0x18 | out: lpmodinfo=0x25d0680*(lpBaseOfDll=0x7ff86f220000, SizeOfImage=0x17000, EntryPoint=0x7ff86f226620)) returned 1 [0171.128] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0171.128] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f220000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="msauserext.dll") returned 0xe [0171.144] CoTaskMemFree (pv=0x6b2240) [0171.145] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0171.145] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f220000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msauserext.dll" (normalized: "c:\\windows\\system32\\msauserext.dll")) returned 0x22 [0171.160] CoTaskMemFree (pv=0x6b0040) [0171.160] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ba10000, lpmodinfo=0x25d2838, cb=0x18 | out: lpmodinfo=0x25d2838*(lpBaseOfDll=0x7ff87ba10000, SizeOfImage=0xd000, EntryPoint=0x7ff87ba11fe0)) returned 1 [0171.175] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0171.175] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ba10000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="tbs.dll") returned 0x7 [0171.192] CoTaskMemFree (pv=0x6b1140) [0171.192] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0171.192] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ba10000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\tbs.dll" (normalized: "c:\\windows\\system32\\tbs.dll")) returned 0x1b [0171.209] CoTaskMemFree (pv=0x6b3340) [0171.210] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8617d0000, lpmodinfo=0x25d49d0, cb=0x18 | out: lpmodinfo=0x25d49d0*(lpBaseOfDll=0x7ff8617d0000, SizeOfImage=0x52000, EntryPoint=0x7ff8617d3d30)) returned 1 [0171.228] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0171.229] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8617d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="cryptngc.dll") returned 0xc [0171.302] CoTaskMemFree (pv=0x6b2ac0) [0171.302] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0171.302] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8617d0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\cryptngc.dll" (normalized: "c:\\windows\\system32\\cryptngc.dll")) returned 0x20 [0171.322] CoTaskMemFree (pv=0x6b3340) [0171.322] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874540000, lpmodinfo=0x25d6b88, cb=0x18 | out: lpmodinfo=0x25d6b88*(lpBaseOfDll=0x7ff874540000, SizeOfImage=0x1b000, EntryPoint=0x7ff874541040)) returned 1 [0171.338] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0171.338] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874540000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="MPR.dll") returned 0x7 [0171.362] CoTaskMemFree (pv=0x6b2ac0) [0171.362] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0171.362] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874540000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\MPR.dll" (normalized: "c:\\windows\\system32\\mpr.dll")) returned 0x1b [0171.379] CoTaskMemFree (pv=0x6b08c0) [0171.379] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff861480000, lpmodinfo=0x25d8d20, cb=0x18 | out: lpmodinfo=0x25d8d20*(lpBaseOfDll=0x7ff861480000, SizeOfImage=0x5d000, EntryPoint=0x7ff8614ae510)) returned 1 [0171.409] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0171.409] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff861480000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="usocore.dll") returned 0xb [0171.425] CoTaskMemFree (pv=0x6b0040) [0171.425] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0171.425] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff861480000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\usocore.dll" (normalized: "c:\\windows\\system32\\usocore.dll")) returned 0x1f [0171.442] CoTaskMemFree (pv=0x6b3340) [0171.442] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff861460000, lpmodinfo=0x25daec8, cb=0x18 | out: lpmodinfo=0x25daec8*(lpBaseOfDll=0x7ff861460000, SizeOfImage=0x18000, EntryPoint=0x7ff86146b850)) returned 1 [0171.458] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0171.458] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff861460000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="DMCmnUtils.dll") returned 0xe [0171.475] CoTaskMemFree (pv=0x6b08c0) [0171.475] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0171.476] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff861460000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\DMCmnUtils.dll" (normalized: "c:\\windows\\system32\\dmcmnutils.dll")) returned 0x22 [0171.491] CoTaskMemFree (pv=0x6b19c0) [0171.491] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff861410000, lpmodinfo=0x25dd080, cb=0x18 | out: lpmodinfo=0x25dd080*(lpBaseOfDll=0x7ff861410000, SizeOfImage=0x44000, EntryPoint=0x7ff8614383e0)) returned 1 [0171.515] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0171.516] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff861410000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="updatehandlers.dll") returned 0x12 [0171.532] CoTaskMemFree (pv=0x6b2ac0) [0171.532] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0171.532] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff861410000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\updatehandlers.dll" (normalized: "c:\\windows\\system32\\updatehandlers.dll")) returned 0x26 [0171.548] CoTaskMemFree (pv=0x6b0040) [0171.548] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878230000, lpmodinfo=0x25df248, cb=0x18 | out: lpmodinfo=0x25df248*(lpBaseOfDll=0x7ff878230000, SizeOfImage=0xbf000, EntryPoint=0x7ff878251c50)) returned 1 [0171.566] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0171.566] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878230000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="taskschd.dll") returned 0xc [0171.582] CoTaskMemFree (pv=0x6b1140) [0171.582] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0171.582] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878230000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\taskschd.dll" (normalized: "c:\\windows\\system32\\taskschd.dll")) returned 0x20 [0171.623] CoTaskMemFree (pv=0x6b2ac0) [0171.623] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff873480000, lpmodinfo=0x25e1400, cb=0x18 | out: lpmodinfo=0x25e1400*(lpBaseOfDll=0x7ff873480000, SizeOfImage=0xd5000, EntryPoint=0x7ff87349cf80)) returned 1 [0171.642] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0171.642] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff873480000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wuapi.dll") returned 0x9 [0171.662] CoTaskMemFree (pv=0x6b0040) [0171.662] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0171.663] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff873480000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wuapi.dll" (normalized: "c:\\windows\\system32\\wuapi.dll")) returned 0x1d [0171.679] CoTaskMemFree (pv=0x6b19c0) [0171.679] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8612f0000, lpmodinfo=0x25e35a8, cb=0x18 | out: lpmodinfo=0x25e35a8*(lpBaseOfDll=0x7ff8612f0000, SizeOfImage=0x17000, EntryPoint=0x7ff8612f7520)) returned 1 [0171.706] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0171.706] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8612f0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="usoapi.dll") returned 0xa [0171.723] CoTaskMemFree (pv=0x6b1140) [0171.723] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0171.723] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8612f0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\usoapi.dll" (normalized: "c:\\windows\\system32\\usoapi.dll")) returned 0x1e [0171.758] CoTaskMemFree (pv=0x6b1140) [0171.758] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff879c90000, lpmodinfo=0x25e5750, cb=0x18 | out: lpmodinfo=0x25e5750*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0171.774] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0171.774] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff879c90000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0171.796] CoTaskMemFree (pv=0x6b2240) [0171.797] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0171.797] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff879c90000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0171.812] CoTaskMemFree (pv=0x6b08c0) [0171.812] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8603b0000, lpmodinfo=0x25e7908, cb=0x18 | out: lpmodinfo=0x25e7908*(lpBaseOfDll=0x7ff8603b0000, SizeOfImage=0x8000, EntryPoint=0x7ff8603b13b0)) returned 1 [0171.831] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0171.832] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8603b0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="dmiso8601utils.dll") returned 0x12 [0171.848] CoTaskMemFree (pv=0x6b19c0) [0171.848] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0171.849] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8603b0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dmiso8601utils.dll" (normalized: "c:\\windows\\system32\\dmiso8601utils.dll")) returned 0x26 [0171.865] CoTaskMemFree (pv=0x6b3340) [0171.866] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff867cd0000, lpmodinfo=0x25e9ad0, cb=0x18 | out: lpmodinfo=0x25e9ad0*(lpBaseOfDll=0x7ff867cd0000, SizeOfImage=0x1d000, EntryPoint=0x7ff867cd4f60)) returned 1 [0171.882] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0171.882] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff867cd0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="appinfo.dll") returned 0xb [0171.901] CoTaskMemFree (pv=0x6b3340) [0171.901] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0171.901] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff867cd0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\appinfo.dll" (normalized: "c:\\windows\\system32\\appinfo.dll")) returned 0x1f [0171.919] CoTaskMemFree (pv=0x6b2240) [0171.919] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87aa90000, lpmodinfo=0x25ebc78, cb=0x18 | out: lpmodinfo=0x25ebc78*(lpBaseOfDll=0x7ff87aa90000, SizeOfImage=0x79000, EntryPoint=0x7ff87aaafb90)) returned 1 [0171.935] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0171.936] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87aa90000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0171.961] CoTaskMemFree (pv=0x6b2240) [0171.961] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0171.962] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87aa90000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="c:\\windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0171.980] CoTaskMemFree (pv=0x6b19c0) [0171.980] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff865790000, lpmodinfo=0x25ede20, cb=0x18 | out: lpmodinfo=0x25ede20*(lpBaseOfDll=0x7ff865790000, SizeOfImage=0x32000, EntryPoint=0x7ff86579b0c0)) returned 1 [0171.998] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0171.998] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff865790000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="shacct.dll") returned 0xa [0172.015] CoTaskMemFree (pv=0x6b1140) [0172.015] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.016] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff865790000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\shacct.dll" (normalized: "c:\\windows\\system32\\shacct.dll")) returned 0x1e [0172.034] CoTaskMemFree (pv=0x6b3340) [0172.034] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8655f0000, lpmodinfo=0x25effc8, cb=0x18 | out: lpmodinfo=0x25effc8*(lpBaseOfDll=0x7ff8655f0000, SizeOfImage=0x11000, EntryPoint=0x7ff8655f28d0)) returned 1 [0172.051] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.052] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8655f0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="CredentialMigrationHandler.dll") returned 0x1e [0172.068] CoTaskMemFree (pv=0x6b2240) [0172.068] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.068] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8655f0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CredentialMigrationHandler.dll" (normalized: "c:\\windows\\system32\\credentialmigrationhandler.dll")) returned 0x32 [0172.085] CoTaskMemFree (pv=0x6b1140) [0172.085] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8654a0000, lpmodinfo=0x25f21c0, cb=0x18 | out: lpmodinfo=0x25f21c0*(lpBaseOfDll=0x7ff8654a0000, SizeOfImage=0x18000, EntryPoint=0x7ff8654a1b10)) returned 1 [0172.108] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.108] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8654a0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="LocationFrameworkInternalPS.dll") returned 0x1f [0172.130] CoTaskMemFree (pv=0x6b2240) [0172.130] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.130] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8654a0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\LocationFrameworkInternalPS.dll" (normalized: "c:\\windows\\system32\\locationframeworkinternalps.dll")) returned 0x33 [0172.148] CoTaskMemFree (pv=0x6b3340) [0172.148] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff867cb0000, lpmodinfo=0x25f43b8, cb=0x18 | out: lpmodinfo=0x25f43b8*(lpBaseOfDll=0x7ff867cb0000, SizeOfImage=0x18000, EntryPoint=0x7ff867cb4290)) returned 1 [0172.165] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.165] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff867cb0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="elscore.dll") returned 0xb [0172.182] CoTaskMemFree (pv=0x6b1140) [0172.182] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.182] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff867cb0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\elscore.dll" (normalized: "c:\\windows\\system32\\elscore.dll")) returned 0x1f [0172.205] CoTaskMemFree (pv=0x6b19c0) [0172.205] CloseHandle (hObject=0x264) returned 1 [0172.207] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0172.207] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x11c0) returned 0x264 [0172.207] EnumProcessModules (in: hProcess=0x264, lphModule=0x25fb0e0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25fb0e0, lpcbNeeded=0x14ef68) returned 1 [0172.208] GetModuleInformation (in: hProcess=0x264, hModule=0x110000, lpmodinfo=0x25fb350, cb=0x18 | out: lpmodinfo=0x25fb350*(lpBaseOfDll=0x110000, SizeOfImage=0x17000, EntryPoint=0x1114a1)) returned 1 [0172.208] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.209] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x110000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="around.exe") returned 0xa [0172.209] CoTaskMemFree (pv=0x6b3340) [0172.209] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.209] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x110000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Common Files\\around.exe" (normalized: "c:\\program files (x86)\\common files\\around.exe")) returned 0x2e [0172.210] CoTaskMemFree (pv=0x6b0040) [0172.210] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpmodinfo=0x25fd550, cb=0x18 | out: lpmodinfo=0x25fd550*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0172.210] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.210] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0172.211] CoTaskMemFree (pv=0x6b19c0) [0172.211] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.211] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0172.211] CoTaskMemFree (pv=0x6b08c0) [0172.211] GetModuleInformation (in: hProcess=0x264, hModule=0x66350000, lpmodinfo=0x25ff6f8, cb=0x18 | out: lpmodinfo=0x25ff6f8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0172.212] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.212] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x66350000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0172.213] CoTaskMemFree (pv=0x6b1140) [0172.213] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.213] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x66350000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0172.213] CoTaskMemFree (pv=0x6b2ac0) [0172.214] GetModuleInformation (in: hProcess=0x264, hModule=0x662d0000, lpmodinfo=0x26018a0, cb=0x18 | out: lpmodinfo=0x26018a0*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0172.214] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.214] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x662d0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0172.215] CoTaskMemFree (pv=0x6b08c0) [0172.215] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.215] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x662d0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0172.216] CoTaskMemFree (pv=0x6b19c0) [0172.216] GetModuleInformation (in: hProcess=0x264, hModule=0x663a0000, lpmodinfo=0x2603a58, cb=0x18 | out: lpmodinfo=0x2603a58*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0172.217] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.217] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x663a0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0172.217] CoTaskMemFree (pv=0x6b08c0) [0172.217] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.218] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x663a0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0172.218] CoTaskMemFree (pv=0x6b2240) [0172.219] CloseHandle (hObject=0x264) returned 1 [0172.219] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0172.219] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0xa0c) returned 0x264 [0172.219] EnumProcessModules (in: hProcess=0x264, lphModule=0x2606170, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2606170, lpcbNeeded=0x14ef68) returned 1 [0172.220] GetModuleInformation (in: hProcess=0x264, hModule=0xe70000, lpmodinfo=0x26063e0, cb=0x18 | out: lpmodinfo=0x26063e0*(lpBaseOfDll=0xe70000, SizeOfImage=0x17000, EntryPoint=0xe714a1)) returned 1 [0172.220] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.220] GetModuleBaseNameW (in: hProcess=0x264, hModule=0xe70000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="rate officer.exe") returned 0x10 [0172.220] CoTaskMemFree (pv=0x6b1140) [0172.220] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.221] GetModuleFileNameExW (in: hProcess=0x264, hModule=0xe70000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\rate officer.exe" (normalized: "c:\\program files (x86)\\windows media player\\rate officer.exe")) returned 0x3c [0172.221] CoTaskMemFree (pv=0x6b2240) [0172.221] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpmodinfo=0x2608610, cb=0x18 | out: lpmodinfo=0x2608610*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0172.222] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.222] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0172.222] CoTaskMemFree (pv=0x6b19c0) [0172.223] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.223] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0172.223] CoTaskMemFree (pv=0x6b19c0) [0172.223] GetModuleInformation (in: hProcess=0x264, hModule=0x66350000, lpmodinfo=0x260a7b8, cb=0x18 | out: lpmodinfo=0x260a7b8*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0172.224] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.224] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x66350000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0172.225] CoTaskMemFree (pv=0x6b08c0) [0172.225] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.226] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x66350000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0172.226] CoTaskMemFree (pv=0x6b3340) [0172.226] GetModuleInformation (in: hProcess=0x264, hModule=0x662d0000, lpmodinfo=0x260c960, cb=0x18 | out: lpmodinfo=0x260c960*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0172.227] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.227] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x662d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0172.228] CoTaskMemFree (pv=0x6b1140) [0172.228] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.228] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x662d0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0172.228] CoTaskMemFree (pv=0x6b0040) [0172.228] GetModuleInformation (in: hProcess=0x264, hModule=0x663a0000, lpmodinfo=0x260eb18, cb=0x18 | out: lpmodinfo=0x260eb18*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0172.229] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.229] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x663a0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0172.230] CoTaskMemFree (pv=0x6b3340) [0172.230] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.230] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x663a0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0172.231] CoTaskMemFree (pv=0x6b19c0) [0172.231] CloseHandle (hObject=0x264) returned 1 [0172.232] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0172.232] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x1030) returned 0x264 [0172.232] EnumProcessModules (in: hProcess=0x264, lphModule=0x2611230, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x2611230, lpcbNeeded=0x14ef68) returned 1 [0172.248] GetModuleInformation (in: hProcess=0x264, hModule=0x980000, lpmodinfo=0x26114a0, cb=0x18 | out: lpmodinfo=0x26114a0*(lpBaseOfDll=0x980000, SizeOfImage=0x17000, EntryPoint=0x9814a1)) returned 1 [0172.248] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.248] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x980000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="gmailnotifierpro.exe") returned 0x14 [0172.249] CoTaskMemFree (pv=0x6b08c0) [0172.249] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.249] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x980000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Program Files\\WindowsPowerShell\\gmailnotifierpro.exe" (normalized: "c:\\program files\\windowspowershell\\gmailnotifierpro.exe")) returned 0x37 [0172.249] CoTaskMemFree (pv=0x6b2ac0) [0172.250] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpmodinfo=0x26136c8, cb=0x18 | out: lpmodinfo=0x26136c8*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0172.250] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.253] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0172.254] CoTaskMemFree (pv=0x6b3340) [0172.254] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.254] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0172.254] CoTaskMemFree (pv=0x6b08c0) [0172.254] GetModuleInformation (in: hProcess=0x264, hModule=0x66350000, lpmodinfo=0x2615870, cb=0x18 | out: lpmodinfo=0x2615870*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0172.255] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.255] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x66350000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0172.256] CoTaskMemFree (pv=0x6b19c0) [0172.256] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.256] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x66350000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0172.256] CoTaskMemFree (pv=0x6b1140) [0172.256] GetModuleInformation (in: hProcess=0x264, hModule=0x662d0000, lpmodinfo=0x2617a18, cb=0x18 | out: lpmodinfo=0x2617a18*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0172.257] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.257] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x662d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0172.258] CoTaskMemFree (pv=0x6b1140) [0172.258] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.258] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x662d0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0172.259] CoTaskMemFree (pv=0x6b3340) [0172.259] GetModuleInformation (in: hProcess=0x264, hModule=0x663a0000, lpmodinfo=0x2619bd0, cb=0x18 | out: lpmodinfo=0x2619bd0*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0172.259] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.260] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x663a0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0172.261] CoTaskMemFree (pv=0x6b3340) [0172.261] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.261] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x663a0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0172.261] CoTaskMemFree (pv=0x6b08c0) [0172.261] CloseHandle (hObject=0x264) returned 1 [0172.262] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0172.262] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x10f4) returned 0x264 [0172.262] EnumProcessModules (in: hProcess=0x264, lphModule=0x261c2e8, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x261c2e8, lpcbNeeded=0x14ef68) returned 1 [0172.263] GetModuleInformation (in: hProcess=0x264, hModule=0x890000, lpmodinfo=0x261c558, cb=0x18 | out: lpmodinfo=0x261c558*(lpBaseOfDll=0x890000, SizeOfImage=0x17000, EntryPoint=0x8914a1)) returned 1 [0172.263] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.263] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x890000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="yahoomessenger.exe") returned 0x12 [0172.264] CoTaskMemFree (pv=0x6b19c0) [0172.264] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.264] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x890000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Program Files\\Windows Multimedia Platform\\yahoomessenger.exe" (normalized: "c:\\program files\\windows multimedia platform\\yahoomessenger.exe")) returned 0x3f [0172.264] CoTaskMemFree (pv=0x6b2ac0) [0172.265] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpmodinfo=0x261e788, cb=0x18 | out: lpmodinfo=0x261e788*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0172.265] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.265] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0172.265] CoTaskMemFree (pv=0x6b08c0) [0172.265] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.266] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0172.266] CoTaskMemFree (pv=0x6b0040) [0172.266] GetModuleInformation (in: hProcess=0x264, hModule=0x66350000, lpmodinfo=0x2620930, cb=0x18 | out: lpmodinfo=0x2620930*(lpBaseOfDll=0x66350000, SizeOfImage=0x50000, EntryPoint=0x66368180)) returned 1 [0172.266] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.267] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x66350000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wow64.dll") returned 0x9 [0172.267] CoTaskMemFree (pv=0x6b3340) [0172.267] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.267] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x66350000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64.dll" (normalized: "c:\\windows\\system32\\wow64.dll")) returned 0x1d [0172.268] CoTaskMemFree (pv=0x6b1140) [0172.268] GetModuleInformation (in: hProcess=0x264, hModule=0x662d0000, lpmodinfo=0x2622ad8, cb=0x18 | out: lpmodinfo=0x2622ad8*(lpBaseOfDll=0x662d0000, SizeOfImage=0x7a000, EntryPoint=0x662e3290)) returned 1 [0172.269] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.269] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x662d0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wow64win.dll") returned 0xc [0172.269] CoTaskMemFree (pv=0x6b1140) [0172.269] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.270] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x662d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64win.dll" (normalized: "c:\\windows\\system32\\wow64win.dll")) returned 0x20 [0172.270] CoTaskMemFree (pv=0x6b2ac0) [0172.271] GetModuleInformation (in: hProcess=0x264, hModule=0x663a0000, lpmodinfo=0x2624c90, cb=0x18 | out: lpmodinfo=0x2624c90*(lpBaseOfDll=0x663a0000, SizeOfImage=0x8000, EntryPoint=0x663a17c0)) returned 1 [0172.271] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.271] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x663a0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wow64cpu.dll") returned 0xc [0172.272] CoTaskMemFree (pv=0x6b08c0) [0172.272] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.272] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x663a0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wow64cpu.dll" (normalized: "c:\\windows\\system32\\wow64cpu.dll")) returned 0x20 [0172.273] CoTaskMemFree (pv=0x6b1140) [0172.273] CloseHandle (hObject=0x264) returned 1 [0172.273] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0172.276] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x4a0) returned 0x264 [0172.276] EnumProcessModules (in: hProcess=0x264, lphModule=0x26276d0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x26276d0, lpcbNeeded=0x14ef68) returned 1 [0172.294] EnumProcessModules (in: hProcess=0x264, lphModule=0x26278e8, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x26278e8, lpcbNeeded=0x14ef68) returned 1 [0172.311] EnumProcessModules (in: hProcess=0x264, lphModule=0x2627d00, cb=0x800, lpcbNeeded=0x14ef68 | out: lphModule=0x2627d00, lpcbNeeded=0x14ef68) returned 1 [0172.331] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff713720000, lpmodinfo=0x2628570, cb=0x18 | out: lpmodinfo=0x2628570*(lpBaseOfDll=0x7ff713720000, SizeOfImage=0x448000, EntryPoint=0x7ff7137be090)) returned 1 [0172.332] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.332] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff713720000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="Explorer.EXE") returned 0xc [0172.333] CoTaskMemFree (pv=0x6b3340) [0172.333] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.333] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff713720000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\Explorer.EXE" (normalized: "c:\\windows\\explorer.exe")) returned 0x17 [0172.333] CoTaskMemFree (pv=0x6b08c0) [0172.333] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpmodinfo=0x262a748, cb=0x18 | out: lpmodinfo=0x262a748*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0172.334] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.334] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0172.334] CoTaskMemFree (pv=0x6b08c0) [0172.334] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.334] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0172.335] CoTaskMemFree (pv=0x6b08c0) [0172.335] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f640000, lpmodinfo=0x262c8f0, cb=0x18 | out: lpmodinfo=0x262c8f0*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0172.335] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.335] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f640000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0172.336] CoTaskMemFree (pv=0x6b2240) [0172.336] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.336] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f640000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0172.337] CoTaskMemFree (pv=0x6b2240) [0172.337] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ce40000, lpmodinfo=0x262eaa8, cb=0x18 | out: lpmodinfo=0x262eaa8*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0172.338] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.338] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ce40000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0172.338] CoTaskMemFree (pv=0x6b1140) [0172.338] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.338] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ce40000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0172.339] CoTaskMemFree (pv=0x6b0040) [0172.339] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87aa90000, lpmodinfo=0x2630c60, cb=0x18 | out: lpmodinfo=0x2630c60*(lpBaseOfDll=0x7ff87aa90000, SizeOfImage=0x79000, EntryPoint=0x7ff87aaafb90)) returned 1 [0172.340] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.340] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87aa90000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="apphelp.dll") returned 0xb [0172.341] CoTaskMemFree (pv=0x6b0040) [0172.341] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.341] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87aa90000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\apphelp.dll" (normalized: "c:\\windows\\system32\\apphelp.dll")) returned 0x1f [0172.342] CoTaskMemFree (pv=0x6b2ac0) [0172.342] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fde0000, lpmodinfo=0x2632e60, cb=0x18 | out: lpmodinfo=0x2632e60*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0172.343] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.343] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fde0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0172.345] CoTaskMemFree (pv=0x6b19c0) [0172.346] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.346] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fde0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0172.347] CoTaskMemFree (pv=0x6b19c0) [0172.347] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fa80000, lpmodinfo=0x2635008, cb=0x18 | out: lpmodinfo=0x2635008*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0172.348] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.348] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fa80000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0172.349] CoTaskMemFree (pv=0x6b08c0) [0172.349] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.349] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fa80000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0172.350] CoTaskMemFree (pv=0x6b1140) [0172.350] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f6f0000, lpmodinfo=0x26371c0, cb=0x18 | out: lpmodinfo=0x26371c0*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0172.351] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.351] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f6f0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0172.352] CoTaskMemFree (pv=0x6b2240) [0172.352] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.352] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f6f0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0172.353] CoTaskMemFree (pv=0x6b1140) [0172.353] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fe80000, lpmodinfo=0x2639368, cb=0x18 | out: lpmodinfo=0x2639368*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0172.354] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.354] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fe80000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0172.355] CoTaskMemFree (pv=0x6b19c0) [0172.355] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.356] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fe80000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0172.357] CoTaskMemFree (pv=0x6b2ac0) [0172.357] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d030000, lpmodinfo=0x263b5a8, cb=0x18 | out: lpmodinfo=0x263b5a8*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0172.358] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.358] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d030000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0172.359] CoTaskMemFree (pv=0x6b2240) [0172.359] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.359] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d030000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0172.361] CoTaskMemFree (pv=0x6b0040) [0172.361] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c5f0000, lpmodinfo=0x263d780, cb=0x18 | out: lpmodinfo=0x263d780*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0172.362] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.362] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c5f0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0172.363] CoTaskMemFree (pv=0x6b1140) [0172.363] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.364] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c5f0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0172.365] CoTaskMemFree (pv=0x6b3340) [0172.365] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ed60000, lpmodinfo=0x263f938, cb=0x18 | out: lpmodinfo=0x263f938*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0172.366] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.366] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ed60000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0172.367] CoTaskMemFree (pv=0x6b3340) [0172.368] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.368] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ed60000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0172.369] CoTaskMemFree (pv=0x6b2ac0) [0172.370] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f3e0000, lpmodinfo=0x2641ae0, cb=0x18 | out: lpmodinfo=0x2641ae0*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0172.371] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.371] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f3e0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0172.372] CoTaskMemFree (pv=0x6b19c0) [0172.373] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.373] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f3e0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0172.374] CoTaskMemFree (pv=0x6b0040) [0172.374] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c650000, lpmodinfo=0x2643c88, cb=0x18 | out: lpmodinfo=0x2643c88*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0172.375] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.376] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c650000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="SHCORE.dll") returned 0xa [0172.377] CoTaskMemFree (pv=0x6b3340) [0172.377] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.377] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c650000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHCORE.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0172.379] CoTaskMemFree (pv=0x6b0040) [0172.379] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fb50000, lpmodinfo=0x2645e30, cb=0x18 | out: lpmodinfo=0x2645e30*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0172.380] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.380] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fb50000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="SHLWAPI.dll") returned 0xb [0172.382] CoTaskMemFree (pv=0x6b1140) [0172.382] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.382] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fb50000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHLWAPI.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0172.384] CoTaskMemFree (pv=0x6b3340) [0172.384] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d650000, lpmodinfo=0x2647fd8, cb=0x18 | out: lpmodinfo=0x2647fd8*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0172.385] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.385] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d650000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0172.387] CoTaskMemFree (pv=0x6b1140) [0172.387] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.387] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d650000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0172.391] CoTaskMemFree (pv=0x6b2ac0) [0172.391] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c710000, lpmodinfo=0x264a180, cb=0x18 | out: lpmodinfo=0x264a180*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0172.393] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.393] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c710000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0172.394] CoTaskMemFree (pv=0x6b19c0) [0172.395] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.395] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c710000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0172.396] CoTaskMemFree (pv=0x6b0040) [0172.396] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c760000, lpmodinfo=0x264c450, cb=0x18 | out: lpmodinfo=0x264c450*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0172.398] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.398] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c760000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="windows.storage.dll") returned 0x13 [0172.401] CoTaskMemFree (pv=0x6b1140) [0172.401] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.401] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c760000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0172.403] CoTaskMemFree (pv=0x6b2ac0) [0172.403] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fd30000, lpmodinfo=0x264e618, cb=0x18 | out: lpmodinfo=0x264e618*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0172.405] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.405] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fd30000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0172.407] CoTaskMemFree (pv=0x6b2ac0) [0172.407] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.408] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fd30000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0172.410] CoTaskMemFree (pv=0x6b19c0) [0172.410] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f970000, lpmodinfo=0x26507d0, cb=0x18 | out: lpmodinfo=0x26507d0*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0172.412] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.412] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f970000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0172.416] CoTaskMemFree (pv=0x6b0040) [0172.416] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.417] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f970000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0172.419] CoTaskMemFree (pv=0x6b2240) [0172.419] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c640000, lpmodinfo=0x2652978, cb=0x18 | out: lpmodinfo=0x2652978*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0172.421] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.421] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c640000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0172.423] CoTaskMemFree (pv=0x6b2240) [0172.423] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.423] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c640000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0172.426] CoTaskMemFree (pv=0x6b08c0) [0172.426] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c5d0000, lpmodinfo=0x2654b40, cb=0x18 | out: lpmodinfo=0x2654b40*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0172.428] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.428] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c5d0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0172.430] CoTaskMemFree (pv=0x6b08c0) [0172.430] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.430] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c5d0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0172.432] CoTaskMemFree (pv=0x6b3340) [0172.433] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d170000, lpmodinfo=0x2656ce8, cb=0x18 | out: lpmodinfo=0x2656ce8*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0172.469] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.469] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d170000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0172.480] CoTaskMemFree (pv=0x6b0040) [0172.480] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.481] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d170000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0172.483] CoTaskMemFree (pv=0x6b1140) [0172.483] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c5c0000, lpmodinfo=0x2658e90, cb=0x18 | out: lpmodinfo=0x2658e90*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0172.485] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.485] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c5c0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0172.488] CoTaskMemFree (pv=0x6b3340) [0172.488] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.488] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c5c0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0172.490] CoTaskMemFree (pv=0x6b2ac0) [0172.490] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ab10000, lpmodinfo=0x265b038, cb=0x18 | out: lpmodinfo=0x265b038*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0172.492] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.493] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ab10000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0172.502] CoTaskMemFree (pv=0x6b3340) [0172.502] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.502] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ab10000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0172.504] CoTaskMemFree (pv=0x6b1140) [0172.504] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87af40000, lpmodinfo=0x265d1e0, cb=0x18 | out: lpmodinfo=0x265d1e0*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0172.507] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.507] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87af40000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="UxTheme.dll") returned 0xb [0172.509] CoTaskMemFree (pv=0x6b0040) [0172.509] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.509] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87af40000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\UxTheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0172.512] CoTaskMemFree (pv=0x6b1140) [0172.512] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87a590000, lpmodinfo=0x265f388, cb=0x18 | out: lpmodinfo=0x265f388*(lpBaseOfDll=0x7ff87a590000, SizeOfImage=0x22000, EntryPoint=0x7ff87a591a40)) returned 1 [0172.514] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.515] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87a590000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="dwmapi.dll") returned 0xa [0172.517] CoTaskMemFree (pv=0x6b3340) [0172.517] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.517] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87a590000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dwmapi.dll" (normalized: "c:\\windows\\system32\\dwmapi.dll")) returned 0x1e [0172.519] CoTaskMemFree (pv=0x6b1140) [0172.519] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f290000, lpmodinfo=0x2661530, cb=0x18 | out: lpmodinfo=0x2661530*(lpBaseOfDll=0x7ff86f290000, SizeOfImage=0xb1000, EntryPoint=0x7ff86f2a08f0)) returned 1 [0172.522] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.522] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f290000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="TWINAPI.dll") returned 0xb [0172.525] CoTaskMemFree (pv=0x6b08c0) [0172.525] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.525] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f290000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\TWINAPI.dll" (normalized: "c:\\windows\\system32\\twinapi.dll")) returned 0x1f [0172.528] CoTaskMemFree (pv=0x6b1140) [0172.528] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87a2e0000, lpmodinfo=0x26636d8, cb=0x18 | out: lpmodinfo=0x26636d8*(lpBaseOfDll=0x7ff87a2e0000, SizeOfImage=0x2a8000, EntryPoint=0x7ff87a373250)) returned 1 [0172.531] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.531] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87a2e0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="d3d11.dll") returned 0x9 [0172.534] CoTaskMemFree (pv=0x6b0040) [0172.534] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.534] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87a2e0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\d3d11.dll" (normalized: "c:\\windows\\system32\\d3d11.dll")) returned 0x1d [0172.537] CoTaskMemFree (pv=0x6b2ac0) [0172.537] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87a6a0000, lpmodinfo=0x2665880, cb=0x18 | out: lpmodinfo=0x2665880*(lpBaseOfDll=0x7ff87a6a0000, SizeOfImage=0xe3000, EntryPoint=0x7ff87a6d7da0)) returned 1 [0172.539] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.539] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87a6a0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="dcomp.dll") returned 0x9 [0172.542] CoTaskMemFree (pv=0x6b0040) [0172.542] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.542] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87a6a0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dcomp.dll" (normalized: "c:\\windows\\system32\\dcomp.dll")) returned 0x1d [0172.545] CoTaskMemFree (pv=0x6b3340) [0172.545] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87b0e0000, lpmodinfo=0x2667a28, cb=0x18 | out: lpmodinfo=0x2667a28*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0172.551] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.551] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87b0e0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0172.553] CoTaskMemFree (pv=0x6b1140) [0172.553] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.554] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87b0e0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0172.556] CoTaskMemFree (pv=0x6b2ac0) [0172.557] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c240000, lpmodinfo=0x2669bf0, cb=0x18 | out: lpmodinfo=0x2669bf0*(lpBaseOfDll=0x7ff87c240000, SizeOfImage=0x2d000, EntryPoint=0x7ff87c259d40)) returned 1 [0172.561] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.561] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c240000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="SspiCli.dll") returned 0xb [0172.563] CoTaskMemFree (pv=0x6b1140) [0172.563] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.564] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c240000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SspiCli.dll" (normalized: "c:\\windows\\system32\\sspicli.dll")) returned 0x1f [0172.566] CoTaskMemFree (pv=0x6b08c0) [0172.566] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87bd20000, lpmodinfo=0x266bd98, cb=0x18 | out: lpmodinfo=0x266bd98*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0172.569] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.569] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87bd20000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0172.572] CoTaskMemFree (pv=0x6b19c0) [0172.573] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.573] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87bd20000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0172.576] CoTaskMemFree (pv=0x6b0040) [0172.576] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff877aa0000, lpmodinfo=0x266e158, cb=0x18 | out: lpmodinfo=0x266e158*(lpBaseOfDll=0x7ff877aa0000, SizeOfImage=0x10e000, EntryPoint=0x7ff877aeeaa0)) returned 1 [0172.580] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.580] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff877aa0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="MrmCoreR.dll") returned 0xc [0172.584] CoTaskMemFree (pv=0x6b2ac0) [0172.584] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.584] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff877aa0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MrmCoreR.dll" (normalized: "c:\\windows\\system32\\mrmcorer.dll")) returned 0x20 [0172.587] CoTaskMemFree (pv=0x6b3340) [0172.587] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87a230000, lpmodinfo=0x2670310, cb=0x18 | out: lpmodinfo=0x2670310*(lpBaseOfDll=0x7ff87a230000, SizeOfImage=0xa2000, EntryPoint=0x7ff87a250a40)) returned 1 [0172.590] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.590] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87a230000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="dxgi.dll") returned 0x8 [0172.594] CoTaskMemFree (pv=0x6b1140) [0172.594] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.594] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87a230000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dxgi.dll" (normalized: "c:\\windows\\system32\\dxgi.dll")) returned 0x1c [0172.597] CoTaskMemFree (pv=0x6b19c0) [0172.597] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c450000, lpmodinfo=0x26724b8, cb=0x18 | out: lpmodinfo=0x26724b8*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0172.601] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.601] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c450000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0172.604] CoTaskMemFree (pv=0x6b3340) [0172.604] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.604] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c450000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0172.608] CoTaskMemFree (pv=0x6b08c0) [0172.608] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d4f0000, lpmodinfo=0x2674660, cb=0x18 | out: lpmodinfo=0x2674660*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0172.614] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.614] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d4f0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0172.617] CoTaskMemFree (pv=0x6b2240) [0172.617] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.617] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d4f0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0172.621] CoTaskMemFree (pv=0x6b1140) [0172.621] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fbb0000, lpmodinfo=0x2676808, cb=0x18 | out: lpmodinfo=0x2676808*(lpBaseOfDll=0x7ff87fbb0000, SizeOfImage=0x15a000, EntryPoint=0x7ff87fbf38e0)) returned 1 [0172.624] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.624] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fbb0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="MSCTF.dll") returned 0x9 [0172.627] CoTaskMemFree (pv=0x6b0040) [0172.627] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.627] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fbb0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSCTF.dll" (normalized: "c:\\windows\\system32\\msctf.dll")) returned 0x1d [0172.631] CoTaskMemFree (pv=0x6b2240) [0172.631] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d3a0000, lpmodinfo=0x26789b0, cb=0x18 | out: lpmodinfo=0x26789b0*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0172.637] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.637] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d3a0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0172.641] CoTaskMemFree (pv=0x6b2240) [0172.641] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.641] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d3a0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0172.645] CoTaskMemFree (pv=0x6b2ac0) [0172.645] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f9d0000, lpmodinfo=0x267ab58, cb=0x18 | out: lpmodinfo=0x267ab58*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0172.648] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.649] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f9d0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0172.652] CoTaskMemFree (pv=0x6b2240) [0172.652] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.652] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f9d0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0172.656] CoTaskMemFree (pv=0x6b08c0) [0172.656] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c3d0000, lpmodinfo=0x267cd00, cb=0x18 | out: lpmodinfo=0x267cd00*(lpBaseOfDll=0x7ff87c3d0000, SizeOfImage=0x56000, EntryPoint=0x7ff87c3e0bf0)) returned 1 [0172.659] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.660] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c3d0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="WINSTA.dll") returned 0xa [0172.663] CoTaskMemFree (pv=0x6b2ac0) [0172.663] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0172.664] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c3d0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINSTA.dll" (normalized: "c:\\windows\\system32\\winsta.dll")) returned 0x1e [0172.667] CoTaskMemFree (pv=0x6b3340) [0172.667] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff879c90000, lpmodinfo=0x267eea8, cb=0x18 | out: lpmodinfo=0x267eea8*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0172.671] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.671] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff879c90000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0172.675] CoTaskMemFree (pv=0x6b19c0) [0172.675] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.675] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff879c90000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0172.679] CoTaskMemFree (pv=0x6b19c0) [0172.679] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875450000, lpmodinfo=0x2681060, cb=0x18 | out: lpmodinfo=0x2681060*(lpBaseOfDll=0x7ff875450000, SizeOfImage=0x28000, EntryPoint=0x7ff875458c10)) returned 1 [0172.683] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.683] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875450000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="IDStore.dll") returned 0xb [0172.686] CoTaskMemFree (pv=0x6b1140) [0172.686] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.687] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875450000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IDStore.dll" (normalized: "c:\\windows\\system32\\idstore.dll")) returned 0x1f [0172.690] CoTaskMemFree (pv=0x6b08c0) [0172.690] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87aca0000, lpmodinfo=0x2683208, cb=0x18 | out: lpmodinfo=0x2683208*(lpBaseOfDll=0x7ff87aca0000, SizeOfImage=0x1c000, EntryPoint=0x7ff87aca37a0)) returned 1 [0172.694] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.694] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87aca0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="SAMLIB.dll") returned 0xa [0172.698] CoTaskMemFree (pv=0x6b2240) [0172.698] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.698] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87aca0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SAMLIB.dll" (normalized: "c:\\windows\\system32\\samlib.dll")) returned 0x1e [0172.702] CoTaskMemFree (pv=0x6b0040) [0172.702] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87a130000, lpmodinfo=0x26853b0, cb=0x18 | out: lpmodinfo=0x26853b0*(lpBaseOfDll=0x7ff87a130000, SizeOfImage=0x67000, EntryPoint=0x7ff87a14e710)) returned 1 [0172.707] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.707] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87a130000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="Bcp47Langs.dll") returned 0xe [0172.714] CoTaskMemFree (pv=0x6b19c0) [0172.715] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.715] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87a130000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Bcp47Langs.dll" (normalized: "c:\\windows\\system32\\bcp47langs.dll")) returned 0x22 [0172.719] CoTaskMemFree (pv=0x6b19c0) [0172.719] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86e8b0000, lpmodinfo=0x2687568, cb=0x18 | out: lpmodinfo=0x2687568*(lpBaseOfDll=0x7ff86e8b0000, SizeOfImage=0x15000, EntryPoint=0x7ff86e8b2c90)) returned 1 [0172.723] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.723] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86e8b0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="SETTINGSYNCPOLICY.dll") returned 0x15 [0172.727] CoTaskMemFree (pv=0x6b2240) [0172.727] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.728] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86e8b0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SETTINGSYNCPOLICY.dll" (normalized: "c:\\windows\\system32\\settingsyncpolicy.dll")) returned 0x29 [0172.732] CoTaskMemFree (pv=0x6b1140) [0172.732] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878830000, lpmodinfo=0x2689740, cb=0x18 | out: lpmodinfo=0x2689740*(lpBaseOfDll=0x7ff878830000, SizeOfImage=0x55000, EntryPoint=0x7ff878833fb0)) returned 1 [0172.736] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.736] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878830000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="policymanager.dll") returned 0x11 [0172.740] CoTaskMemFree (pv=0x6b1140) [0172.740] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.741] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878830000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\policymanager.dll" (normalized: "c:\\windows\\system32\\policymanager.dll")) returned 0x25 [0172.744] CoTaskMemFree (pv=0x6b2240) [0172.745] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878e80000, lpmodinfo=0x268b908, cb=0x18 | out: lpmodinfo=0x268b908*(lpBaseOfDll=0x7ff878e80000, SizeOfImage=0x92000, EntryPoint=0x7ff878eca780)) returned 1 [0172.749] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.749] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878e80000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="msvcp110_win.dll") returned 0x10 [0172.753] CoTaskMemFree (pv=0x6b08c0) [0172.753] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.753] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878e80000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msvcp110_win.dll" (normalized: "c:\\windows\\system32\\msvcp110_win.dll")) returned 0x24 [0172.758] CoTaskMemFree (pv=0x6b2240) [0172.758] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86e7b0000, lpmodinfo=0x268dad0, cb=0x18 | out: lpmodinfo=0x268dad0*(lpBaseOfDll=0x7ff86e7b0000, SizeOfImage=0xf9000, EntryPoint=0x7ff86e7f8000)) returned 1 [0172.762] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.762] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86e7b0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="SettingSyncCore.dll") returned 0x13 [0172.766] CoTaskMemFree (pv=0x6b2ac0) [0172.766] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.767] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86e7b0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SettingSyncCore.dll" (normalized: "c:\\windows\\system32\\settingsynccore.dll")) returned 0x27 [0172.771] CoTaskMemFree (pv=0x6b0040) [0172.771] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87bf40000, lpmodinfo=0x268fc98, cb=0x18 | out: lpmodinfo=0x268fc98*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0172.775] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.775] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87bf40000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0172.782] CoTaskMemFree (pv=0x6b2240) [0172.782] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.782] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87bf40000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0172.788] CoTaskMemFree (pv=0x6b0040) [0172.788] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86e6e0000, lpmodinfo=0x2691e40, cb=0x18 | out: lpmodinfo=0x2691e40*(lpBaseOfDll=0x7ff86e6e0000, SizeOfImage=0xce000, EntryPoint=0x7ff86e7114c0)) returned 1 [0172.792] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.793] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86e6e0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="TokenBroker.dll") returned 0xf [0172.797] CoTaskMemFree (pv=0x6b2240) [0172.797] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.797] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86e6e0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll")) returned 0x23 [0172.801] CoTaskMemFree (pv=0x6b08c0) [0172.801] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff876870000, lpmodinfo=0x2693ff8, cb=0x18 | out: lpmodinfo=0x2693ff8*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0172.806] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.807] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff876870000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0172.811] CoTaskMemFree (pv=0x6b2ac0) [0172.811] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.811] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff876870000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0172.821] CoTaskMemFree (pv=0x6b08c0) [0172.821] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ad00000, lpmodinfo=0x26961b0, cb=0x18 | out: lpmodinfo=0x26961b0*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0172.826] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.826] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ad00000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0172.830] CoTaskMemFree (pv=0x6b1140) [0172.830] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.831] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ad00000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0172.836] CoTaskMemFree (pv=0x6b2240) [0172.836] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff872050000, lpmodinfo=0x2698368, cb=0x18 | out: lpmodinfo=0x2698368*(lpBaseOfDll=0x7ff872050000, SizeOfImage=0x274000, EntryPoint=0x7ff8720c0400)) returned 1 [0172.840] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.841] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff872050000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="comctl32.dll") returned 0xc [0172.846] CoTaskMemFree (pv=0x6b2ac0) [0172.847] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.847] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff872050000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22\\comctl32.dll")) returned 0x79 [0172.851] CoTaskMemFree (pv=0x6b0040) [0172.851] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86e500000, lpmodinfo=0x269a5d0, cb=0x18 | out: lpmodinfo=0x269a5d0*(lpBaseOfDll=0x7ff86e500000, SizeOfImage=0x65000, EntryPoint=0x7ff86e504c50)) returned 1 [0172.856] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.856] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86e500000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="SndVolSSO.DLL") returned 0xd [0172.861] CoTaskMemFree (pv=0x6b19c0) [0172.861] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.862] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86e500000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SndVolSSO.DLL" (normalized: "c:\\windows\\system32\\sndvolsso.dll")) returned 0x21 [0172.866] CoTaskMemFree (pv=0x6b0040) [0172.866] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878090000, lpmodinfo=0x269c788, cb=0x18 | out: lpmodinfo=0x269c788*(lpBaseOfDll=0x7ff878090000, SizeOfImage=0x70000, EntryPoint=0x7ff8780b2960)) returned 1 [0172.871] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.871] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878090000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="MMDevApi.dll") returned 0xc [0172.876] CoTaskMemFree (pv=0x6b2240) [0172.876] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.876] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878090000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MMDevApi.dll" (normalized: "c:\\windows\\system32\\mmdevapi.dll")) returned 0x20 [0172.881] CoTaskMemFree (pv=0x6b0040) [0172.881] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87afe0000, lpmodinfo=0x269e940, cb=0x18 | out: lpmodinfo=0x269e940*(lpBaseOfDll=0x7ff87afe0000, SizeOfImage=0x27000, EntryPoint=0x7ff87afe7940)) returned 1 [0172.886] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.886] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87afe0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="DEVOBJ.dll") returned 0xa [0172.891] CoTaskMemFree (pv=0x6b2ac0) [0172.891] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.891] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87afe0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DEVOBJ.dll" (normalized: "c:\\windows\\system32\\devobj.dll")) returned 0x1e [0172.896] CoTaskMemFree (pv=0x6b2240) [0172.896] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86e490000, lpmodinfo=0x26a0ae8, cb=0x18 | out: lpmodinfo=0x26a0ae8*(lpBaseOfDll=0x7ff86e490000, SizeOfImage=0x6a000, EntryPoint=0x7ff86e4a5e90)) returned 1 [0172.902] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0172.902] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86e490000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="OLEACC.dll") returned 0xa [0172.907] CoTaskMemFree (pv=0x6b0040) [0172.907] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.907] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86e490000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\OLEACC.dll" (normalized: "c:\\windows\\system32\\oleacc.dll")) returned 0x1e [0172.912] CoTaskMemFree (pv=0x6b19c0) [0172.912] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86e390000, lpmodinfo=0x26a2c90, cb=0x18 | out: lpmodinfo=0x26a2c90*(lpBaseOfDll=0x7ff86e390000, SizeOfImage=0x4a000, EntryPoint=0x7ff86e395800)) returned 1 [0172.917] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.917] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86e390000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="dataexchange.dll") returned 0x10 [0172.923] CoTaskMemFree (pv=0x6b19c0) [0172.923] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.923] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86e390000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dataexchange.dll" (normalized: "c:\\windows\\system32\\dataexchange.dll")) returned 0x24 [0172.928] CoTaskMemFree (pv=0x6b19c0) [0172.928] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff879920000, lpmodinfo=0x26a4e58, cb=0x18 | out: lpmodinfo=0x26a4e58*(lpBaseOfDll=0x7ff879920000, SizeOfImage=0x1b1000, EntryPoint=0x7ff8799b61a0)) returned 1 [0172.939] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.940] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff879920000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="windowscodecs.dll") returned 0x11 [0172.945] CoTaskMemFree (pv=0x6b19c0) [0172.945] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.945] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff879920000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windowscodecs.dll" (normalized: "c:\\windows\\system32\\windowscodecs.dll")) returned 0x25 [0172.952] CoTaskMemFree (pv=0x6b08c0) [0172.953] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86def0000, lpmodinfo=0x26a7020, cb=0x18 | out: lpmodinfo=0x26a7020*(lpBaseOfDll=0x7ff86def0000, SizeOfImage=0x4a0000, EntryPoint=0x7ff86df88740)) returned 1 [0172.958] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0172.958] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86def0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="explorerframe.dll") returned 0x11 [0172.964] CoTaskMemFree (pv=0x6b2240) [0172.964] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0172.964] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86def0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\explorerframe.dll" (normalized: "c:\\windows\\system32\\explorerframe.dll")) returned 0x25 [0172.969] CoTaskMemFree (pv=0x6b1140) [0172.969] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86dea0000, lpmodinfo=0x26a91e8, cb=0x18 | out: lpmodinfo=0x26a91e8*(lpBaseOfDll=0x7ff86dea0000, SizeOfImage=0x50000, EntryPoint=0x7ff86dea2580)) returned 1 [0172.974] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0172.975] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86dea0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="edputil.dll") returned 0xb [0172.980] CoTaskMemFree (pv=0x6b2ac0) [0172.980] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.980] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86dea0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\edputil.dll" (normalized: "c:\\windows\\system32\\edputil.dll")) returned 0x1f [0172.986] CoTaskMemFree (pv=0x6b08c0) [0172.986] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f5d0000, lpmodinfo=0x26ab390, cb=0x18 | out: lpmodinfo=0x26ab390*(lpBaseOfDll=0x7ff87f5d0000, SizeOfImage=0x6f000, EntryPoint=0x7ff87f5f5f70)) returned 1 [0172.991] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0172.993] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f5d0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="coml2.dll") returned 0x9 [0172.999] CoTaskMemFree (pv=0x6b19c0) [0172.999] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0172.999] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f5d0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\coml2.dll" (normalized: "c:\\windows\\system32\\coml2.dll")) returned 0x1d [0173.006] CoTaskMemFree (pv=0x6b08c0) [0173.006] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86d390000, lpmodinfo=0x26ad538, cb=0x18 | out: lpmodinfo=0x26ad538*(lpBaseOfDll=0x7ff86d390000, SizeOfImage=0xb0b000, EntryPoint=0x7ff86d4da540)) returned 1 [0173.012] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0173.013] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86d390000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="TwinUI.dll") returned 0xa [0173.021] CoTaskMemFree (pv=0x6b3340) [0173.021] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0173.021] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86d390000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\TwinUI.dll" (normalized: "c:\\windows\\system32\\twinui.dll")) returned 0x1e [0173.027] CoTaskMemFree (pv=0x6b3340) [0173.027] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff876320000, lpmodinfo=0x26af6e0, cb=0x18 | out: lpmodinfo=0x26af6e0*(lpBaseOfDll=0x7ff876320000, SizeOfImage=0x1bd000, EntryPoint=0x7ff87634af90)) returned 1 [0173.032] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0173.032] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff876320000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="Windows.UI.Immersive.dll") returned 0x18 [0173.038] CoTaskMemFree (pv=0x6b0040) [0173.038] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0173.038] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff876320000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\system32\\windows.ui.immersive.dll")) returned 0x2c [0173.043] CoTaskMemFree (pv=0x6b2240) [0173.044] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86d340000, lpmodinfo=0x26b1ce0, cb=0x18 | out: lpmodinfo=0x26b1ce0*(lpBaseOfDll=0x7ff86d340000, SizeOfImage=0x4d000, EntryPoint=0x7ff86d34d180)) returned 1 [0173.050] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0173.050] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86d340000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="windows.immersiveshell.serviceprovider.dll") returned 0x2a [0173.056] CoTaskMemFree (pv=0x6b08c0) [0173.056] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0173.056] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86d340000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\windows.immersiveshell.serviceprovider.dll" (normalized: "c:\\windows\\system32\\windows.immersiveshell.serviceprovider.dll")) returned 0x3e [0173.062] CoTaskMemFree (pv=0x6b0040) [0173.062] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86d330000, lpmodinfo=0x26b3f08, cb=0x18 | out: lpmodinfo=0x26b3f08*(lpBaseOfDll=0x7ff86d330000, SizeOfImage=0xc000, EntryPoint=0x7ff86d3318b0)) returned 1 [0173.067] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0173.067] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86d330000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="WLDP.DLL") returned 0x8 [0173.073] CoTaskMemFree (pv=0x6b19c0) [0173.073] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0173.073] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86d330000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WLDP.DLL" (normalized: "c:\\windows\\system32\\wldp.dll")) returned 0x1c [0173.079] CoTaskMemFree (pv=0x6b1140) [0173.079] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d340000, lpmodinfo=0x26b60b0, cb=0x18 | out: lpmodinfo=0x26b60b0*(lpBaseOfDll=0x7ff87d340000, SizeOfImage=0x55000, EntryPoint=0x7ff87d357970)) returned 1 [0173.085] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0173.085] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d340000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="WINTRUST.dll") returned 0xc [0173.092] CoTaskMemFree (pv=0x6b3340) [0173.092] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0173.092] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d340000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINTRUST.dll" (normalized: "c:\\windows\\system32\\wintrust.dll")) returned 0x20 [0173.098] CoTaskMemFree (pv=0x6b3340) [0173.098] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ad80000, lpmodinfo=0x26b8268, cb=0x18 | out: lpmodinfo=0x26b8268*(lpBaseOfDll=0x7ff87ad80000, SizeOfImage=0x25000, EntryPoint=0x7ff87ad95220)) returned 1 [0173.105] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0173.105] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ad80000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="SLC.dll") returned 0x7 [0173.111] CoTaskMemFree (pv=0x6b3340) [0173.111] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0173.112] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ad80000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\SLC.dll" (normalized: "c:\\windows\\system32\\slc.dll")) returned 0x1b [0173.117] CoTaskMemFree (pv=0x6b2240) [0173.118] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ad20000, lpmodinfo=0x26ba400, cb=0x18 | out: lpmodinfo=0x26ba400*(lpBaseOfDll=0x7ff87ad20000, SizeOfImage=0x25000, EntryPoint=0x7ff87ad22300)) returned 1 [0173.123] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0173.123] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ad20000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="sppc.dll") returned 0x8 [0173.130] CoTaskMemFree (pv=0x6b0040) [0173.130] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0173.130] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ad20000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sppc.dll" (normalized: "c:\\windows\\system32\\sppc.dll")) returned 0x1c [0173.136] CoTaskMemFree (pv=0x6b19c0) [0173.136] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875130000, lpmodinfo=0x26bc5a8, cb=0x18 | out: lpmodinfo=0x26bc5a8*(lpBaseOfDll=0x7ff875130000, SizeOfImage=0x6d000, EntryPoint=0x7ff87513d750)) returned 1 [0173.142] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0173.142] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875130000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="PhotoMetadataHandler.dll") returned 0x18 [0173.148] CoTaskMemFree (pv=0x6b1140) [0173.148] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0173.148] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875130000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\PhotoMetadataHandler.dll" (normalized: "c:\\windows\\system32\\photometadatahandler.dll")) returned 0x2c [0173.157] CoTaskMemFree (pv=0x6b3340) [0173.157] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86d0a0000, lpmodinfo=0x26be790, cb=0x18 | out: lpmodinfo=0x26be790*(lpBaseOfDll=0x7ff86d0a0000, SizeOfImage=0xdb000, EntryPoint=0x7ff86d0b28b0)) returned 1 [0173.165] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0173.165] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86d0a0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="ntshrui.dll") returned 0xb [0173.171] CoTaskMemFree (pv=0x6b19c0) [0173.171] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0173.171] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86d0a0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntshrui.dll" (normalized: "c:\\windows\\system32\\ntshrui.dll")) returned 0x1f [0173.178] CoTaskMemFree (pv=0x6b08c0) [0173.178] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86d070000, lpmodinfo=0x26c0938, cb=0x18 | out: lpmodinfo=0x26c0938*(lpBaseOfDll=0x7ff86d070000, SizeOfImage=0x26000, EntryPoint=0x7ff86d071cf0)) returned 1 [0173.184] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0173.184] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86d070000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="srvcli.dll") returned 0xa [0173.190] CoTaskMemFree (pv=0x6b2ac0) [0173.191] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0173.191] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86d070000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\srvcli.dll" (normalized: "c:\\windows\\system32\\srvcli.dll")) returned 0x1e [0173.197] CoTaskMemFree (pv=0x6b0040) [0173.197] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8744b0000, lpmodinfo=0x26c2ae0, cb=0x18 | out: lpmodinfo=0x26c2ae0*(lpBaseOfDll=0x7ff8744b0000, SizeOfImage=0x12000, EntryPoint=0x7ff8744b3580)) returned 1 [0173.203] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0173.203] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8744b0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="cscapi.dll") returned 0xa [0173.209] CoTaskMemFree (pv=0x6b19c0) [0173.210] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0173.210] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8744b0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\cscapi.dll" (normalized: "c:\\windows\\system32\\cscapi.dll")) returned 0x1e [0173.216] CoTaskMemFree (pv=0x6b3340) [0173.216] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87b9d0000, lpmodinfo=0x26c4c88, cb=0x18 | out: lpmodinfo=0x26c4c88*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0173.223] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0173.223] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87b9d0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0173.229] CoTaskMemFree (pv=0x6b2240) [0173.229] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0173.229] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87b9d0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0173.246] CoTaskMemFree (pv=0x6b1140) [0173.246] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86d020000, lpmodinfo=0x26c6e40, cb=0x18 | out: lpmodinfo=0x26c6e40*(lpBaseOfDll=0x7ff86d020000, SizeOfImage=0x4d000, EntryPoint=0x7ff86d037de0)) returned 1 [0173.253] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0173.253] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86d020000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="thumbcache.dll") returned 0xe [0173.259] CoTaskMemFree (pv=0x6b1140) [0173.259] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0173.260] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86d020000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\thumbcache.dll" (normalized: "c:\\windows\\system32\\thumbcache.dll")) returned 0x22 [0173.266] CoTaskMemFree (pv=0x6b2ac0) [0173.266] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86cfd0000, lpmodinfo=0x26c8ff8, cb=0x18 | out: lpmodinfo=0x26c8ff8*(lpBaseOfDll=0x7ff86cfd0000, SizeOfImage=0xd000, EntryPoint=0x7ff86cfd1ea0)) returned 1 [0173.273] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0173.273] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86cfd0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="LINKINFO.dll") returned 0xc [0173.279] CoTaskMemFree (pv=0x6b19c0) [0173.280] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0173.280] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86cfd0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\LINKINFO.dll" (normalized: "c:\\windows\\system32\\linkinfo.dll")) returned 0x20 [0173.286] CoTaskMemFree (pv=0x6b19c0) [0173.286] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8764e0000, lpmodinfo=0x26cb1b0, cb=0x18 | out: lpmodinfo=0x26cb1b0*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0173.293] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0173.293] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8764e0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0173.299] CoTaskMemFree (pv=0x6b08c0) [0173.299] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0173.300] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8764e0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0173.306] CoTaskMemFree (pv=0x6b19c0) [0173.307] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86ce40000, lpmodinfo=0x26cd368, cb=0x18 | out: lpmodinfo=0x26cd368*(lpBaseOfDll=0x7ff86ce40000, SizeOfImage=0x18f000, EntryPoint=0x7ff86ce501d8)) returned 1 [0173.314] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0173.314] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86ce40000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="FileSyncShell64.dll") returned 0x13 [0173.321] CoTaskMemFree (pv=0x6b1140) [0173.321] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0173.321] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86ce40000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\amd64\\FileSyncShell64.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\amd64\\filesyncshell64.dll")) returned 0x61 [0173.327] CoTaskMemFree (pv=0x6b3340) [0173.327] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86cd90000, lpmodinfo=0x26cf5a8, cb=0x18 | out: lpmodinfo=0x26cf5a8*(lpBaseOfDll=0x7ff86cd90000, SizeOfImage=0xa6000, EntryPoint=0x7ff86cddefec)) returned 1 [0173.334] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0173.334] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86cd90000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="MSVCP120.dll") returned 0xc [0173.341] CoTaskMemFree (pv=0x6b19c0) [0173.341] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0173.341] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86cd90000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\amd64\\MSVCP120.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\amd64\\msvcp120.dll")) returned 0x5a [0173.348] CoTaskMemFree (pv=0x6b08c0) [0173.348] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86cca0000, lpmodinfo=0x26d17d0, cb=0x18 | out: lpmodinfo=0x26d17d0*(lpBaseOfDll=0x7ff86cca0000, SizeOfImage=0xef000, EntryPoint=0x7ff86ccc29cc)) returned 1 [0173.356] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0173.356] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86cca0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="MSVCR120.dll") returned 0xc [0173.363] CoTaskMemFree (pv=0x6b19c0) [0173.363] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0173.363] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86cca0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Users\\RDhJ0CNFevzX\\AppData\\Local\\Microsoft\\OneDrive\\17.3.5892.0626_4\\amd64\\MSVCR120.dll" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\local\\microsoft\\onedrive\\17.3.5892.0626_4\\amd64\\msvcr120.dll")) returned 0x5a [0173.369] CoTaskMemFree (pv=0x6b08c0) [0173.369] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff870d80000, lpmodinfo=0x26d39f8, cb=0x18 | out: lpmodinfo=0x26d39f8*(lpBaseOfDll=0x7ff870d80000, SizeOfImage=0xa000, EntryPoint=0x7ff870d81350)) returned 1 [0173.376] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0173.376] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff870d80000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="VERSION.dll") returned 0xb [0173.384] CoTaskMemFree (pv=0x6b0040) [0173.384] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0173.384] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff870d80000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\VERSION.dll" (normalized: "c:\\windows\\system32\\version.dll")) returned 0x1f [0173.391] CoTaskMemFree (pv=0x6b3340) [0173.391] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86ec80000, lpmodinfo=0x26d5ba0, cb=0x18 | out: lpmodinfo=0x26d5ba0*(lpBaseOfDll=0x7ff86ec80000, SizeOfImage=0x28e000, EntryPoint=0x7ff86ed50f00)) returned 1 [0173.398] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0173.398] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86ec80000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="WININET.dll") returned 0xb [0173.405] CoTaskMemFree (pv=0x6b08c0) [0173.405] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0173.405] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86ec80000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WININET.dll" (normalized: "c:\\windows\\system32\\wininet.dll")) returned 0x1f [0173.411] CoTaskMemFree (pv=0x6b1140) [0173.412] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86ca80000, lpmodinfo=0x26d7d48, cb=0x18 | out: lpmodinfo=0x26d7d48*(lpBaseOfDll=0x7ff86ca80000, SizeOfImage=0x214000, EntryPoint=0x7ff86ca81000)) returned 1 [0173.419] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0173.419] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86ca80000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="GROOVEEX.DLL") returned 0xc [0173.426] CoTaskMemFree (pv=0x6b3340) [0173.426] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0173.426] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86ca80000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\GROOVEEX.DLL" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\grooveex.dll")) returned 0x67 [0173.433] CoTaskMemFree (pv=0x6b2ac0) [0173.433] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86ca60000, lpmodinfo=0x26d9f88, cb=0x18 | out: lpmodinfo=0x26d9f88*(lpBaseOfDll=0x7ff86ca60000, SizeOfImage=0x17000, EntryPoint=0x7ff86ca6c440)) returned 1 [0173.440] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0173.440] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86ca60000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="VCRUNTIME140.dll") returned 0x10 [0173.447] CoTaskMemFree (pv=0x6b1140) [0173.447] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0173.448] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86ca60000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\VCRUNTIME140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\vcruntime140.dll")) returned 0x6b [0173.457] CoTaskMemFree (pv=0x6b2ac0) [0173.457] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c9c0000, lpmodinfo=0x26dc1d8, cb=0x18 | out: lpmodinfo=0x26dc1d8*(lpBaseOfDll=0x7ff86c9c0000, SizeOfImage=0x9e000, EntryPoint=0x7ff86ca09d40)) returned 1 [0173.464] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0173.464] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c9c0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="MSVCP140.dll") returned 0xc [0173.471] CoTaskMemFree (pv=0x6b0040) [0173.471] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0173.471] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c9c0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\MSVCP140.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\msvcp140.dll")) returned 0x67 [0173.478] CoTaskMemFree (pv=0x6b3340) [0173.479] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87b760000, lpmodinfo=0x26de418, cb=0x18 | out: lpmodinfo=0x26de418*(lpBaseOfDll=0x7ff87b760000, SizeOfImage=0xf4000, EntryPoint=0x7ff87b76a960)) returned 1 [0173.486] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0173.486] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87b760000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ucrtbase.dll") returned 0xc [0173.499] CoTaskMemFree (pv=0x6b2240) [0173.500] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0173.500] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87b760000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ucrtbase.dll" (normalized: "c:\\windows\\system32\\ucrtbase.dll")) returned 0x20 [0173.507] CoTaskMemFree (pv=0x6b2ac0) [0173.508] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c060000, lpmodinfo=0x26e05d0, cb=0x18 | out: lpmodinfo=0x26e05d0*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0173.515] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0173.515] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c060000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="CRYPTBASE.DLL") returned 0xd [0173.522] CoTaskMemFree (pv=0x6b1140) [0173.522] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0173.522] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c060000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTBASE.DLL" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0173.530] CoTaskMemFree (pv=0x6b3340) [0173.531] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff872ad0000, lpmodinfo=0x26e2788, cb=0x18 | out: lpmodinfo=0x26e2788*(lpBaseOfDll=0x7ff872ad0000, SizeOfImage=0x33a000, EntryPoint=0x7ff872ad8520)) returned 1 [0173.538] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0173.538] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff872ad0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="msi.dll") returned 0x7 [0173.545] CoTaskMemFree (pv=0x6b1140) [0173.545] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0173.545] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff872ad0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msi.dll" (normalized: "c:\\windows\\system32\\msi.dll")) returned 0x1b [0173.554] CoTaskMemFree (pv=0x6b19c0) [0173.554] GetModuleInformation (in: hProcess=0x264, hModule=0x180000000, lpmodinfo=0x26e4920, cb=0x18 | out: lpmodinfo=0x26e4920*(lpBaseOfDll=0x180000000, SizeOfImage=0x87e000, EntryPoint=0x0)) returned 1 [0173.561] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0173.561] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x180000000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="GrooveIntlResource.dll") returned 0x16 [0173.569] CoTaskMemFree (pv=0x6b08c0) [0173.569] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0173.569] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x180000000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Office\\root\\VFS\\ProgramFilesX64\\Microsoft Office\\Office16\\1033\\GrooveIntlResource.dll" (normalized: "c:\\program files (x86)\\microsoft office\\root\\vfs\\programfilesx64\\microsoft office\\office16\\1033\\grooveintlresource.dll")) returned 0x76 [0173.577] CoTaskMemFree (pv=0x6b3340) [0173.577] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c980000, lpmodinfo=0x26e6b90, cb=0x18 | out: lpmodinfo=0x26e6b90*(lpBaseOfDll=0x7ff86c980000, SizeOfImage=0x37000, EntryPoint=0x7ff86c9820a0)) returned 1 [0173.584] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0173.584] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c980000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="EhStorShell.dll") returned 0xf [0173.592] CoTaskMemFree (pv=0x6b0040) [0173.592] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0173.592] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c980000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\EhStorShell.dll" (normalized: "c:\\windows\\system32\\ehstorshell.dll")) returned 0x23 [0173.601] CoTaskMemFree (pv=0x6b19c0) [0173.601] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87efb0000, lpmodinfo=0x26e8d48, cb=0x18 | out: lpmodinfo=0x26e8d48*(lpBaseOfDll=0x7ff87efb0000, SizeOfImage=0x429000, EntryPoint=0x7ff87efd8740)) returned 1 [0173.608] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0173.608] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87efb0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="SETUPAPI.dll") returned 0xc [0173.616] CoTaskMemFree (pv=0x6b0040) [0173.616] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0173.616] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87efb0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SETUPAPI.dll" (normalized: "c:\\windows\\system32\\setupapi.dll")) returned 0x20 [0173.691] CoTaskMemFree (pv=0x6b1140) [0173.691] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff873bc0000, lpmodinfo=0x26eaf00, cb=0x18 | out: lpmodinfo=0x26eaf00*(lpBaseOfDll=0x7ff873bc0000, SizeOfImage=0x25d000, EntryPoint=0x7ff873c48610)) returned 1 [0173.699] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0173.699] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff873bc0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="twinui.appcore.dll") returned 0x12 [0173.708] CoTaskMemFree (pv=0x6b0040) [0173.708] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0173.708] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff873bc0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinui.appcore.dll" (normalized: "c:\\windows\\system32\\twinui.appcore.dll")) returned 0x26 [0173.716] CoTaskMemFree (pv=0x6b1140) [0173.716] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87a5e0000, lpmodinfo=0x26ed0c8, cb=0x18 | out: lpmodinfo=0x26ed0c8*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0173.724] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0173.724] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87a5e0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="CoreMessaging.dll") returned 0x11 [0173.732] CoTaskMemFree (pv=0x6b08c0) [0173.732] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0173.732] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87a5e0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0173.740] CoTaskMemFree (pv=0x6b19c0) [0173.740] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874220000, lpmodinfo=0x26ef290, cb=0x18 | out: lpmodinfo=0x26ef290*(lpBaseOfDll=0x7ff874220000, SizeOfImage=0x288000, EntryPoint=0x7ff87427f670)) returned 1 [0173.748] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0173.748] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874220000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="CoreUIComponents.dll") returned 0x14 [0173.757] CoTaskMemFree (pv=0x6b0040) [0173.757] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0173.757] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874220000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CoreUIComponents.dll" (normalized: "c:\\windows\\system32\\coreuicomponents.dll")) returned 0x28 [0173.765] CoTaskMemFree (pv=0x6b08c0) [0173.765] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c790000, lpmodinfo=0x26f1468, cb=0x18 | out: lpmodinfo=0x26f1468*(lpBaseOfDll=0x7ff86c790000, SizeOfImage=0x120000, EntryPoint=0x7ff86c7c8310)) returned 1 [0173.774] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0173.774] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c790000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="ApplicationFrame.dll") returned 0x14 [0173.782] CoTaskMemFree (pv=0x6b2ac0) [0173.782] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0173.782] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c790000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ApplicationFrame.dll" (normalized: "c:\\windows\\system32\\applicationframe.dll")) returned 0x28 [0173.790] CoTaskMemFree (pv=0x6b1140) [0173.790] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff879030000, lpmodinfo=0x26f3640, cb=0x18 | out: lpmodinfo=0x26f3640*(lpBaseOfDll=0x7ff879030000, SizeOfImage=0x545000, EntryPoint=0x7ff8791ca450)) returned 1 [0173.798] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0173.799] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff879030000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="d2d1.dll") returned 0x8 [0173.807] CoTaskMemFree (pv=0x6b3340) [0173.807] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0173.807] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff879030000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\d2d1.dll" (normalized: "c:\\windows\\system32\\d2d1.dll")) returned 0x1c [0173.815] CoTaskMemFree (pv=0x6b08c0) [0173.815] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c650000, lpmodinfo=0x26f57e8, cb=0x18 | out: lpmodinfo=0x26f57e8*(lpBaseOfDll=0x7ff86c650000, SizeOfImage=0xda000, EntryPoint=0x7ff86c683c00)) returned 1 [0173.823] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0173.823] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c650000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wpncore.dll") returned 0xb [0173.831] CoTaskMemFree (pv=0x6b08c0) [0173.831] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0173.831] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c650000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wpncore.dll" (normalized: "c:\\windows\\system32\\wpncore.dll")) returned 0x1f [0173.839] CoTaskMemFree (pv=0x6b2240) [0173.839] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878b20000, lpmodinfo=0x26f7990, cb=0x18 | out: lpmodinfo=0x26f7990*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0173.848] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0173.848] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878b20000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="WINHTTP.dll") returned 0xb [0173.857] CoTaskMemFree (pv=0x6b0040) [0173.857] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0173.857] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878b20000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINHTTP.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0173.866] CoTaskMemFree (pv=0x6b19c0) [0173.866] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86d240000, lpmodinfo=0x26f9b38, cb=0x18 | out: lpmodinfo=0x26f9b38*(lpBaseOfDll=0x7ff86d240000, SizeOfImage=0x86000, EntryPoint=0x7ff86d261e10)) returned 1 [0173.874] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0173.874] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86d240000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="NotificationController.dll") returned 0x1a [0173.882] CoTaskMemFree (pv=0x6b1140) [0173.882] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0173.883] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86d240000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NotificationController.dll" (normalized: "c:\\windows\\system32\\notificationcontroller.dll")) returned 0x2e [0173.891] CoTaskMemFree (pv=0x6b2240) [0173.891] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8740b0000, lpmodinfo=0x26fbd20, cb=0x18 | out: lpmodinfo=0x26fbd20*(lpBaseOfDll=0x7ff8740b0000, SizeOfImage=0x4b000, EntryPoint=0x7ff8740c7b70)) returned 1 [0173.899] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0173.899] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8740b0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="VEEventDispatcher.dll") returned 0x15 [0173.908] CoTaskMemFree (pv=0x6b08c0) [0173.908] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0173.908] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8740b0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\VEEventDispatcher.dll" (normalized: "c:\\windows\\system32\\veeventdispatcher.dll")) returned 0x29 [0173.918] CoTaskMemFree (pv=0x6b2ac0) [0173.918] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c620000, lpmodinfo=0x26fdef8, cb=0x18 | out: lpmodinfo=0x26fdef8*(lpBaseOfDll=0x7ff86c620000, SizeOfImage=0x2b000, EntryPoint=0x7ff86c624240)) returned 1 [0173.927] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0173.927] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c620000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="AboveLockAppHost.dll") returned 0x14 [0173.935] CoTaskMemFree (pv=0x6b1140) [0173.935] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0173.935] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c620000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\AboveLockAppHost.dll" (normalized: "c:\\windows\\system32\\abovelockapphost.dll")) returned 0x28 [0173.944] CoTaskMemFree (pv=0x6b1140) [0173.944] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c5f0000, lpmodinfo=0x27000d0, cb=0x18 | out: lpmodinfo=0x27000d0*(lpBaseOfDll=0x7ff86c5f0000, SizeOfImage=0x26000, EntryPoint=0x7ff86c605cb0)) returned 1 [0173.954] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0173.954] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c5f0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="npsm.dll") returned 0x8 [0173.962] CoTaskMemFree (pv=0x6b1140) [0173.962] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0173.962] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c5f0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npsm.dll" (normalized: "c:\\windows\\system32\\npsm.dll")) returned 0x1c [0173.971] CoTaskMemFree (pv=0x6b0040) [0173.971] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff873b20000, lpmodinfo=0x2702278, cb=0x18 | out: lpmodinfo=0x2702278*(lpBaseOfDll=0x7ff873b20000, SizeOfImage=0x15000, EntryPoint=0x7ff873b21ab0)) returned 1 [0173.979] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0173.979] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff873b20000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="execmodelproxy.dll") returned 0x12 [0173.989] CoTaskMemFree (pv=0x6b19c0) [0173.990] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0173.990] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff873b20000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\execmodelproxy.dll" (normalized: "c:\\windows\\system32\\execmodelproxy.dll")) returned 0x26 [0173.998] CoTaskMemFree (pv=0x6b0040) [0173.998] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86d200000, lpmodinfo=0x2704440, cb=0x18 | out: lpmodinfo=0x2704440*(lpBaseOfDll=0x7ff86d200000, SizeOfImage=0x15000, EntryPoint=0x7ff86d205740)) returned 1 [0174.007] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0174.007] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86d200000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="profext.dll") returned 0xb [0174.016] CoTaskMemFree (pv=0x6b2240) [0174.016] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0174.017] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86d200000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll")) returned 0x1f [0174.026] CoTaskMemFree (pv=0x6b3340) [0174.026] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87bab0000, lpmodinfo=0x27065e8, cb=0x18 | out: lpmodinfo=0x27065e8*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0174.035] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0174.035] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87bab0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0174.044] CoTaskMemFree (pv=0x6b2240) [0174.044] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0174.044] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87bab0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0174.055] CoTaskMemFree (pv=0x6b1140) [0174.055] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c500000, lpmodinfo=0x2708790, cb=0x18 | out: lpmodinfo=0x2708790*(lpBaseOfDll=0x7ff86c500000, SizeOfImage=0x97000, EntryPoint=0x7ff86c50ddc0)) returned 1 [0174.064] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0174.064] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c500000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wlidprov.dll") returned 0xc [0174.073] CoTaskMemFree (pv=0x6b19c0) [0174.073] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0174.073] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c500000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wlidprov.dll" (normalized: "c:\\windows\\system32\\wlidprov.dll")) returned 0x20 [0174.082] CoTaskMemFree (pv=0x6b1140) [0174.082] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878330000, lpmodinfo=0x270a948, cb=0x18 | out: lpmodinfo=0x270a948*(lpBaseOfDll=0x7ff878330000, SizeOfImage=0xae000, EntryPoint=0x7ff8783480c0)) returned 1 [0174.091] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0174.091] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878330000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="Windows.Networking.Connectivity.dll") returned 0x23 [0174.101] CoTaskMemFree (pv=0x6b3340) [0174.101] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0174.101] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878330000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")) returned 0x37 [0174.110] CoTaskMemFree (pv=0x6b0040) [0174.110] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c4f0000, lpmodinfo=0x270cb50, cb=0x18 | out: lpmodinfo=0x270cb50*(lpBaseOfDll=0x7ff86c4f0000, SizeOfImage=0xc000, EntryPoint=0x7ff86c4f14b0)) returned 1 [0174.119] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0174.119] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c4f0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="NotificationControllerPS.dll") returned 0x1c [0174.129] CoTaskMemFree (pv=0x6b1140) [0174.129] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0174.129] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c4f0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NotificationControllerPS.dll" (normalized: "c:\\windows\\system32\\notificationcontrollerps.dll")) returned 0x30 [0174.138] CoTaskMemFree (pv=0x6b2240) [0174.138] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c490000, lpmodinfo=0x270ed48, cb=0x18 | out: lpmodinfo=0x270ed48*(lpBaseOfDll=0x7ff86c490000, SizeOfImage=0x5c000, EntryPoint=0x7ff86c4a7190)) returned 1 [0174.147] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0174.148] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c490000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="NInput.dll") returned 0xa [0174.158] CoTaskMemFree (pv=0x6b19c0) [0174.158] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0174.158] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c490000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NInput.dll" (normalized: "c:\\windows\\system32\\ninput.dll")) returned 0x1e [0174.168] CoTaskMemFree (pv=0x6b2ac0) [0174.168] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874a90000, lpmodinfo=0x2710ef0, cb=0x18 | out: lpmodinfo=0x2710ef0*(lpBaseOfDll=0x7ff874a90000, SizeOfImage=0xe000, EntryPoint=0x7ff874a91460)) returned 1 [0174.177] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0174.177] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874a90000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0174.186] CoTaskMemFree (pv=0x6b2240) [0174.186] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0174.187] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874a90000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0174.197] CoTaskMemFree (pv=0x6b2ac0) [0174.197] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875480000, lpmodinfo=0x27130a8, cb=0x18 | out: lpmodinfo=0x27130a8*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0174.206] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0174.207] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875480000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0174.216] CoTaskMemFree (pv=0x6b2ac0) [0174.216] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0174.216] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875480000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0174.225] CoTaskMemFree (pv=0x6b2ac0) [0174.226] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87efa0000, lpmodinfo=0x2715260, cb=0x18 | out: lpmodinfo=0x2715260*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0174.260] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0174.260] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87efa0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0174.270] CoTaskMemFree (pv=0x6b08c0) [0174.270] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0174.270] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87efa0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0174.279] CoTaskMemFree (pv=0x6b2ac0) [0174.280] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878bf0000, lpmodinfo=0x27173f8, cb=0x18 | out: lpmodinfo=0x27173f8*(lpBaseOfDll=0x7ff878bf0000, SizeOfImage=0x61000, EntryPoint=0x7ff878bf4b50)) returned 1 [0174.290] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0174.290] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878bf0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="wlanapi.dll") returned 0xb [0174.300] CoTaskMemFree (pv=0x6b1140) [0174.300] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0174.300] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878bf0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")) returned 0x1f [0174.309] CoTaskMemFree (pv=0x6b08c0) [0174.309] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86d310000, lpmodinfo=0x27195a0, cb=0x18 | out: lpmodinfo=0x27195a0*(lpBaseOfDll=0x7ff86d310000, SizeOfImage=0x16000, EntryPoint=0x7ff86d311d50)) returned 1 [0174.319] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0174.319] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86d310000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wwapi.dll") returned 0x9 [0174.329] CoTaskMemFree (pv=0x6b2ac0) [0174.329] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0174.329] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86d310000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll")) returned 0x1d [0174.338] CoTaskMemFree (pv=0x6b19c0) [0174.339] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff879580000, lpmodinfo=0x271b748, cb=0x18 | out: lpmodinfo=0x271b748*(lpBaseOfDll=0x7ff879580000, SizeOfImage=0x26f000, EntryPoint=0x7ff8796322b0)) returned 1 [0174.348] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0174.348] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff879580000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="d3d10warp.dll") returned 0xd [0174.360] CoTaskMemFree (pv=0x6b0040) [0174.360] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0174.360] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff879580000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\d3d10warp.dll" (normalized: "c:\\windows\\system32\\d3d10warp.dll")) returned 0x21 [0174.369] CoTaskMemFree (pv=0x6b08c0) [0174.369] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8798d0000, lpmodinfo=0x271d900, cb=0x18 | out: lpmodinfo=0x271d900*(lpBaseOfDll=0x7ff8798d0000, SizeOfImage=0x4b000, EntryPoint=0x7ff8798e72b0)) returned 1 [0174.379] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0174.379] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8798d0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="UIAnimation.dll") returned 0xf [0174.389] CoTaskMemFree (pv=0x6b19c0) [0174.389] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0174.389] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8798d0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\UIAnimation.dll" (normalized: "c:\\windows\\system32\\uianimation.dll")) returned 0x23 [0174.399] CoTaskMemFree (pv=0x6b2240) [0174.399] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c400000, lpmodinfo=0x271fab8, cb=0x18 | out: lpmodinfo=0x271fab8*(lpBaseOfDll=0x7ff86c400000, SizeOfImage=0x22000, EntryPoint=0x7ff86c402580)) returned 1 [0174.409] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0174.409] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c400000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wcmapi.dll") returned 0xa [0174.419] CoTaskMemFree (pv=0x6b2240) [0174.419] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0174.419] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c400000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wcmapi.dll" (normalized: "c:\\windows\\system32\\wcmapi.dll")) returned 0x1e [0174.430] CoTaskMemFree (pv=0x6b3340) [0174.430] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87b380000, lpmodinfo=0x2721c60, cb=0x18 | out: lpmodinfo=0x2721c60*(lpBaseOfDll=0x7ff87b380000, SizeOfImage=0x2a000, EntryPoint=0x7ff87b388b90)) returned 1 [0174.440] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0174.440] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87b380000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="RMCLIENT.dll") returned 0xc [0174.449] CoTaskMemFree (pv=0x6b0040) [0174.450] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0174.450] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87b380000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RMCLIENT.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")) returned 0x20 [0174.460] CoTaskMemFree (pv=0x6b0040) [0174.460] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87eed0000, lpmodinfo=0x2723e18, cb=0x18 | out: lpmodinfo=0x2723e18*(lpBaseOfDll=0x7ff87eed0000, SizeOfImage=0x6b000, EntryPoint=0x7ff87eee90c0)) returned 1 [0174.471] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0174.471] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87eed0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="WS2_32.dll") returned 0xa [0174.481] CoTaskMemFree (pv=0x6b3340) [0174.481] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0174.481] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87eed0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WS2_32.dll" (normalized: "c:\\windows\\system32\\ws2_32.dll")) returned 0x1e [0174.491] CoTaskMemFree (pv=0x6b2240) [0174.491] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86d180000, lpmodinfo=0x2725fc0, cb=0x18 | out: lpmodinfo=0x2725fc0*(lpBaseOfDll=0x7ff86d180000, SizeOfImage=0x80000, EntryPoint=0x7ff86d1ad280)) returned 1 [0174.508] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0174.509] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86d180000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="webio.dll") returned 0x9 [0174.518] CoTaskMemFree (pv=0x6b19c0) [0174.519] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0174.519] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86d180000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\webio.dll" (normalized: "c:\\windows\\system32\\webio.dll")) returned 0x1d [0174.528] CoTaskMemFree (pv=0x6b08c0) [0174.528] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87be90000, lpmodinfo=0x2728168, cb=0x18 | out: lpmodinfo=0x2728168*(lpBaseOfDll=0x7ff87be90000, SizeOfImage=0x5c000, EntryPoint=0x7ff87bea6f70)) returned 1 [0174.538] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0174.539] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87be90000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="mswsock.dll") returned 0xb [0174.548] CoTaskMemFree (pv=0x6b2ac0) [0174.549] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0174.549] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87be90000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\mswsock.dll" (normalized: "c:\\windows\\system32\\mswsock.dll")) returned 0x1f [0174.559] CoTaskMemFree (pv=0x6b1140) [0174.559] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8750d0000, lpmodinfo=0x272a310, cb=0x18 | out: lpmodinfo=0x272a310*(lpBaseOfDll=0x7ff8750d0000, SizeOfImage=0xb000, EntryPoint=0x7ff8750d1d30)) returned 1 [0174.569] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0174.570] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8750d0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="WINNSI.DLL") returned 0xa [0174.581] CoTaskMemFree (pv=0x6b19c0) [0174.581] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0174.581] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8750d0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WINNSI.DLL" (normalized: "c:\\windows\\system32\\winnsi.dll")) returned 0x1e [0174.591] CoTaskMemFree (pv=0x6b2240) [0174.591] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874720000, lpmodinfo=0x272c4b8, cb=0x18 | out: lpmodinfo=0x272c4b8*(lpBaseOfDll=0x7ff874720000, SizeOfImage=0x5f000, EntryPoint=0x7ff87474bce0)) returned 1 [0174.602] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0174.602] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874720000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="dsreg.dll") returned 0x9 [0174.612] CoTaskMemFree (pv=0x6b1140) [0174.612] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0174.612] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874720000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\dsreg.dll" (normalized: "c:\\windows\\system32\\dsreg.dll")) returned 0x1d [0174.623] CoTaskMemFree (pv=0x6b3340) [0174.623] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875230000, lpmodinfo=0x272e660, cb=0x18 | out: lpmodinfo=0x272e660*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff875231b60)) returned 1 [0174.633] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0174.633] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875230000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0174.643] CoTaskMemFree (pv=0x6b19c0) [0174.644] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0174.644] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875230000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0174.655] CoTaskMemFree (pv=0x6b2ac0) [0174.655] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87bc10000, lpmodinfo=0x2730808, cb=0x18 | out: lpmodinfo=0x2730808*(lpBaseOfDll=0x7ff87bc10000, SizeOfImage=0xa000, EntryPoint=0x7ff87bc11830)) returned 1 [0174.666] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0174.667] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87bc10000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="DPAPI.DLL") returned 0x9 [0174.677] CoTaskMemFree (pv=0x6b2ac0) [0174.677] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0174.677] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87bc10000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\DPAPI.DLL" (normalized: "c:\\windows\\system32\\dpapi.dll")) returned 0x1d [0174.688] CoTaskMemFree (pv=0x6b2ac0) [0174.688] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87b030000, lpmodinfo=0x27329b0, cb=0x18 | out: lpmodinfo=0x27329b0*(lpBaseOfDll=0x7ff87b030000, SizeOfImage=0xaa000, EntryPoint=0x7ff87b057910)) returned 1 [0174.698] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0174.698] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87b030000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="DNSAPI.dll") returned 0xa [0174.709] CoTaskMemFree (pv=0x6b19c0) [0174.709] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0174.709] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87b030000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DNSAPI.dll" (normalized: "c:\\windows\\system32\\dnsapi.dll")) returned 0x1e [0174.720] CoTaskMemFree (pv=0x6b2240) [0174.721] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874830000, lpmodinfo=0x2734b58, cb=0x18 | out: lpmodinfo=0x2734b58*(lpBaseOfDll=0x7ff874830000, SizeOfImage=0xa000, EntryPoint=0x7ff8748314c0)) returned 1 [0174.731] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0174.731] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874830000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="rasadhlp.dll") returned 0xc [0174.741] CoTaskMemFree (pv=0x6b1140) [0174.741] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0174.742] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874830000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\rasadhlp.dll" (normalized: "c:\\windows\\system32\\rasadhlp.dll")) returned 0x20 [0174.752] CoTaskMemFree (pv=0x6b2ac0) [0174.752] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87bb10000, lpmodinfo=0x2736d10, cb=0x18 | out: lpmodinfo=0x2736d10*(lpBaseOfDll=0x7ff87bb10000, SizeOfImage=0x7a000, EntryPoint=0x7ff87bb31a50)) returned 1 [0174.764] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0174.764] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87bb10000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="schannel.DLL") returned 0xc [0174.775] CoTaskMemFree (pv=0x6b2240) [0174.775] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0174.775] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87bb10000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\schannel.DLL" (normalized: "c:\\windows\\system32\\schannel.dll")) returned 0x20 [0174.787] CoTaskMemFree (pv=0x6b2ac0) [0174.787] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c8b0000, lpmodinfo=0x27396e0, cb=0x18 | out: lpmodinfo=0x27396e0*(lpBaseOfDll=0x7ff86c8b0000, SizeOfImage=0x14000, EntryPoint=0x7ff86c8b3710)) returned 1 [0174.798] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0174.798] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c8b0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="mskeyprotect.dll") returned 0x10 [0174.808] CoTaskMemFree (pv=0x6b3340) [0174.809] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0174.809] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c8b0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\mskeyprotect.dll" (normalized: "c:\\windows\\system32\\mskeyprotect.dll")) returned 0x24 [0174.874] CoTaskMemFree (pv=0x6b0040) [0174.874] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c130000, lpmodinfo=0x273b8a8, cb=0x18 | out: lpmodinfo=0x273b8a8*(lpBaseOfDll=0x7ff87c130000, SizeOfImage=0x27000, EntryPoint=0x7ff87c140aa0)) returned 1 [0174.885] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0174.885] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c130000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="ncrypt.dll") returned 0xa [0174.895] CoTaskMemFree (pv=0x6b19c0) [0174.896] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0174.896] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c130000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ncrypt.dll" (normalized: "c:\\windows\\system32\\ncrypt.dll")) returned 0x1e [0174.907] CoTaskMemFree (pv=0x6b2240) [0174.907] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c0f0000, lpmodinfo=0x273da50, cb=0x18 | out: lpmodinfo=0x273da50*(lpBaseOfDll=0x7ff87c0f0000, SizeOfImage=0x3a000, EntryPoint=0x7ff87c0f8d20)) returned 1 [0174.918] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0174.918] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c0f0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="NTASN1.dll") returned 0xa [0174.929] CoTaskMemFree (pv=0x6b08c0) [0174.929] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0174.929] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c0f0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\NTASN1.dll" (normalized: "c:\\windows\\system32\\ntasn1.dll")) returned 0x1e [0174.939] CoTaskMemFree (pv=0x6b19c0) [0174.940] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c960000, lpmodinfo=0x273fbf8, cb=0x18 | out: lpmodinfo=0x273fbf8*(lpBaseOfDll=0x7ff86c960000, SizeOfImage=0x1e000, EntryPoint=0x7ff86c96ef80)) returned 1 [0174.952] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0174.952] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c960000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ncryptsslp.dll") returned 0xe [0174.964] CoTaskMemFree (pv=0x6b08c0) [0174.964] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0174.964] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c960000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ncryptsslp.dll" (normalized: "c:\\windows\\system32\\ncryptsslp.dll")) returned 0x22 [0174.975] CoTaskMemFree (pv=0x6b2ac0) [0174.976] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875a10000, lpmodinfo=0x2741db0, cb=0x18 | out: lpmodinfo=0x2741db0*(lpBaseOfDll=0x7ff875a10000, SizeOfImage=0x19000, EntryPoint=0x7ff875a14520)) returned 1 [0174.987] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0174.987] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875a10000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="samcli.dll") returned 0xa [0174.998] CoTaskMemFree (pv=0x6b19c0) [0174.998] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0174.998] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875a10000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\samcli.dll" (normalized: "c:\\windows\\system32\\samcli.dll")) returned 0x1e [0175.010] CoTaskMemFree (pv=0x6b19c0) [0175.010] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874590000, lpmodinfo=0x2743f58, cb=0x18 | out: lpmodinfo=0x2743f58*(lpBaseOfDll=0x7ff874590000, SizeOfImage=0x10d000, EntryPoint=0x7ff8745bf420)) returned 1 [0175.022] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0175.022] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874590000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="MFPlat.DLL") returned 0xa [0175.033] CoTaskMemFree (pv=0x6b0040) [0175.033] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0175.033] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874590000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MFPlat.DLL" (normalized: "c:\\windows\\system32\\mfplat.dll")) returned 0x1e [0175.045] CoTaskMemFree (pv=0x6b3340) [0175.045] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874560000, lpmodinfo=0x2746100, cb=0x18 | out: lpmodinfo=0x2746100*(lpBaseOfDll=0x7ff874560000, SizeOfImage=0x2b000, EntryPoint=0x7ff87456c3c0)) returned 1 [0175.056] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0175.057] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874560000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="RTWorkQ.DLL") returned 0xb [0175.069] CoTaskMemFree (pv=0x6b2ac0) [0175.069] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0175.069] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874560000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RTWorkQ.DLL" (normalized: "c:\\windows\\system32\\rtworkq.dll")) returned 0x1f [0175.080] CoTaskMemFree (pv=0x6b2ac0) [0175.081] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c1c0000, lpmodinfo=0x27482a8, cb=0x18 | out: lpmodinfo=0x27482a8*(lpBaseOfDll=0x7ff86c1c0000, SizeOfImage=0x64000, EntryPoint=0x7ff86c1c6b20)) returned 1 [0175.093] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0175.093] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c1c0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="stobject.dll") returned 0xc [0175.105] CoTaskMemFree (pv=0x6b2240) [0175.106] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0175.106] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c1c0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\stobject.dll" (normalized: "c:\\windows\\system32\\stobject.dll")) returned 0x20 [0175.117] CoTaskMemFree (pv=0x6b08c0) [0175.117] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875d20000, lpmodinfo=0x274a460, cb=0x18 | out: lpmodinfo=0x274a460*(lpBaseOfDll=0x7ff875d20000, SizeOfImage=0x11000, EntryPoint=0x7ff875d23320)) returned 1 [0175.128] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0175.128] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875d20000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="WMICLNT.dll") returned 0xb [0175.139] CoTaskMemFree (pv=0x6b0040) [0175.139] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0175.140] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875d20000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WMICLNT.dll" (normalized: "c:\\windows\\system32\\wmiclnt.dll")) returned 0x1f [0175.151] CoTaskMemFree (pv=0x6b2240) [0175.151] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8736c0000, lpmodinfo=0x274c608, cb=0x18 | out: lpmodinfo=0x274c608*(lpBaseOfDll=0x7ff8736c0000, SizeOfImage=0x2a3000, EntryPoint=0x7ff8736e6190)) returned 1 [0175.164] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0175.164] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8736c0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="Windows.StateRepository.dll") returned 0x1b [0175.176] CoTaskMemFree (pv=0x6b19c0) [0175.176] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0175.176] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8736c0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")) returned 0x2f [0175.188] CoTaskMemFree (pv=0x6b08c0) [0175.188] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff873620000, lpmodinfo=0x274e7f0, cb=0x18 | out: lpmodinfo=0x274e7f0*(lpBaseOfDll=0x7ff873620000, SizeOfImage=0x94000, EntryPoint=0x7ff873659210)) returned 1 [0175.199] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0175.199] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff873620000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="StateRepository.Core.dll") returned 0x18 [0175.211] CoTaskMemFree (pv=0x6b08c0) [0175.211] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0175.211] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff873620000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")) returned 0x2c [0175.222] CoTaskMemFree (pv=0x6b3340) [0175.222] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86ab40000, lpmodinfo=0x27509d8, cb=0x18 | out: lpmodinfo=0x27509d8*(lpBaseOfDll=0x7ff86ab40000, SizeOfImage=0x1fe000, EntryPoint=0x7ff86ab416c0)) returned 1 [0175.250] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0175.250] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86ab40000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="BatMeter.dll") returned 0xc [0175.262] CoTaskMemFree (pv=0x6b19c0) [0175.262] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0175.262] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86ab40000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\BatMeter.dll" (normalized: "c:\\windows\\system32\\batmeter.dll")) returned 0x20 [0175.275] CoTaskMemFree (pv=0x6b2ac0) [0175.275] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c480000, lpmodinfo=0x2752b90, cb=0x18 | out: lpmodinfo=0x2752b90*(lpBaseOfDll=0x7ff87c480000, SizeOfImage=0x99000, EntryPoint=0x7ff87c4af4e0)) returned 1 [0175.286] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0175.286] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c480000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="sxs.dll") returned 0x7 [0175.298] CoTaskMemFree (pv=0x6b0040) [0175.298] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0175.298] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c480000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0175.311] CoTaskMemFree (pv=0x6b0040) [0175.311] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87a1a0000, lpmodinfo=0x2754d28, cb=0x18 | out: lpmodinfo=0x2754d28*(lpBaseOfDll=0x7ff87a1a0000, SizeOfImage=0x4f000, EntryPoint=0x7ff87a1a7ab0)) returned 1 [0175.323] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0175.323] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87a1a0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="InputSwitch.dll") returned 0xf [0175.335] CoTaskMemFree (pv=0x6b0040) [0175.335] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0175.335] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87a1a0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\InputSwitch.dll" (normalized: "c:\\windows\\system32\\inputswitch.dll")) returned 0x23 [0175.350] CoTaskMemFree (pv=0x6b2240) [0175.350] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff868260000, lpmodinfo=0x2756ee0, cb=0x18 | out: lpmodinfo=0x2756ee0*(lpBaseOfDll=0x7ff868260000, SizeOfImage=0x15a000, EntryPoint=0x7ff868264610)) returned 1 [0175.362] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0175.362] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff868260000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="Windows.UI.Shell.dll") returned 0x14 [0175.374] CoTaskMemFree (pv=0x6b08c0) [0175.374] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0175.374] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff868260000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.Shell.dll" (normalized: "c:\\windows\\system32\\windows.ui.shell.dll")) returned 0x28 [0175.387] CoTaskMemFree (pv=0x6b1140) [0175.387] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff877bb0000, lpmodinfo=0x27590b8, cb=0x18 | out: lpmodinfo=0x27590b8*(lpBaseOfDll=0x7ff877bb0000, SizeOfImage=0x6a000, EntryPoint=0x7ff877bb9d60)) returned 1 [0175.399] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0175.399] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff877bb0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wincorlib.DLL") returned 0xd [0175.411] CoTaskMemFree (pv=0x6b08c0) [0175.411] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0175.411] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff877bb0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wincorlib.DLL" (normalized: "c:\\windows\\system32\\wincorlib.dll")) returned 0x21 [0175.423] CoTaskMemFree (pv=0x6b19c0) [0175.424] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878580000, lpmodinfo=0x275b270, cb=0x18 | out: lpmodinfo=0x275b270*(lpBaseOfDll=0x7ff878580000, SizeOfImage=0x7a000, EntryPoint=0x7ff8785a7630)) returned 1 [0175.436] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0175.436] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878580000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="es.dll") returned 0x6 [0175.448] CoTaskMemFree (pv=0x6b2240) [0175.448] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0175.448] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878580000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\es.dll" (normalized: "c:\\windows\\system32\\es.dll")) returned 0x1a [0175.461] CoTaskMemFree (pv=0x6b2240) [0175.461] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8681e0000, lpmodinfo=0x275d408, cb=0x18 | out: lpmodinfo=0x275d408*(lpBaseOfDll=0x7ff8681e0000, SizeOfImage=0x7b000, EntryPoint=0x7ff8681e3af0)) returned 1 [0175.474] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0175.474] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8681e0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="prnfldr.dll") returned 0xb [0175.486] CoTaskMemFree (pv=0x6b2ac0) [0175.487] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0175.487] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8681e0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\prnfldr.dll" (normalized: "c:\\windows\\system32\\prnfldr.dll")) returned 0x1f [0175.506] CoTaskMemFree (pv=0x6b3340) [0175.506] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c1b0000, lpmodinfo=0x275f5b0, cb=0x18 | out: lpmodinfo=0x275f5b0*(lpBaseOfDll=0x7ff86c1b0000, SizeOfImage=0x10000, EntryPoint=0x7ff86c1b78e0)) returned 1 [0175.518] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0175.518] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c1b0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="atlthunk.dll") returned 0xc [0175.531] CoTaskMemFree (pv=0x6b0040) [0175.531] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0175.532] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c1b0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\atlthunk.dll" (normalized: "c:\\windows\\system32\\atlthunk.dll")) returned 0x20 [0175.544] CoTaskMemFree (pv=0x6b19c0) [0175.544] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff868160000, lpmodinfo=0x2761768, cb=0x18 | out: lpmodinfo=0x2761768*(lpBaseOfDll=0x7ff868160000, SizeOfImage=0x79000, EntryPoint=0x7ff8681622d0)) returned 1 [0175.556] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0175.556] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff868160000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="dxp.dll") returned 0x7 [0175.569] CoTaskMemFree (pv=0x6b2ac0) [0175.569] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0175.569] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff868160000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\dxp.dll" (normalized: "c:\\windows\\system32\\dxp.dll")) returned 0x1b [0175.582] CoTaskMemFree (pv=0x6b08c0) [0175.582] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff868110000, lpmodinfo=0x2763900, cb=0x18 | out: lpmodinfo=0x2763900*(lpBaseOfDll=0x7ff868110000, SizeOfImage=0x42000, EntryPoint=0x7ff868112230)) returned 1 [0175.594] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0175.594] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff868110000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="SHDOCVW.dll") returned 0xb [0175.608] CoTaskMemFree (pv=0x6b0040) [0175.608] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0175.608] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff868110000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHDOCVW.dll" (normalized: "c:\\windows\\system32\\shdocvw.dll")) returned 0x1f [0175.620] CoTaskMemFree (pv=0x6b08c0) [0175.620] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c190000, lpmodinfo=0x2765aa8, cb=0x18 | out: lpmodinfo=0x2765aa8*(lpBaseOfDll=0x7ff86c190000, SizeOfImage=0x17000, EntryPoint=0x7ff86c192790)) returned 1 [0175.632] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0175.640] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c190000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="Syncreg.dll") returned 0xb [0175.653] CoTaskMemFree (pv=0x6b1140) [0175.653] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0175.653] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c190000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Syncreg.dll" (normalized: "c:\\windows\\system32\\syncreg.dll")) returned 0x1f [0175.666] CoTaskMemFree (pv=0x6b2240) [0175.666] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8680c0000, lpmodinfo=0x2767c50, cb=0x18 | out: lpmodinfo=0x2767c50*(lpBaseOfDll=0x7ff8680c0000, SizeOfImage=0x50000, EntryPoint=0x7ff8680cbe50)) returned 1 [0175.682] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0175.682] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8680c0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="Actioncenter.dll") returned 0x10 [0175.694] CoTaskMemFree (pv=0x6b1140) [0175.694] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0175.694] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8680c0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Actioncenter.dll" (normalized: "c:\\windows\\system32\\actioncenter.dll")) returned 0x24 [0175.707] CoTaskMemFree (pv=0x6b3340) [0175.707] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8788f0000, lpmodinfo=0x2769e18, cb=0x18 | out: lpmodinfo=0x2769e18*(lpBaseOfDll=0x7ff8788f0000, SizeOfImage=0x64000, EntryPoint=0x7ff878905ae0)) returned 1 [0175.720] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0175.720] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8788f0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wevtapi.dll") returned 0xb [0175.733] CoTaskMemFree (pv=0x6b19c0) [0175.733] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0175.733] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8788f0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wevtapi.dll" (normalized: "c:\\windows\\system32\\wevtapi.dll")) returned 0x1f [0175.745] CoTaskMemFree (pv=0x6b08c0) [0175.745] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff867e70000, lpmodinfo=0x276bfc0, cb=0x18 | out: lpmodinfo=0x276bfc0*(lpBaseOfDll=0x7ff867e70000, SizeOfImage=0x243000, EntryPoint=0x7ff867e736c0)) returned 1 [0175.759] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0175.759] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff867e70000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="authui.dll") returned 0xa [0175.773] CoTaskMemFree (pv=0x6b0040) [0175.773] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0175.773] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff867e70000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\authui.dll" (normalized: "c:\\windows\\system32\\authui.dll")) returned 0x1e [0175.785] CoTaskMemFree (pv=0x6b08c0) [0175.785] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff867de0000, lpmodinfo=0x276e168, cb=0x18 | out: lpmodinfo=0x276e168*(lpBaseOfDll=0x7ff867de0000, SizeOfImage=0x88000, EntryPoint=0x7ff867df4510)) returned 1 [0175.798] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0175.798] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff867de0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="AUDIOSES.DLL") returned 0xc [0175.811] CoTaskMemFree (pv=0x6b0040) [0175.811] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0175.811] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff867de0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\AUDIOSES.DLL" (normalized: "c:\\windows\\system32\\audioses.dll")) returned 0x20 [0175.825] CoTaskMemFree (pv=0x6b3340) [0175.825] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8670a0000, lpmodinfo=0x2770320, cb=0x18 | out: lpmodinfo=0x2770320*(lpBaseOfDll=0x7ff8670a0000, SizeOfImage=0x1c0000, EntryPoint=0x7ff8670a9e40)) returned 1 [0175.837] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0175.838] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8670a0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="pnidui.dll") returned 0xa [0175.851] CoTaskMemFree (pv=0x6b3340) [0175.851] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0175.851] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8670a0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\pnidui.dll" (normalized: "c:\\windows\\system32\\pnidui.dll")) returned 0x1e [0175.864] CoTaskMemFree (pv=0x6b2ac0) [0175.864] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8759e0000, lpmodinfo=0x27724c8, cb=0x18 | out: lpmodinfo=0x27724c8*(lpBaseOfDll=0x7ff8759e0000, SizeOfImage=0x23000, EntryPoint=0x7ff8759e99a0)) returned 1 [0175.877] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0175.878] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8759e0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="NetworkStatus.dll") returned 0x11 [0175.890] CoTaskMemFree (pv=0x6b2240) [0175.890] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0175.890] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8759e0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NetworkStatus.dll" (normalized: "c:\\windows\\system32\\networkstatus.dll")) returned 0x25 [0175.904] CoTaskMemFree (pv=0x6b1140) [0175.904] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f3b0000, lpmodinfo=0x2774690, cb=0x18 | out: lpmodinfo=0x2774690*(lpBaseOfDll=0x7ff86f3b0000, SizeOfImage=0x79000, EntryPoint=0x7ff86f3b76a0)) returned 1 [0175.926] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0175.926] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f3b0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="NetSetupShim.dll") returned 0x10 [0175.940] CoTaskMemFree (pv=0x6b0040) [0175.940] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0175.940] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f3b0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NetSetupShim.dll" (normalized: "c:\\windows\\system32\\netsetupshim.dll")) returned 0x24 [0175.953] CoTaskMemFree (pv=0x6b08c0) [0175.953] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f390000, lpmodinfo=0x2776858, cb=0x18 | out: lpmodinfo=0x2776858*(lpBaseOfDll=0x7ff86f390000, SizeOfImage=0x1f000, EntryPoint=0x7ff86f3937e0)) returned 1 [0175.966] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0175.967] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f390000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="NetSetupApi.dll") returned 0xf [0175.985] CoTaskMemFree (pv=0x6b3340) [0175.986] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0175.986] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f390000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NetSetupApi.dll" (normalized: "c:\\windows\\system32\\netsetupapi.dll")) returned 0x23 [0176.036] CoTaskMemFree (pv=0x6b19c0) [0176.036] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ae10000, lpmodinfo=0x2778a10, cb=0x18 | out: lpmodinfo=0x2778a10*(lpBaseOfDll=0x7ff87ae10000, SizeOfImage=0x15000, EntryPoint=0x7ff87ae12850)) returned 1 [0176.050] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0176.051] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ae10000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wpdshserviceobj.dll") returned 0x13 [0176.064] CoTaskMemFree (pv=0x6b19c0) [0176.064] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0176.064] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ae10000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\wpdshserviceobj.dll" (normalized: "c:\\windows\\system32\\wpdshserviceobj.dll")) returned 0x27 [0176.078] CoTaskMemFree (pv=0x6b08c0) [0176.078] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff879c50000, lpmodinfo=0x277abd8, cb=0x18 | out: lpmodinfo=0x277abd8*(lpBaseOfDll=0x7ff879c50000, SizeOfImage=0x33000, EntryPoint=0x7ff879c53800)) returned 1 [0176.092] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0176.092] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff879c50000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="PortableDeviceTypes.dll") returned 0x17 [0176.108] CoTaskMemFree (pv=0x6b0040) [0176.108] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0176.108] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff879c50000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PortableDeviceTypes.dll" (normalized: "c:\\windows\\system32\\portabledevicetypes.dll")) returned 0x2b [0176.121] CoTaskMemFree (pv=0x6b2240) [0176.123] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878180000, lpmodinfo=0x277cdb0, cb=0x18 | out: lpmodinfo=0x277cdb0*(lpBaseOfDll=0x7ff878180000, SizeOfImage=0xa1000, EntryPoint=0x7ff878183db0)) returned 1 [0176.136] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0176.136] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878180000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="PortableDeviceApi.dll") returned 0x15 [0176.149] CoTaskMemFree (pv=0x6b3340) [0176.149] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0176.150] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878180000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PortableDeviceApi.dll" (normalized: "c:\\windows\\system32\\portabledeviceapi.dll")) returned 0x29 [0176.163] CoTaskMemFree (pv=0x6b3340) [0176.163] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff879bb0000, lpmodinfo=0x277ef88, cb=0x18 | out: lpmodinfo=0x277ef88*(lpBaseOfDll=0x7ff879bb0000, SizeOfImage=0x40000, EntryPoint=0x7ff879bc3750)) returned 1 [0176.177] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0176.177] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff879bb0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="SettingMonitor.dll") returned 0x12 [0176.190] CoTaskMemFree (pv=0x6b08c0) [0176.190] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0176.191] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff879bb0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SettingMonitor.dll" (normalized: "c:\\windows\\system32\\settingmonitor.dll")) returned 0x26 [0176.215] CoTaskMemFree (pv=0x6b2ac0) [0176.215] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff879ae0000, lpmodinfo=0x2781150, cb=0x18 | out: lpmodinfo=0x2781150*(lpBaseOfDll=0x7ff879ae0000, SizeOfImage=0xc6000, EntryPoint=0x7ff879ae3ac0)) returned 1 [0176.228] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0176.228] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff879ae0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="cscui.dll") returned 0x9 [0176.295] CoTaskMemFree (pv=0x6b0040) [0176.296] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0176.296] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff879ae0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cscui.dll" (normalized: "c:\\windows\\system32\\cscui.dll")) returned 0x1d [0176.309] CoTaskMemFree (pv=0x6b08c0) [0176.309] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff877dd0000, lpmodinfo=0x27832f8, cb=0x18 | out: lpmodinfo=0x27832f8*(lpBaseOfDll=0x7ff877dd0000, SizeOfImage=0x51000, EntryPoint=0x7ff877dd25e0)) returned 1 [0176.323] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0176.323] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff877dd0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="cscobj.dll") returned 0xa [0176.337] CoTaskMemFree (pv=0x6b3340) [0176.337] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0176.337] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff877dd0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\cscobj.dll" (normalized: "c:\\windows\\system32\\cscobj.dll")) returned 0x1e [0176.350] CoTaskMemFree (pv=0x6b0040) [0176.350] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff877d90000, lpmodinfo=0x27854a0, cb=0x18 | out: lpmodinfo=0x27854a0*(lpBaseOfDll=0x7ff877d90000, SizeOfImage=0x3c000, EntryPoint=0x7ff877d925e0)) returned 1 [0176.365] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0176.365] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff877d90000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="bthprops.cpl") returned 0xc [0176.378] CoTaskMemFree (pv=0x6b08c0) [0176.378] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0176.378] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff877d90000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\bthprops.cpl" (normalized: "c:\\windows\\system32\\bthprops.cpl")) returned 0x20 [0176.392] CoTaskMemFree (pv=0x6b0040) [0176.392] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875270000, lpmodinfo=0x2787658, cb=0x18 | out: lpmodinfo=0x2787658*(lpBaseOfDll=0x7ff875270000, SizeOfImage=0x16000, EntryPoint=0x7ff8752719f0)) returned 1 [0176.406] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0176.406] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875270000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="dhcpcsvc6.DLL") returned 0xd [0176.421] CoTaskMemFree (pv=0x6b2240) [0176.421] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0176.421] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875270000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dhcpcsvc6.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc6.dll")) returned 0x21 [0176.435] CoTaskMemFree (pv=0x6b3340) [0176.436] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875250000, lpmodinfo=0x2789810, cb=0x18 | out: lpmodinfo=0x2789810*(lpBaseOfDll=0x7ff875250000, SizeOfImage=0x1a000, EntryPoint=0x7ff875252430)) returned 1 [0176.449] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0176.450] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875250000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="dhcpcsvc.DLL") returned 0xc [0176.463] CoTaskMemFree (pv=0x6b3340) [0176.464] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0176.464] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875250000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dhcpcsvc.DLL" (normalized: "c:\\windows\\system32\\dhcpcsvc.dll")) returned 0x20 [0176.478] CoTaskMemFree (pv=0x6b0040) [0176.478] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff877d30000, lpmodinfo=0x278b9c8, cb=0x18 | out: lpmodinfo=0x278b9c8*(lpBaseOfDll=0x7ff877d30000, SizeOfImage=0x5d000, EntryPoint=0x7ff877d36c90)) returned 1 [0176.492] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0176.492] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff877d30000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="srchadmin.dll") returned 0xd [0176.517] CoTaskMemFree (pv=0x6b2ac0) [0176.517] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0176.517] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff877d30000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\srchadmin.dll" (normalized: "c:\\windows\\system32\\srchadmin.dll")) returned 0x21 [0176.531] CoTaskMemFree (pv=0x6b19c0) [0176.531] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8727c0000, lpmodinfo=0x278db80, cb=0x18 | out: lpmodinfo=0x278db80*(lpBaseOfDll=0x7ff8727c0000, SizeOfImage=0x40000, EntryPoint=0x7ff8727d6c60)) returned 1 [0176.545] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0176.545] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8727c0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0176.559] CoTaskMemFree (pv=0x6b2240) [0176.559] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0176.559] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8727c0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0176.572] CoTaskMemFree (pv=0x6b08c0) [0176.572] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff866d50000, lpmodinfo=0x278fd38, cb=0x18 | out: lpmodinfo=0x278fd38*(lpBaseOfDll=0x7ff866d50000, SizeOfImage=0x346000, EntryPoint=0x7ff866d58530)) returned 1 [0176.588] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0176.588] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff866d50000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="SyncCenter.dll") returned 0xe [0176.603] CoTaskMemFree (pv=0x6b19c0) [0176.603] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0176.603] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff866d50000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\SyncCenter.dll" (normalized: "c:\\windows\\system32\\synccenter.dll")) returned 0x22 [0176.617] CoTaskMemFree (pv=0x6b2ac0) [0176.617] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff877ca0000, lpmodinfo=0x2791ef0, cb=0x18 | out: lpmodinfo=0x2791ef0*(lpBaseOfDll=0x7ff877ca0000, SizeOfImage=0x82000, EntryPoint=0x7ff877ca4ef0)) returned 1 [0176.631] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0176.631] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff877ca0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="imapi2.dll") returned 0xa [0176.645] CoTaskMemFree (pv=0x6b0040) [0176.645] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0176.645] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff877ca0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\imapi2.dll" (normalized: "c:\\windows\\system32\\imapi2.dll")) returned 0x1e [0176.660] CoTaskMemFree (pv=0x6b3340) [0176.660] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875a40000, lpmodinfo=0x2794098, cb=0x18 | out: lpmodinfo=0x2794098*(lpBaseOfDll=0x7ff875a40000, SizeOfImage=0xa0000, EntryPoint=0x7ff875a656b0)) returned 1 [0176.674] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0176.674] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875a40000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="hgcpl.dll") returned 0x9 [0176.689] CoTaskMemFree (pv=0x6b3340) [0176.689] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0176.690] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875a40000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\hgcpl.dll" (normalized: "c:\\windows\\system32\\hgcpl.dll")) returned 0x1d [0176.704] CoTaskMemFree (pv=0x6b2ac0) [0176.704] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875940000, lpmodinfo=0x2796240, cb=0x18 | out: lpmodinfo=0x2796240*(lpBaseOfDll=0x7ff875940000, SizeOfImage=0x98000, EntryPoint=0x7ff875963980)) returned 1 [0176.718] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0176.718] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875940000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="DUser.dll") returned 0x9 [0176.733] CoTaskMemFree (pv=0x6b3340) [0176.733] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0176.733] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875940000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DUser.dll" (normalized: "c:\\windows\\system32\\duser.dll")) returned 0x1d [0176.747] CoTaskMemFree (pv=0x6b19c0) [0176.748] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff877c20000, lpmodinfo=0x27983e8, cb=0x18 | out: lpmodinfo=0x27983e8*(lpBaseOfDll=0x7ff877c20000, SizeOfImage=0x77000, EntryPoint=0x7ff877c22af0)) returned 1 [0176.762] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0176.762] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff877c20000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="provsvc.dll") returned 0xb [0176.776] CoTaskMemFree (pv=0x6b2ac0) [0176.776] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0176.777] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff877c20000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\provsvc.dll" (normalized: "c:\\windows\\system32\\provsvc.dll")) returned 0x1f [0176.792] CoTaskMemFree (pv=0x6b0040) [0176.792] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86b060000, lpmodinfo=0x279a590, cb=0x18 | out: lpmodinfo=0x279a590*(lpBaseOfDll=0x7ff86b060000, SizeOfImage=0x48000, EntryPoint=0x7ff86b06a430)) returned 1 [0176.807] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0176.807] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86b060000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="NotificationObjFactory.dll") returned 0x1a [0176.821] CoTaskMemFree (pv=0x6b3340) [0176.821] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0176.821] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86b060000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\NotificationObjFactory.dll" (normalized: "c:\\windows\\system32\\notificationobjfactory.dll")) returned 0x2e [0176.836] CoTaskMemFree (pv=0x6b2ac0) [0176.836] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff870840000, lpmodinfo=0x279c778, cb=0x18 | out: lpmodinfo=0x279c778*(lpBaseOfDll=0x7ff870840000, SizeOfImage=0x1b8000, EntryPoint=0x7ff8708ae630)) returned 1 [0176.850] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0176.850] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff870840000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="urlmon.dll") returned 0xa [0176.865] CoTaskMemFree (pv=0x6b2ac0) [0176.865] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0176.866] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff870840000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")) returned 0x1e [0176.880] CoTaskMemFree (pv=0x6b3340) [0176.880] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c340000, lpmodinfo=0x279e920, cb=0x18 | out: lpmodinfo=0x279e920*(lpBaseOfDll=0x7ff86c340000, SizeOfImage=0xb4000, EntryPoint=0x7ff86c3553b0)) returned 1 [0176.897] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0176.898] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c340000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="Windows.Internal.Shell.Broker.dll") returned 0x21 [0176.912] CoTaskMemFree (pv=0x6b0040) [0176.912] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0176.912] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c340000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Windows.Internal.Shell.Broker.dll" (normalized: "c:\\windows\\system32\\windows.internal.shell.broker.dll")) returned 0x35 [0176.927] CoTaskMemFree (pv=0x6b2ac0) [0176.927] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff60eb50000, lpmodinfo=0x27a0b28, cb=0x18 | out: lpmodinfo=0x27a0b28*(lpBaseOfDll=0x7ff60eb50000, SizeOfImage=0x7cc000, EntryPoint=0x0)) returned 1 [0176.943] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0176.943] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff60eb50000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="ntoskrnl.exe") returned 0xc [0176.958] CoTaskMemFree (pv=0x6b3340) [0176.958] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0176.958] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff60eb50000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ntoskrnl.exe" (normalized: "c:\\windows\\system32\\ntoskrnl.exe")) returned 0x20 [0176.973] CoTaskMemFree (pv=0x6b19c0) [0176.973] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875600000, lpmodinfo=0x27a2ce0, cb=0x18 | out: lpmodinfo=0x27a2ce0*(lpBaseOfDll=0x7ff875600000, SizeOfImage=0xaa000, EntryPoint=0x7ff875637c30)) returned 1 [0176.989] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0176.990] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875600000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="StructuredQuery.dll") returned 0x13 [0177.015] CoTaskMemFree (pv=0x6b2ac0) [0177.016] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0177.017] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875600000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StructuredQuery.dll" (normalized: "c:\\windows\\system32\\structuredquery.dll")) returned 0x27 [0177.031] CoTaskMemFree (pv=0x6b2ac0) [0177.031] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8669d0000, lpmodinfo=0x27a4ea8, cb=0x18 | out: lpmodinfo=0x27a4ea8*(lpBaseOfDll=0x7ff8669d0000, SizeOfImage=0x1b3000, EntryPoint=0x7ff866a39be0)) returned 1 [0177.046] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0177.046] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8669d0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="DUI70.dll") returned 0x9 [0177.060] CoTaskMemFree (pv=0x6b08c0) [0177.060] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0177.061] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8669d0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\DUI70.dll" (normalized: "c:\\windows\\system32\\dui70.dll")) returned 0x1d [0177.075] CoTaskMemFree (pv=0x6b2ac0) [0177.075] GetModuleInformation (in: hProcess=0x264, hModule=0x87f0000, lpmodinfo=0x27a7050, cb=0x18 | out: lpmodinfo=0x27a7050*(lpBaseOfDll=0x87f0000, SizeOfImage=0x91000, EntryPoint=0x0)) returned 1 [0177.094] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0177.094] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x87f0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="UIRibbonRes.dll") returned 0xf [0177.111] CoTaskMemFree (pv=0x6b1140) [0177.111] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0177.111] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x87f0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\UIRibbonRes.dll" (normalized: "c:\\windows\\system32\\uiribbonres.dll")) returned 0x23 [0177.126] CoTaskMemFree (pv=0x6b1140) [0177.126] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87adb0000, lpmodinfo=0x27a9208, cb=0x18 | out: lpmodinfo=0x27a9208*(lpBaseOfDll=0x7ff87adb0000, SizeOfImage=0x23000, EntryPoint=0x7ff87adb3670)) returned 1 [0177.142] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0177.142] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87adb0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="WINMM.dll") returned 0x9 [0177.166] CoTaskMemFree (pv=0x6b2ac0) [0177.166] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0177.166] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87adb0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINMM.dll" (normalized: "c:\\windows\\system32\\winmm.dll")) returned 0x1d [0177.182] CoTaskMemFree (pv=0x6b0040) [0177.182] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ad50000, lpmodinfo=0x27ab3b0, cb=0x18 | out: lpmodinfo=0x27ab3b0*(lpBaseOfDll=0x7ff87ad50000, SizeOfImage=0x2c000, EntryPoint=0x7ff87ad58210)) returned 1 [0177.256] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0177.257] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ad50000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="WINMMBASE.dll") returned 0xd [0177.274] CoTaskMemFree (pv=0x6b2ac0) [0177.275] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0177.275] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ad50000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\WINMMBASE.dll" (normalized: "c:\\windows\\system32\\winmmbase.dll")) returned 0x21 [0177.291] CoTaskMemFree (pv=0x6b08c0) [0177.291] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874540000, lpmodinfo=0x27ad568, cb=0x18 | out: lpmodinfo=0x27ad568*(lpBaseOfDll=0x7ff874540000, SizeOfImage=0x1b000, EntryPoint=0x7ff874541040)) returned 1 [0177.313] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0177.313] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874540000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="MPR.dll") returned 0x7 [0177.329] CoTaskMemFree (pv=0x6b2ac0) [0177.329] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0177.329] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874540000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MPR.dll" (normalized: "c:\\windows\\system32\\mpr.dll")) returned 0x1b [0177.344] CoTaskMemFree (pv=0x6b08c0) [0177.344] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874530000, lpmodinfo=0x27af700, cb=0x18 | out: lpmodinfo=0x27af700*(lpBaseOfDll=0x7ff874530000, SizeOfImage=0xb000, EntryPoint=0x7ff874531a40)) returned 1 [0177.360] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0177.360] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874530000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="drprov.dll") returned 0xa [0177.375] CoTaskMemFree (pv=0x6b3340) [0177.375] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0177.375] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874530000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\drprov.dll" (normalized: "c:\\windows\\system32\\drprov.dll")) returned 0x1e [0177.391] CoTaskMemFree (pv=0x6b19c0) [0177.391] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874510000, lpmodinfo=0x27b18a8, cb=0x18 | out: lpmodinfo=0x27b18a8*(lpBaseOfDll=0x7ff874510000, SizeOfImage=0x16000, EntryPoint=0x7ff874513380)) returned 1 [0177.407] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0177.407] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874510000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ntlanman.dll") returned 0xc [0177.422] CoTaskMemFree (pv=0x6b0040) [0177.422] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0177.423] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874510000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ntlanman.dll" (normalized: "c:\\windows\\system32\\ntlanman.dll")) returned 0x20 [0177.437] CoTaskMemFree (pv=0x6b0040) [0177.437] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8744f0000, lpmodinfo=0x27b3a60, cb=0x18 | out: lpmodinfo=0x27b3a60*(lpBaseOfDll=0x7ff8744f0000, SizeOfImage=0x20000, EntryPoint=0x7ff8744f1920)) returned 1 [0177.453] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0177.453] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8744f0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="davclnt.dll") returned 0xb [0177.468] CoTaskMemFree (pv=0x6b08c0) [0177.468] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0177.468] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8744f0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\davclnt.dll" (normalized: "c:\\windows\\system32\\davclnt.dll")) returned 0x1f [0177.484] CoTaskMemFree (pv=0x6b08c0) [0177.484] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8744e0000, lpmodinfo=0x27b5c08, cb=0x18 | out: lpmodinfo=0x27b5c08*(lpBaseOfDll=0x7ff8744e0000, SizeOfImage=0xc000, EntryPoint=0x7ff8744e1860)) returned 1 [0177.508] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0177.508] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8744e0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="DAVHLPR.dll") returned 0xb [0177.523] CoTaskMemFree (pv=0x6b1140) [0177.523] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0177.524] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8744e0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DAVHLPR.dll" (normalized: "c:\\windows\\system32\\davhlpr.dll")) returned 0x1f [0177.539] CoTaskMemFree (pv=0x6b19c0) [0177.540] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff866210000, lpmodinfo=0x27b7db0, cb=0x18 | out: lpmodinfo=0x27b7db0*(lpBaseOfDll=0x7ff866210000, SizeOfImage=0x127000, EntryPoint=0x7ff866212130)) returned 1 [0177.555] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0177.555] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff866210000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="NetworkExplorer.dll") returned 0x13 [0177.571] CoTaskMemFree (pv=0x6b08c0) [0177.571] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0177.572] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff866210000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NetworkExplorer.dll" (normalized: "c:\\windows\\system32\\networkexplorer.dll")) returned 0x27 [0177.587] CoTaskMemFree (pv=0x6b0040) [0177.587] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff866190000, lpmodinfo=0x27b9f78, cb=0x18 | out: lpmodinfo=0x27b9f78*(lpBaseOfDll=0x7ff866190000, SizeOfImage=0x7f000, EntryPoint=0x7ff8661917d0)) returned 1 [0177.603] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0177.604] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff866190000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="dlnashext.dll") returned 0xd [0177.619] CoTaskMemFree (pv=0x6b3340) [0177.619] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0177.619] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff866190000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dlnashext.dll" (normalized: "c:\\windows\\system32\\dlnashext.dll")) returned 0x21 [0177.635] CoTaskMemFree (pv=0x6b3340) [0177.635] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87adf0000, lpmodinfo=0x27bc130, cb=0x18 | out: lpmodinfo=0x27bc130*(lpBaseOfDll=0x7ff87adf0000, SizeOfImage=0x1f000, EntryPoint=0x7ff87ae054a0)) returned 1 [0177.651] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0177.651] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87adf0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="DevDispItemProvider.dll") returned 0x17 [0177.666] CoTaskMemFree (pv=0x6b2240) [0177.667] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0177.667] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87adf0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\DevDispItemProvider.dll" (normalized: "c:\\windows\\system32\\devdispitemprovider.dll")) returned 0x2b [0177.683] CoTaskMemFree (pv=0x6b19c0) [0177.683] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff873ae0000, lpmodinfo=0x27be308, cb=0x18 | out: lpmodinfo=0x27be308*(lpBaseOfDll=0x7ff873ae0000, SizeOfImage=0x1b000, EntryPoint=0x7ff873aeaf40)) returned 1 [0177.699] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0177.699] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff873ae0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="capauthz.dll") returned 0xc [0177.716] CoTaskMemFree (pv=0x6b19c0) [0177.716] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0177.716] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff873ae0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\capauthz.dll" (normalized: "c:\\windows\\system32\\capauthz.dll")) returned 0x20 [0177.731] CoTaskMemFree (pv=0x6b08c0) [0177.731] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff867db0000, lpmodinfo=0x27c04c0, cb=0x18 | out: lpmodinfo=0x27c04c0*(lpBaseOfDll=0x7ff867db0000, SizeOfImage=0x2e000, EntryPoint=0x7ff867db6580)) returned 1 [0177.747] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0177.747] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff867db0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wscinterop.dll") returned 0xe [0177.762] CoTaskMemFree (pv=0x6b3340) [0177.765] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0177.765] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff867db0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wscinterop.dll" (normalized: "c:\\windows\\system32\\wscinterop.dll")) returned 0x22 [0177.782] CoTaskMemFree (pv=0x6b1140) [0177.782] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87acc0000, lpmodinfo=0x25d2938, cb=0x18 | out: lpmodinfo=0x25d2938*(lpBaseOfDll=0x7ff87acc0000, SizeOfImage=0x35000, EntryPoint=0x7ff87acc3cc0)) returned 1 [0177.797] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0177.797] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87acc0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="WSCAPI.dll") returned 0xa [0177.814] CoTaskMemFree (pv=0x6b08c0) [0177.814] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0177.814] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87acc0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WSCAPI.dll" (normalized: "c:\\windows\\system32\\wscapi.dll")) returned 0x1e [0177.829] CoTaskMemFree (pv=0x6b19c0) [0177.829] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff867320000, lpmodinfo=0x25d4ae0, cb=0x18 | out: lpmodinfo=0x25d4ae0*(lpBaseOfDll=0x7ff867320000, SizeOfImage=0x121000, EntryPoint=0x7ff867321cc0)) returned 1 [0177.846] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0177.846] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff867320000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="wscui.cpl") returned 0x9 [0177.862] CoTaskMemFree (pv=0x6b19c0) [0177.862] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0177.862] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff867320000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wscui.cpl" (normalized: "c:\\windows\\system32\\wscui.cpl")) returned 0x1d [0177.879] CoTaskMemFree (pv=0x6b19c0) [0177.879] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff870e10000, lpmodinfo=0x25d6c88, cb=0x18 | out: lpmodinfo=0x25d6c88*(lpBaseOfDll=0x7ff870e10000, SizeOfImage=0x1a9000, EntryPoint=0x7ff870e64060)) returned 1 [0177.894] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0177.894] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff870e10000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="gdiplus.dll") returned 0xb [0177.912] CoTaskMemFree (pv=0x6b0040) [0177.912] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0177.912] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff870e10000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll" (normalized: "c:\\windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10586.0_none_0bdd1d3064f6384a\\gdiplus.dll")) returned 0x70 [0177.928] CoTaskMemFree (pv=0x6b08c0) [0177.928] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff866040000, lpmodinfo=0x25d8ed8, cb=0x18 | out: lpmodinfo=0x25d8ed8*(lpBaseOfDll=0x7ff866040000, SizeOfImage=0x141000, EntryPoint=0x7ff866045f70)) returned 1 [0177.943] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0177.943] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff866040000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="werconcpl.dll") returned 0xd [0177.959] CoTaskMemFree (pv=0x6b1140) [0177.959] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0177.960] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff866040000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\werconcpl.dll" (normalized: "c:\\windows\\system32\\werconcpl.dll")) returned 0x21 [0177.975] CoTaskMemFree (pv=0x6b3340) [0177.975] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8755b0000, lpmodinfo=0x25db090, cb=0x18 | out: lpmodinfo=0x25db090*(lpBaseOfDll=0x7ff8755b0000, SizeOfImage=0x4e000, EntryPoint=0x7ff8755c1ce0)) returned 1 [0177.992] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0177.992] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8755b0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="framedynos.dll") returned 0xe [0178.009] CoTaskMemFree (pv=0x6b08c0) [0178.009] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0178.009] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8755b0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\framedynos.dll" (normalized: "c:\\windows\\system32\\framedynos.dll")) returned 0x22 [0178.026] CoTaskMemFree (pv=0x6b2ac0) [0178.026] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874c00000, lpmodinfo=0x25dd248, cb=0x18 | out: lpmodinfo=0x25dd248*(lpBaseOfDll=0x7ff874c00000, SizeOfImage=0xa0000, EntryPoint=0x7ff874c70910)) returned 1 [0178.042] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0178.043] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874c00000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wer.dll") returned 0x7 [0178.060] CoTaskMemFree (pv=0x6b08c0) [0178.060] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.060] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874c00000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wer.dll" (normalized: "c:\\windows\\system32\\wer.dll")) returned 0x1b [0178.076] CoTaskMemFree (pv=0x6b3340) [0178.077] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874a70000, lpmodinfo=0x25df3e0, cb=0x18 | out: lpmodinfo=0x25df3e0*(lpBaseOfDll=0x7ff874a70000, SizeOfImage=0x14000, EntryPoint=0x7ff874a750c0)) returned 1 [0178.093] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.093] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874a70000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="hcproviders.dll") returned 0xf [0178.111] CoTaskMemFree (pv=0x6b19c0) [0178.111] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0178.111] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874a70000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\hcproviders.dll" (normalized: "c:\\windows\\system32\\hcproviders.dll")) returned 0x23 [0178.129] CoTaskMemFree (pv=0x6b0040) [0178.129] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff865970000, lpmodinfo=0x25e1598, cb=0x18 | out: lpmodinfo=0x25e1598*(lpBaseOfDll=0x7ff865970000, SizeOfImage=0xac000, EntryPoint=0x7ff8659759c0)) returned 1 [0178.145] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0178.145] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff865970000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ieproxy.dll") returned 0xb [0178.162] CoTaskMemFree (pv=0x6b08c0) [0178.162] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0178.162] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff865970000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ieproxy.dll" (normalized: "c:\\windows\\system32\\ieproxy.dll")) returned 0x1f [0178.178] CoTaskMemFree (pv=0x6b08c0) [0178.178] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f070000, lpmodinfo=0x25e3740, cb=0x18 | out: lpmodinfo=0x25e3740*(lpBaseOfDll=0x7ff86f070000, SizeOfImage=0x10000, EntryPoint=0x7ff86f073d50)) returned 1 [0178.195] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.196] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f070000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="pcacli.dll") returned 0xa [0178.215] CoTaskMemFree (pv=0x6b3340) [0178.215] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0178.215] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f070000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\pcacli.dll" (normalized: "c:\\windows\\system32\\pcacli.dll")) returned 0x1e [0178.251] CoTaskMemFree (pv=0x6b08c0) [0178.251] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8779f0000, lpmodinfo=0x25e58e8, cb=0x18 | out: lpmodinfo=0x25e58e8*(lpBaseOfDll=0x7ff8779f0000, SizeOfImage=0xa9000, EntryPoint=0x7ff877a19010)) returned 1 [0178.267] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0178.267] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8779f0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="Windows.UI.dll") returned 0xe [0178.285] CoTaskMemFree (pv=0x6b2ac0) [0178.285] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0178.285] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8779f0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.dll" (normalized: "c:\\windows\\system32\\windows.ui.dll")) returned 0x22 [0178.301] CoTaskMemFree (pv=0x6b1140) [0178.301] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff861830000, lpmodinfo=0x25e7aa0, cb=0x18 | out: lpmodinfo=0x25e7aa0*(lpBaseOfDll=0x7ff861830000, SizeOfImage=0x50000, EntryPoint=0x7ff861861220)) returned 1 [0178.319] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.319] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff861830000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="Windows.System.Launcher.dll") returned 0x1b [0178.336] CoTaskMemFree (pv=0x6b3340) [0178.336] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.337] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff861830000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.System.Launcher.dll" (normalized: "c:\\windows\\system32\\windows.system.launcher.dll")) returned 0x2f [0178.354] CoTaskMemFree (pv=0x6b3340) [0178.354] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff873e20000, lpmodinfo=0x25e9c88, cb=0x18 | out: lpmodinfo=0x25e9c88*(lpBaseOfDll=0x7ff873e20000, SizeOfImage=0x9000, EntryPoint=0x7ff873e21480)) returned 1 [0178.370] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0178.370] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff873e20000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="WpPortingLibrary.dll") returned 0x14 [0178.423] CoTaskMemFree (pv=0x6b08c0) [0178.423] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.423] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff873e20000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll")) returned 0x28 [0178.440] CoTaskMemFree (pv=0x6b3340) [0178.440] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ae30000, lpmodinfo=0x25ebe60, cb=0x18 | out: lpmodinfo=0x25ebe60*(lpBaseOfDll=0x7ff87ae30000, SizeOfImage=0xc000, EntryPoint=0x7ff87ae31470)) returned 1 [0178.456] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.456] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ae30000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="dsclient.dll") returned 0xc [0178.474] CoTaskMemFree (pv=0x6b19c0) [0178.474] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0178.474] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ae30000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dsclient.dll" (normalized: "c:\\windows\\system32\\dsclient.dll")) returned 0x20 [0178.491] CoTaskMemFree (pv=0x6b2ac0) [0178.491] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8642b0000, lpmodinfo=0x25ee018, cb=0x18 | out: lpmodinfo=0x25ee018*(lpBaseOfDll=0x7ff8642b0000, SizeOfImage=0xccd000, EntryPoint=0x7ff8643fe880)) returned 1 [0178.516] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0178.516] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8642b0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="ieframe.dll") returned 0xb [0178.533] CoTaskMemFree (pv=0x6b0040) [0178.533] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0178.533] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8642b0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ieframe.dll" (normalized: "c:\\windows\\system32\\ieframe.dll")) returned 0x1f [0178.550] CoTaskMemFree (pv=0x6b08c0) [0178.550] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff870dc0000, lpmodinfo=0x25f01c0, cb=0x18 | out: lpmodinfo=0x25f01c0*(lpBaseOfDll=0x7ff870dc0000, SizeOfImage=0xc000, EntryPoint=0x7ff870dc35c0)) returned 1 [0178.567] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0178.567] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff870dc0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="Secur32.dll") returned 0xb [0178.585] CoTaskMemFree (pv=0x6b0040) [0178.585] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.585] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff870dc0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\Secur32.dll" (normalized: "c:\\windows\\system32\\secur32.dll")) returned 0x1f [0178.602] CoTaskMemFree (pv=0x6b19c0) [0178.603] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c2e0000, lpmodinfo=0x25f2368, cb=0x18 | out: lpmodinfo=0x25f2368*(lpBaseOfDll=0x7ff86c2e0000, SizeOfImage=0x3e000, EntryPoint=0x7ff86c2e9650)) returned 1 [0178.620] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.620] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c2e0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="MLANG.dll") returned 0x9 [0178.637] CoTaskMemFree (pv=0x6b19c0) [0178.637] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0178.638] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c2e0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\MLANG.dll" (normalized: "c:\\windows\\system32\\mlang.dll")) returned 0x1d [0178.656] CoTaskMemFree (pv=0x6b2ac0) [0178.656] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff867cf0000, lpmodinfo=0x25f4510, cb=0x18 | out: lpmodinfo=0x25f4510*(lpBaseOfDll=0x7ff867cf0000, SizeOfImage=0x9000, EntryPoint=0x7ff867cf1b60)) returned 1 [0178.672] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0178.672] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff867cf0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="IconCodecService.dll") returned 0x14 [0178.689] CoTaskMemFree (pv=0x6b08c0) [0178.689] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0178.690] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff867cf0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IconCodecService.dll" (normalized: "c:\\windows\\system32\\iconcodecservice.dll")) returned 0x28 [0178.706] CoTaskMemFree (pv=0x6b0040) [0178.707] CloseHandle (hObject=0x264) returned 1 [0178.707] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0178.707] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x878) returned 0x264 [0178.708] EnumProcessModules (in: hProcess=0x264, lphModule=0x25fb2c0, cb=0x200, lpcbNeeded=0x14ef68 | out: lphModule=0x25fb2c0, lpcbNeeded=0x14ef68) returned 1 [0178.715] EnumProcessModules (in: hProcess=0x264, lphModule=0x25fb4d8, cb=0x400, lpcbNeeded=0x14ef68 | out: lphModule=0x25fb4d8, lpcbNeeded=0x14ef68) returned 1 [0178.722] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff629050000, lpmodinfo=0x25fb948, cb=0x18 | out: lpmodinfo=0x25fb948*(lpBaseOfDll=0x7ff629050000, SizeOfImage=0x17000, EntryPoint=0x7ff6290544f0)) returned 1 [0178.722] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.722] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff629050000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="RuntimeBroker.exe") returned 0x11 [0178.723] CoTaskMemFree (pv=0x6b19c0) [0178.723] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0178.723] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff629050000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RuntimeBroker.exe" (normalized: "c:\\windows\\system32\\runtimebroker.exe")) returned 0x25 [0178.724] CoTaskMemFree (pv=0x6b2240) [0178.724] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpmodinfo=0x25fdb48, cb=0x18 | out: lpmodinfo=0x25fdb48*(lpBaseOfDll=0x7ff87ffa0000, SizeOfImage=0x1c1000, EntryPoint=0x0)) returned 1 [0178.724] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.724] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="ntdll.dll") returned 0x9 [0178.725] CoTaskMemFree (pv=0x6b3340) [0178.725] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.725] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ffa0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll")) returned 0x1d [0178.726] CoTaskMemFree (pv=0x6b3340) [0178.726] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f640000, lpmodinfo=0x25ffcf0, cb=0x18 | out: lpmodinfo=0x25ffcf0*(lpBaseOfDll=0x7ff87f640000, SizeOfImage=0xad000, EntryPoint=0x7ff87f6581a0)) returned 1 [0178.727] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0178.727] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f640000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="KERNEL32.DLL") returned 0xc [0178.727] CoTaskMemFree (pv=0x6b0040) [0178.727] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0178.727] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f640000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNEL32.DLL" (normalized: "c:\\windows\\system32\\kernel32.dll")) returned 0x20 [0178.728] CoTaskMemFree (pv=0x6b0040) [0178.728] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ce40000, lpmodinfo=0x2601ea8, cb=0x18 | out: lpmodinfo=0x2601ea8*(lpBaseOfDll=0x7ff87ce40000, SizeOfImage=0x1e8000, EntryPoint=0x7ff87ce6ba70)) returned 1 [0178.728] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.729] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ce40000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="KERNELBASE.dll") returned 0xe [0178.729] CoTaskMemFree (pv=0x6b19c0) [0178.730] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.730] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ce40000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\KERNELBASE.dll" (normalized: "c:\\windows\\system32\\kernelbase.dll")) returned 0x22 [0178.730] CoTaskMemFree (pv=0x6b3340) [0178.731] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fde0000, lpmodinfo=0x2604060, cb=0x18 | out: lpmodinfo=0x2604060*(lpBaseOfDll=0x7ff87fde0000, SizeOfImage=0x9d000, EntryPoint=0x7ff87fde78a0)) returned 1 [0178.731] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0178.731] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fde0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="msvcrt.dll") returned 0xa [0178.732] CoTaskMemFree (pv=0x6b2ac0) [0178.732] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0178.732] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fde0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\msvcrt.dll" (normalized: "c:\\windows\\system32\\msvcrt.dll")) returned 0x1e [0178.733] CoTaskMemFree (pv=0x6b08c0) [0178.733] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fe80000, lpmodinfo=0x2606260, cb=0x18 | out: lpmodinfo=0x2606260*(lpBaseOfDll=0x7ff87fe80000, SizeOfImage=0x11c000, EntryPoint=0x7ff87fec02b0)) returned 1 [0178.734] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.734] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fe80000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="RPCRT4.dll") returned 0xa [0178.735] CoTaskMemFree (pv=0x6b19c0) [0178.735] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0178.735] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fe80000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\RPCRT4.dll" (normalized: "c:\\windows\\system32\\rpcrt4.dll")) returned 0x1e [0178.736] CoTaskMemFree (pv=0x6b2ac0) [0178.736] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f6f0000, lpmodinfo=0x2608408, cb=0x18 | out: lpmodinfo=0x2608408*(lpBaseOfDll=0x7ff87f6f0000, SizeOfImage=0x27d000, EntryPoint=0x7ff87f7c4970)) returned 1 [0178.737] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0178.737] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f6f0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="combase.dll") returned 0xb [0178.738] CoTaskMemFree (pv=0x6b08c0) [0178.738] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.739] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f6f0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\combase.dll" (normalized: "c:\\windows\\system32\\combase.dll")) returned 0x1f [0178.739] CoTaskMemFree (pv=0x6b3340) [0178.740] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d030000, lpmodinfo=0x260a5b0, cb=0x18 | out: lpmodinfo=0x260a5b0*(lpBaseOfDll=0x7ff87d030000, SizeOfImage=0x6a000, EntryPoint=0x7ff87d066d50)) returned 1 [0178.740] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.741] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d030000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="bcryptPrimitives.dll") returned 0x14 [0178.742] CoTaskMemFree (pv=0x6b3340) [0178.742] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.742] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d030000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\bcryptPrimitives.dll" (normalized: "c:\\windows\\system32\\bcryptprimitives.dll")) returned 0x28 [0178.743] CoTaskMemFree (pv=0x6b3340) [0178.743] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c5f0000, lpmodinfo=0x260c788, cb=0x18 | out: lpmodinfo=0x260c788*(lpBaseOfDll=0x7ff87c5f0000, SizeOfImage=0x4b000, EntryPoint=0x7ff87c5f35f0)) returned 1 [0178.744] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.744] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c5f0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="powrprof.dll") returned 0xc [0178.745] CoTaskMemFree (pv=0x6b3340) [0178.745] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.746] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c5f0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\powrprof.dll" (normalized: "c:\\windows\\system32\\powrprof.dll")) returned 0x20 [0178.747] CoTaskMemFree (pv=0x6b3340) [0178.747] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c640000, lpmodinfo=0x260e9d8, cb=0x18 | out: lpmodinfo=0x260e9d8*(lpBaseOfDll=0x7ff87c640000, SizeOfImage=0xf000, EntryPoint=0x7ff87c643210)) returned 1 [0178.748] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.749] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c640000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="kernel.appcore.dll") returned 0x12 [0178.750] CoTaskMemFree (pv=0x6b3340) [0178.750] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.750] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c640000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\kernel.appcore.dll" (normalized: "c:\\windows\\system32\\kernel.appcore.dll")) returned 0x26 [0178.751] CoTaskMemFree (pv=0x6b3340) [0178.751] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d3a0000, lpmodinfo=0x2610ba0, cb=0x18 | out: lpmodinfo=0x2610ba0*(lpBaseOfDll=0x7ff87d3a0000, SizeOfImage=0x143000, EntryPoint=0x7ff87d3c8210)) returned 1 [0178.752] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0178.753] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d3a0000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="ole32.dll") returned 0x9 [0178.754] CoTaskMemFree (pv=0x6b2ac0) [0178.754] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0178.754] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d3a0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\ole32.dll" (normalized: "c:\\windows\\system32\\ole32.dll")) returned 0x1d [0178.756] CoTaskMemFree (pv=0x6b2ac0) [0178.756] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f970000, lpmodinfo=0x2612d48, cb=0x18 | out: lpmodinfo=0x2612d48*(lpBaseOfDll=0x7ff87f970000, SizeOfImage=0x5b000, EntryPoint=0x7ff87f9838b0)) returned 1 [0178.757] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0178.757] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f970000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="sechost.dll") returned 0xb [0178.758] CoTaskMemFree (pv=0x6b1140) [0178.758] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0178.758] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f970000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\sechost.dll" (normalized: "c:\\windows\\system32\\sechost.dll")) returned 0x1f [0178.760] CoTaskMemFree (pv=0x6b0040) [0178.760] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f3e0000, lpmodinfo=0x2614ef0, cb=0x18 | out: lpmodinfo=0x2614ef0*(lpBaseOfDll=0x7ff87f3e0000, SizeOfImage=0x186000, EntryPoint=0x7ff87f42ffc0)) returned 1 [0178.761] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.761] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f3e0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="GDI32.dll") returned 0x9 [0178.763] CoTaskMemFree (pv=0x6b3340) [0178.763] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0178.763] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f3e0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\GDI32.dll" (normalized: "c:\\windows\\system32\\gdi32.dll")) returned 0x1d [0178.764] CoTaskMemFree (pv=0x6b2240) [0178.765] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ed60000, lpmodinfo=0x2617098, cb=0x18 | out: lpmodinfo=0x2617098*(lpBaseOfDll=0x7ff87ed60000, SizeOfImage=0x156000, EntryPoint=0x7ff87ed6a8d0)) returned 1 [0178.766] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.766] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ed60000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="USER32.dll") returned 0xa [0178.768] CoTaskMemFree (pv=0x6b3340) [0178.768] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.768] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ed60000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\USER32.dll" (normalized: "c:\\windows\\system32\\user32.dll")) returned 0x1e [0178.770] CoTaskMemFree (pv=0x6b3340) [0178.770] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d4f0000, lpmodinfo=0x2619240, cb=0x18 | out: lpmodinfo=0x2619240*(lpBaseOfDll=0x7ff87d4f0000, SizeOfImage=0x3b000, EntryPoint=0x7ff87d4f12f0)) returned 1 [0178.771] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0178.771] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d4f0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="IMM32.DLL") returned 0x9 [0178.773] CoTaskMemFree (pv=0x6b2240) [0178.773] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0178.773] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d4f0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\IMM32.DLL" (normalized: "c:\\windows\\system32\\imm32.dll")) returned 0x1d [0178.775] CoTaskMemFree (pv=0x6b2ac0) [0178.775] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87f9d0000, lpmodinfo=0x261b3e8, cb=0x18 | out: lpmodinfo=0x261b3e8*(lpBaseOfDll=0x7ff87f9d0000, SizeOfImage=0xa7000, EntryPoint=0x7ff87f9db4d0)) returned 1 [0178.776] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0178.776] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87f9d0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="clbcatq.dll") returned 0xb [0178.778] CoTaskMemFree (pv=0x6b0040) [0178.778] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.778] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87f9d0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\clbcatq.dll" (normalized: "c:\\windows\\system32\\clbcatq.dll")) returned 0x1f [0178.779] CoTaskMemFree (pv=0x6b3340) [0178.780] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fa80000, lpmodinfo=0x261d590, cb=0x18 | out: lpmodinfo=0x261d590*(lpBaseOfDll=0x7ff87fa80000, SizeOfImage=0xc1000, EntryPoint=0x7ff87faa0da0)) returned 1 [0178.782] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0178.782] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fa80000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="OLEAUT32.dll") returned 0xc [0178.784] CoTaskMemFree (pv=0x6b2240) [0178.784] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0178.784] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fa80000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\OLEAUT32.dll" (normalized: "c:\\windows\\system32\\oleaut32.dll")) returned 0x20 [0178.786] CoTaskMemFree (pv=0x6b1140) [0178.786] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c650000, lpmodinfo=0x261f860, cb=0x18 | out: lpmodinfo=0x261f860*(lpBaseOfDll=0x7ff87c650000, SizeOfImage=0xb5000, EntryPoint=0x7ff87c6922e0)) returned 1 [0178.788] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0178.788] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c650000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="shcore.dll") returned 0xa [0178.789] CoTaskMemFree (pv=0x6b08c0) [0178.789] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0178.790] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c650000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shcore.dll" (normalized: "c:\\windows\\system32\\shcore.dll")) returned 0x1e [0178.792] CoTaskMemFree (pv=0x6b2ac0) [0178.792] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c450000, lpmodinfo=0x2621a08, cb=0x18 | out: lpmodinfo=0x2621a08*(lpBaseOfDll=0x7ff87c450000, SizeOfImage=0x29000, EntryPoint=0x7ff87c464530)) returned 1 [0178.794] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0178.794] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c450000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="bcrypt.dll") returned 0xa [0178.795] CoTaskMemFree (pv=0x6b2240) [0178.796] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0178.796] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c450000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\bcrypt.dll" (normalized: "c:\\windows\\system32\\bcrypt.dll")) returned 0x1e [0178.798] CoTaskMemFree (pv=0x6b2240) [0178.798] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff876870000, lpmodinfo=0x2623bb0, cb=0x18 | out: lpmodinfo=0x2623bb0*(lpBaseOfDll=0x7ff876870000, SizeOfImage=0x136000, EntryPoint=0x7ff87689f350)) returned 1 [0178.800] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0178.800] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff876870000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wintypes.dll") returned 0xc [0178.802] CoTaskMemFree (pv=0x6b2240) [0178.802] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.802] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff876870000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wintypes.dll" (normalized: "c:\\windows\\system32\\wintypes.dll")) returned 0x20 [0178.804] CoTaskMemFree (pv=0x6b19c0) [0178.804] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff879c90000, lpmodinfo=0x2625d68, cb=0x18 | out: lpmodinfo=0x2625d68*(lpBaseOfDll=0x7ff879c90000, SizeOfImage=0x493000, EntryPoint=0x7ff879c9f760)) returned 1 [0178.806] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0178.806] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff879c90000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="ActXPrxy.dll") returned 0xc [0178.808] CoTaskMemFree (pv=0x6b08c0) [0178.808] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0178.808] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff879c90000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ActXPrxy.dll" (normalized: "c:\\windows\\system32\\actxprxy.dll")) returned 0x20 [0178.810] CoTaskMemFree (pv=0x6b0040) [0178.810] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fd30000, lpmodinfo=0x2627f20, cb=0x18 | out: lpmodinfo=0x2627f20*(lpBaseOfDll=0x7ff87fd30000, SizeOfImage=0xa7000, EntryPoint=0x7ff87fd458d0)) returned 1 [0178.812] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0178.812] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fd30000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="advapi32.dll") returned 0xc [0178.815] CoTaskMemFree (pv=0x6b08c0) [0178.815] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0178.815] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fd30000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll")) returned 0x20 [0178.819] CoTaskMemFree (pv=0x6b1140) [0178.819] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff873560000, lpmodinfo=0x262a0d8, cb=0x18 | out: lpmodinfo=0x262a0d8*(lpBaseOfDll=0x7ff873560000, SizeOfImage=0xb2000, EntryPoint=0x7ff87357f750)) returned 1 [0178.821] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.821] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff873560000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="Windows.Security.Authentication.OnlineId.dll") returned 0x2c [0178.823] CoTaskMemFree (pv=0x6b19c0) [0178.823] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0178.823] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff873560000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Security.Authentication.OnlineId.dll" (normalized: "c:\\windows\\system32\\windows.security.authentication.onlineid.dll")) returned 0x40 [0178.825] CoTaskMemFree (pv=0x6b1140) [0178.825] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff876320000, lpmodinfo=0x262c310, cb=0x18 | out: lpmodinfo=0x262c310*(lpBaseOfDll=0x7ff876320000, SizeOfImage=0x1bd000, EntryPoint=0x7ff87634af90)) returned 1 [0178.827] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0178.828] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff876320000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="Windows.UI.Immersive.dll") returned 0x18 [0178.830] CoTaskMemFree (pv=0x6b2240) [0178.830] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0178.830] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff876320000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.UI.Immersive.dll" (normalized: "c:\\windows\\system32\\windows.ui.immersive.dll")) returned 0x2c [0178.832] CoTaskMemFree (pv=0x6b2240) [0178.832] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87b0e0000, lpmodinfo=0x262e4f8, cb=0x18 | out: lpmodinfo=0x262e4f8*(lpBaseOfDll=0x7ff87b0e0000, SizeOfImage=0x100000, EntryPoint=0x7ff87b120f80)) returned 1 [0178.834] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.835] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87b0e0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="twinapi.appcore.dll") returned 0x13 [0178.837] CoTaskMemFree (pv=0x6b19c0) [0178.837] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0178.837] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87b0e0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\twinapi.appcore.dll" (normalized: "c:\\windows\\system32\\twinapi.appcore.dll")) returned 0x27 [0178.839] CoTaskMemFree (pv=0x6b2ac0) [0178.840] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87af40000, lpmodinfo=0x26306c0, cb=0x18 | out: lpmodinfo=0x26306c0*(lpBaseOfDll=0x7ff87af40000, SizeOfImage=0x96000, EntryPoint=0x7ff87af65570)) returned 1 [0178.842] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.842] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87af40000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="UxTheme.dll") returned 0xb [0178.844] CoTaskMemFree (pv=0x6b19c0) [0178.845] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.845] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87af40000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\UxTheme.dll" (normalized: "c:\\windows\\system32\\uxtheme.dll")) returned 0x1f [0178.847] CoTaskMemFree (pv=0x6b19c0) [0178.848] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86a070000, lpmodinfo=0x2632868, cb=0x18 | out: lpmodinfo=0x2632868*(lpBaseOfDll=0x7ff86a070000, SizeOfImage=0x53000, EntryPoint=0x7ff86a0a3590)) returned 1 [0178.850] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.850] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86a070000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="windows.cortana.onecore.dll") returned 0x1b [0178.852] CoTaskMemFree (pv=0x6b3340) [0178.854] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0178.854] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86a070000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\windows.cortana.onecore.dll" (normalized: "c:\\windows\\system32\\windows.cortana.onecore.dll")) returned 0x2f [0178.856] CoTaskMemFree (pv=0x6b08c0) [0178.856] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c760000, lpmodinfo=0x2634a50, cb=0x18 | out: lpmodinfo=0x2634a50*(lpBaseOfDll=0x7ff87c760000, SizeOfImage=0x644000, EntryPoint=0x7ff87c9264b0)) returned 1 [0178.859] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0178.859] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c760000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="Windows.Storage.dll") returned 0x13 [0178.862] CoTaskMemFree (pv=0x6b2ac0) [0178.862] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.862] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c760000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\Windows.Storage.dll" (normalized: "c:\\windows\\system32\\windows.storage.dll")) returned 0x27 [0178.865] CoTaskMemFree (pv=0x6b3340) [0178.865] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c710000, lpmodinfo=0x2636c18, cb=0x18 | out: lpmodinfo=0x2636c18*(lpBaseOfDll=0x7ff87c710000, SizeOfImage=0x43000, EntryPoint=0x7ff87c724b50)) returned 1 [0178.867] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.868] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c710000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="cfgmgr32.dll") returned 0xc [0178.870] CoTaskMemFree (pv=0x6b19c0) [0178.870] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.870] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c710000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\cfgmgr32.dll" (normalized: "c:\\windows\\system32\\cfgmgr32.dll")) returned 0x20 [0178.873] CoTaskMemFree (pv=0x6b19c0) [0178.873] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87fb50000, lpmodinfo=0x2638dd0, cb=0x18 | out: lpmodinfo=0x2638dd0*(lpBaseOfDll=0x7ff87fb50000, SizeOfImage=0x52000, EntryPoint=0x7ff87fb5f530)) returned 1 [0178.876] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0178.876] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87fb50000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="shlwapi.dll") returned 0xb [0178.879] CoTaskMemFree (pv=0x6b2240) [0178.879] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.879] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87fb50000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\shlwapi.dll" (normalized: "c:\\windows\\system32\\shlwapi.dll")) returned 0x1f [0178.882] CoTaskMemFree (pv=0x6b3340) [0178.882] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c5d0000, lpmodinfo=0x263af78, cb=0x18 | out: lpmodinfo=0x263af78*(lpBaseOfDll=0x7ff87c5d0000, SizeOfImage=0x14000, EntryPoint=0x7ff87c5d52e0)) returned 1 [0178.885] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0178.885] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c5d0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="profapi.dll") returned 0xb [0178.888] CoTaskMemFree (pv=0x6b0040) [0178.888] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0178.888] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c5d0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\profapi.dll" (normalized: "c:\\windows\\system32\\profapi.dll")) returned 0x1f [0178.890] CoTaskMemFree (pv=0x6b1140) [0178.890] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c320000, lpmodinfo=0x263d120, cb=0x18 | out: lpmodinfo=0x263d120*(lpBaseOfDll=0x7ff86c320000, SizeOfImage=0x1f000, EntryPoint=0x7ff86c321500)) returned 1 [0178.893] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0178.893] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c320000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="Windows.Cortana.ProxyStub.dll") returned 0x1d [0178.896] CoTaskMemFree (pv=0x6b2240) [0178.896] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0178.896] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c320000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Cortana.ProxyStub.dll" (normalized: "c:\\windows\\system32\\windows.cortana.proxystub.dll")) returned 0x31 [0178.899] CoTaskMemFree (pv=0x6b2240) [0178.899] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d650000, lpmodinfo=0x263f318, cb=0x18 | out: lpmodinfo=0x263f318*(lpBaseOfDll=0x7ff87d650000, SizeOfImage=0x155f000, EntryPoint=0x7ff87d7b11f0)) returned 1 [0178.902] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0178.902] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d650000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="SHELL32.dll") returned 0xb [0178.905] CoTaskMemFree (pv=0x6b2240) [0178.906] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0178.906] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d650000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\SHELL32.dll" (normalized: "c:\\windows\\system32\\shell32.dll")) returned 0x1f [0178.909] CoTaskMemFree (pv=0x6b08c0) [0178.909] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff873f90000, lpmodinfo=0x26416d8, cb=0x18 | out: lpmodinfo=0x26416d8*(lpBaseOfDll=0x7ff873f90000, SizeOfImage=0x44000, EntryPoint=0x7ff873f9c010)) returned 1 [0178.912] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.912] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff873f90000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="execmodelclient.dll") returned 0x13 [0178.915] CoTaskMemFree (pv=0x6b3340) [0178.915] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.915] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff873f90000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\execmodelclient.dll" (normalized: "c:\\windows\\system32\\execmodelclient.dll")) returned 0x27 [0178.919] CoTaskMemFree (pv=0x6b3340) [0178.920] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87a5e0000, lpmodinfo=0x26438a0, cb=0x18 | out: lpmodinfo=0x26438a0*(lpBaseOfDll=0x7ff87a5e0000, SizeOfImage=0xbe000, EntryPoint=0x7ff87a622d40)) returned 1 [0178.922] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0178.922] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87a5e0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="CoreMessaging.dll") returned 0x11 [0178.927] CoTaskMemFree (pv=0x6b0040) [0178.927] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.927] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87a5e0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CoreMessaging.dll" (normalized: "c:\\windows\\system32\\coremessaging.dll")) returned 0x25 [0178.930] CoTaskMemFree (pv=0x6b19c0) [0178.930] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8764e0000, lpmodinfo=0x2645a68, cb=0x18 | out: lpmodinfo=0x2645a68*(lpBaseOfDll=0x7ff8764e0000, SizeOfImage=0x382000, EntryPoint=0x7ff876531220)) returned 1 [0178.933] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0178.933] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8764e0000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="iertutil.dll") returned 0xc [0178.936] CoTaskMemFree (pv=0x6b2240) [0178.937] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0178.937] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8764e0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\iertutil.dll" (normalized: "c:\\windows\\system32\\iertutil.dll")) returned 0x20 [0178.940] CoTaskMemFree (pv=0x6b0040) [0178.940] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87bd20000, lpmodinfo=0x2647c20, cb=0x18 | out: lpmodinfo=0x2647c20*(lpBaseOfDll=0x7ff87bd20000, SizeOfImage=0x1f000, EntryPoint=0x7ff87bd25d30)) returned 1 [0178.943] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0178.943] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87bd20000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="USERENV.dll") returned 0xb [0178.946] CoTaskMemFree (pv=0x6b08c0) [0178.946] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.946] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87bd20000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\USERENV.dll" (normalized: "c:\\windows\\system32\\userenv.dll")) returned 0x1f [0178.949] CoTaskMemFree (pv=0x6b19c0) [0178.950] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86d200000, lpmodinfo=0x2649dc8, cb=0x18 | out: lpmodinfo=0x2649dc8*(lpBaseOfDll=0x7ff86d200000, SizeOfImage=0x15000, EntryPoint=0x7ff86d205740)) returned 1 [0178.952] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.953] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86d200000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="profext.dll") returned 0xb [0178.956] CoTaskMemFree (pv=0x6b19c0) [0178.956] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0178.956] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86d200000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\profext.dll" (normalized: "c:\\windows\\system32\\profext.dll")) returned 0x1f [0178.960] CoTaskMemFree (pv=0x6b2ac0) [0178.960] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87bab0000, lpmodinfo=0x264bf70, cb=0x18 | out: lpmodinfo=0x264bf70*(lpBaseOfDll=0x7ff87bab0000, SizeOfImage=0x31000, EntryPoint=0x7ff87bab7d10)) returned 1 [0178.963] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0178.963] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87bab0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="ntmarta.dll") returned 0xb [0178.967] CoTaskMemFree (pv=0x6b1140) [0178.967] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.967] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87bab0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\ntmarta.dll" (normalized: "c:\\windows\\system32\\ntmarta.dll")) returned 0x1f [0178.971] CoTaskMemFree (pv=0x6b19c0) [0178.971] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878330000, lpmodinfo=0x264e118, cb=0x18 | out: lpmodinfo=0x264e118*(lpBaseOfDll=0x7ff878330000, SizeOfImage=0xae000, EntryPoint=0x7ff8783480c0)) returned 1 [0178.974] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0178.974] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878330000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="Windows.Networking.Connectivity.dll") returned 0x23 [0178.978] CoTaskMemFree (pv=0x6b2ac0) [0178.978] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.978] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878330000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Networking.Connectivity.dll" (normalized: "c:\\windows\\system32\\windows.networking.connectivity.dll")) returned 0x37 [0178.982] CoTaskMemFree (pv=0x6b3340) [0178.982] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875480000, lpmodinfo=0x2650320, cb=0x18 | out: lpmodinfo=0x2650320*(lpBaseOfDll=0x7ff875480000, SizeOfImage=0x38000, EntryPoint=0x7ff875498cc0)) returned 1 [0178.985] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0178.986] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875480000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="IPHLPAPI.DLL") returned 0xc [0178.989] CoTaskMemFree (pv=0x6b3340) [0178.990] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0178.990] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875480000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\IPHLPAPI.DLL" (normalized: "c:\\windows\\system32\\iphlpapi.dll")) returned 0x20 [0178.995] CoTaskMemFree (pv=0x6b2240) [0178.995] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87efa0000, lpmodinfo=0x26524d8, cb=0x18 | out: lpmodinfo=0x26524d8*(lpBaseOfDll=0x7ff87efa0000, SizeOfImage=0x8000, EntryPoint=0x7ff87efa1ea0)) returned 1 [0178.998] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0178.999] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87efa0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="NSI.dll") returned 0x7 [0179.002] CoTaskMemFree (pv=0x6b19c0) [0179.002] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0179.003] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87efa0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\NSI.dll" (normalized: "c:\\windows\\system32\\nsi.dll")) returned 0x1b [0179.006] CoTaskMemFree (pv=0x6b2240) [0179.007] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8727c0000, lpmodinfo=0x2654670, cb=0x18 | out: lpmodinfo=0x2654670*(lpBaseOfDll=0x7ff8727c0000, SizeOfImage=0x40000, EntryPoint=0x7ff8727d6c60)) returned 1 [0179.010] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0179.010] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8727c0000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="netprofm.dll") returned 0xc [0179.014] CoTaskMemFree (pv=0x6b3340) [0179.014] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0179.014] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8727c0000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\netprofm.dll" (normalized: "c:\\windows\\system32\\netprofm.dll")) returned 0x20 [0179.018] CoTaskMemFree (pv=0x6b19c0) [0179.018] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff874a90000, lpmodinfo=0x2656828, cb=0x18 | out: lpmodinfo=0x2656828*(lpBaseOfDll=0x7ff874a90000, SizeOfImage=0xe000, EntryPoint=0x7ff874a91460)) returned 1 [0179.023] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0179.023] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff874a90000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="npmproxy.dll") returned 0xc [0179.027] CoTaskMemFree (pv=0x6b2240) [0179.027] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0179.027] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff874a90000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\npmproxy.dll" (normalized: "c:\\windows\\system32\\npmproxy.dll")) returned 0x20 [0179.032] CoTaskMemFree (pv=0x6b0040) [0179.032] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c480000, lpmodinfo=0x26589e0, cb=0x18 | out: lpmodinfo=0x26589e0*(lpBaseOfDll=0x7ff87c480000, SizeOfImage=0x99000, EntryPoint=0x7ff87c4af4e0)) returned 1 [0179.036] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0179.036] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c480000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="sxs.dll") returned 0x7 [0179.040] CoTaskMemFree (pv=0x6b3340) [0179.040] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0179.040] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c480000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\sxs.dll" (normalized: "c:\\windows\\system32\\sxs.dll")) returned 0x1b [0179.044] CoTaskMemFree (pv=0x6b1140) [0179.044] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878bf0000, lpmodinfo=0x265ab78, cb=0x18 | out: lpmodinfo=0x265ab78*(lpBaseOfDll=0x7ff878bf0000, SizeOfImage=0x61000, EntryPoint=0x7ff878bf4b50)) returned 1 [0179.049] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0179.049] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878bf0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="wlanapi.dll") returned 0xb [0179.053] CoTaskMemFree (pv=0x6b08c0) [0179.053] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0179.053] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878bf0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wlanapi.dll" (normalized: "c:\\windows\\system32\\wlanapi.dll")) returned 0x1f [0179.057] CoTaskMemFree (pv=0x6b1140) [0179.057] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86d310000, lpmodinfo=0x265cd20, cb=0x18 | out: lpmodinfo=0x265cd20*(lpBaseOfDll=0x7ff86d310000, SizeOfImage=0x16000, EntryPoint=0x7ff86d311d50)) returned 1 [0179.061] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0179.061] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86d310000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="wwapi.dll") returned 0x9 [0179.066] CoTaskMemFree (pv=0x6b0040) [0179.066] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0179.066] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86d310000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wwapi.dll" (normalized: "c:\\windows\\system32\\wwapi.dll")) returned 0x1d [0179.070] CoTaskMemFree (pv=0x6b0040) [0179.070] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87bf40000, lpmodinfo=0x265eec8, cb=0x18 | out: lpmodinfo=0x265eec8*(lpBaseOfDll=0x7ff87bf40000, SizeOfImage=0x17000, EntryPoint=0x7ff87bf479d0)) returned 1 [0179.074] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0179.074] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87bf40000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="CRYPTSP.dll") returned 0xb [0179.078] CoTaskMemFree (pv=0x6b1140) [0179.078] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0179.078] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87bf40000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\CRYPTSP.dll" (normalized: "c:\\windows\\system32\\cryptsp.dll")) returned 0x1f [0179.082] CoTaskMemFree (pv=0x6b19c0) [0179.082] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87bbd0000, lpmodinfo=0x2661070, cb=0x18 | out: lpmodinfo=0x2661070*(lpBaseOfDll=0x7ff87bbd0000, SizeOfImage=0x34000, EntryPoint=0x7ff87bbeae70)) returned 1 [0179.086] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0179.086] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87bbd0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="rsaenh.dll") returned 0xa [0179.090] CoTaskMemFree (pv=0x6b0040) [0179.091] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0179.091] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87bbd0000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\rsaenh.dll" (normalized: "c:\\windows\\system32\\rsaenh.dll")) returned 0x1e [0179.095] CoTaskMemFree (pv=0x6b2240) [0179.095] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c060000, lpmodinfo=0x2663218, cb=0x18 | out: lpmodinfo=0x2663218*(lpBaseOfDll=0x7ff87c060000, SizeOfImage=0xb000, EntryPoint=0x7ff87c0619a0)) returned 1 [0179.099] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0179.100] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c060000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="CRYPTBASE.dll") returned 0xd [0179.104] CoTaskMemFree (pv=0x6b19c0) [0179.104] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0179.104] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c060000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\CRYPTBASE.dll" (normalized: "c:\\windows\\system32\\cryptbase.dll")) returned 0x21 [0179.110] CoTaskMemFree (pv=0x6b19c0) [0179.110] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86c400000, lpmodinfo=0x26653d0, cb=0x18 | out: lpmodinfo=0x26653d0*(lpBaseOfDll=0x7ff86c400000, SizeOfImage=0x22000, EntryPoint=0x7ff86c402580)) returned 1 [0179.114] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0179.114] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86c400000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="wcmapi.dll") returned 0xa [0179.120] CoTaskMemFree (pv=0x6b2240) [0179.120] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0179.120] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86c400000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wcmapi.dll" (normalized: "c:\\windows\\system32\\wcmapi.dll")) returned 0x1e [0179.124] CoTaskMemFree (pv=0x6b2ac0) [0179.125] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87b380000, lpmodinfo=0x2667578, cb=0x18 | out: lpmodinfo=0x2667578*(lpBaseOfDll=0x7ff87b380000, SizeOfImage=0x2a000, EntryPoint=0x7ff87b388b90)) returned 1 [0179.129] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0179.129] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87b380000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="RMCLIENT.dll") returned 0xc [0179.133] CoTaskMemFree (pv=0x6b19c0) [0179.134] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0179.134] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87b380000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\RMCLIENT.dll" (normalized: "c:\\windows\\system32\\rmclient.dll")) returned 0x20 [0179.139] CoTaskMemFree (pv=0x6b19c0) [0179.139] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86f220000, lpmodinfo=0x2669730, cb=0x18 | out: lpmodinfo=0x2669730*(lpBaseOfDll=0x7ff86f220000, SizeOfImage=0x17000, EntryPoint=0x7ff86f226620)) returned 1 [0179.144] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0179.144] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86f220000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="msauserext.dll") returned 0xe [0179.148] CoTaskMemFree (pv=0x6b19c0) [0179.148] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0179.149] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86f220000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\msauserext.dll" (normalized: "c:\\windows\\system32\\msauserext.dll")) returned 0x22 [0179.153] CoTaskMemFree (pv=0x6b2ac0) [0179.153] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ae40000, lpmodinfo=0x266b8e8, cb=0x18 | out: lpmodinfo=0x266b8e8*(lpBaseOfDll=0x7ff87ae40000, SizeOfImage=0x2c000, EntryPoint=0x7ff87ae41d20)) returned 1 [0179.158] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0179.158] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ae40000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="AuthBroker.dll") returned 0xe [0179.162] CoTaskMemFree (pv=0x6b08c0) [0179.162] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0179.163] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ae40000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\AuthBroker.dll" (normalized: "c:\\windows\\system32\\authbroker.dll")) returned 0x22 [0179.167] CoTaskMemFree (pv=0x6b2240) [0179.167] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875230000, lpmodinfo=0x266daa0, cb=0x18 | out: lpmodinfo=0x266daa0*(lpBaseOfDll=0x7ff875230000, SizeOfImage=0x16000, EntryPoint=0x7ff875231b60)) returned 1 [0179.172] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0179.172] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875230000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="wkscli.dll") returned 0xa [0179.177] CoTaskMemFree (pv=0x6b2ac0) [0179.177] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0179.177] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875230000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wkscli.dll" (normalized: "c:\\windows\\system32\\wkscli.dll")) returned 0x1e [0179.182] CoTaskMemFree (pv=0x6b08c0) [0179.182] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87b9d0000, lpmodinfo=0x266fc48, cb=0x18 | out: lpmodinfo=0x266fc48*(lpBaseOfDll=0x7ff87b9d0000, SizeOfImage=0xc000, EntryPoint=0x7ff87b9d27e0)) returned 1 [0179.187] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0179.187] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87b9d0000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="netutils.dll") returned 0xc [0179.192] CoTaskMemFree (pv=0x6b08c0) [0179.192] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0179.192] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87b9d0000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\netutils.dll" (normalized: "c:\\windows\\system32\\netutils.dll")) returned 0x20 [0179.196] CoTaskMemFree (pv=0x6b08c0) [0179.196] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878b20000, lpmodinfo=0x2671e00, cb=0x18 | out: lpmodinfo=0x2671e00*(lpBaseOfDll=0x7ff878b20000, SizeOfImage=0xc8000, EntryPoint=0x7ff878b613f0)) returned 1 [0179.200] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0179.201] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878b20000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="WINHTTP.dll") returned 0xb [0179.206] CoTaskMemFree (pv=0x6b2ac0) [0179.206] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0179.206] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878b20000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\WINHTTP.dll" (normalized: "c:\\windows\\system32\\winhttp.dll")) returned 0x1f [0179.212] CoTaskMemFree (pv=0x6b2240) [0179.212] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86d2d0000, lpmodinfo=0x2673fa8, cb=0x18 | out: lpmodinfo=0x2673fa8*(lpBaseOfDll=0x7ff86d2d0000, SizeOfImage=0x36000, EntryPoint=0x7ff86d2d27f0)) returned 1 [0179.217] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0179.217] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86d2d0000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="Windows.Networking.HostName.dll") returned 0x1f [0179.223] CoTaskMemFree (pv=0x6b19c0) [0179.223] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0179.223] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86d2d0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.Networking.HostName.dll" (normalized: "c:\\windows\\system32\\windows.networking.hostname.dll")) returned 0x33 [0179.228] CoTaskMemFree (pv=0x6b0040) [0179.228] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ab10000, lpmodinfo=0x26761a0, cb=0x18 | out: lpmodinfo=0x26761a0*(lpBaseOfDll=0x7ff87ab10000, SizeOfImage=0x186000, EntryPoint=0x7ff87ab5d700)) returned 1 [0179.250] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0179.250] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ab10000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="PROPSYS.dll") returned 0xb [0179.255] CoTaskMemFree (pv=0x6b1140) [0179.255] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0179.255] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ab10000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\PROPSYS.dll" (normalized: "c:\\windows\\system32\\propsys.dll")) returned 0x1f [0179.270] CoTaskMemFree (pv=0x6b1140) [0179.270] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875600000, lpmodinfo=0x2678348, cb=0x18 | out: lpmodinfo=0x2678348*(lpBaseOfDll=0x7ff875600000, SizeOfImage=0xaa000, EntryPoint=0x7ff875637c30)) returned 1 [0179.275] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0179.275] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875600000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="StructuredQuery.dll") returned 0x13 [0179.281] CoTaskMemFree (pv=0x6b3340) [0179.281] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0179.281] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875600000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StructuredQuery.dll" (normalized: "c:\\windows\\system32\\structuredquery.dll")) returned 0x27 [0179.286] CoTaskMemFree (pv=0x6b3340) [0179.287] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875790000, lpmodinfo=0x267a510, cb=0x18 | out: lpmodinfo=0x267a510*(lpBaseOfDll=0x7ff875790000, SizeOfImage=0x48000, EntryPoint=0x7ff87579c0e0)) returned 1 [0179.292] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0179.292] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875790000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="MSWB7.dll") returned 0x9 [0179.297] CoTaskMemFree (pv=0x6b19c0) [0179.297] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0179.298] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875790000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\MSWB7.dll" (normalized: "c:\\windows\\system32\\mswb7.dll")) returned 0x1d [0179.303] CoTaskMemFree (pv=0x6b2ac0) [0179.303] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff878df0000, lpmodinfo=0x267c6b8, cb=0x18 | out: lpmodinfo=0x267c6b8*(lpBaseOfDll=0x7ff878df0000, SizeOfImage=0x4a000, EntryPoint=0x7ff878dfac30)) returned 1 [0179.309] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0179.309] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff878df0000, lpBaseName=0x6b0040, nSize=0x800 | out: lpBaseName="deviceaccess.dll") returned 0x10 [0179.314] CoTaskMemFree (pv=0x6b0040) [0179.314] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0179.314] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff878df0000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\deviceaccess.dll" (normalized: "c:\\windows\\system32\\deviceaccess.dll")) returned 0x24 [0179.320] CoTaskMemFree (pv=0x6b3340) [0179.320] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff86e6e0000, lpmodinfo=0x267e880, cb=0x18 | out: lpmodinfo=0x267e880*(lpBaseOfDll=0x7ff86e6e0000, SizeOfImage=0xce000, EntryPoint=0x7ff86e7114c0)) returned 1 [0179.325] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0179.325] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff86e6e0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="TokenBroker.dll") returned 0xf [0179.330] CoTaskMemFree (pv=0x6b1140) [0179.330] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0179.330] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff86e6e0000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\TokenBroker.dll" (normalized: "c:\\windows\\system32\\tokenbroker.dll")) returned 0x23 [0179.336] CoTaskMemFree (pv=0x6b1140) [0179.336] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ad00000, lpmodinfo=0x2680a38, cb=0x18 | out: lpmodinfo=0x2680a38*(lpBaseOfDll=0x7ff87ad00000, SizeOfImage=0x13000, EntryPoint=0x7ff87ad02760)) returned 1 [0179.342] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0179.342] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ad00000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wtsapi32.dll") returned 0xc [0179.348] CoTaskMemFree (pv=0x6b3340) [0179.348] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0179.348] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ad00000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\SYSTEM32\\wtsapi32.dll" (normalized: "c:\\windows\\system32\\wtsapi32.dll")) returned 0x20 [0179.354] CoTaskMemFree (pv=0x6b2ac0) [0179.354] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff861830000, lpmodinfo=0x2682bf0, cb=0x18 | out: lpmodinfo=0x2682bf0*(lpBaseOfDll=0x7ff861830000, SizeOfImage=0x50000, EntryPoint=0x7ff861861220)) returned 1 [0179.359] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0179.359] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff861830000, lpBaseName=0x6b08c0, nSize=0x800 | out: lpBaseName="Windows.System.Launcher.dll") returned 0x1b [0179.365] CoTaskMemFree (pv=0x6b08c0) [0179.365] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0179.365] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff861830000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.System.Launcher.dll" (normalized: "c:\\windows\\system32\\windows.system.launcher.dll")) returned 0x2f [0179.370] CoTaskMemFree (pv=0x6b0040) [0179.370] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff873e20000, lpmodinfo=0x26851f0, cb=0x18 | out: lpmodinfo=0x26851f0*(lpBaseOfDll=0x7ff873e20000, SizeOfImage=0x9000, EntryPoint=0x7ff873e21480)) returned 1 [0179.376] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0179.376] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff873e20000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="WpPortingLibrary.dll") returned 0x14 [0179.382] CoTaskMemFree (pv=0x6b19c0) [0179.382] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0179.382] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff873e20000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\WpPortingLibrary.dll" (normalized: "c:\\windows\\system32\\wpportinglibrary.dll")) returned 0x28 [0179.388] CoTaskMemFree (pv=0x6b1140) [0179.388] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87ae30000, lpmodinfo=0x26873c8, cb=0x18 | out: lpmodinfo=0x26873c8*(lpBaseOfDll=0x7ff87ae30000, SizeOfImage=0xc000, EntryPoint=0x7ff87ae31470)) returned 1 [0179.393] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0179.393] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87ae30000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="dsclient.dll") returned 0xc [0179.398] CoTaskMemFree (pv=0x6b3340) [0179.399] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0179.399] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87ae30000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\dsclient.dll" (normalized: "c:\\windows\\system32\\dsclient.dll")) returned 0x20 [0179.404] CoTaskMemFree (pv=0x6b0040) [0179.404] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff865970000, lpmodinfo=0x2689580, cb=0x18 | out: lpmodinfo=0x2689580*(lpBaseOfDll=0x7ff865970000, SizeOfImage=0xac000, EntryPoint=0x7ff8659759c0)) returned 1 [0179.411] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0179.411] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff865970000, lpBaseName=0x6b19c0, nSize=0x800 | out: lpBaseName="ieproxy.dll") returned 0xb [0179.417] CoTaskMemFree (pv=0x6b19c0) [0179.417] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0179.417] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff865970000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\ieproxy.dll" (normalized: "c:\\windows\\system32\\ieproxy.dll")) returned 0x1f [0179.423] CoTaskMemFree (pv=0x6b2ac0) [0179.423] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff8736c0000, lpmodinfo=0x268b728, cb=0x18 | out: lpmodinfo=0x268b728*(lpBaseOfDll=0x7ff8736c0000, SizeOfImage=0x2a3000, EntryPoint=0x7ff8736e6190)) returned 1 [0179.429] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0179.429] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff8736c0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="Windows.StateRepository.dll") returned 0x1b [0179.434] CoTaskMemFree (pv=0x6b1140) [0179.434] CoTaskMemAlloc (cb=0x804) returned 0x6b0040 [0179.434] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff8736c0000, lpFilename=0x6b0040, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\Windows.StateRepository.dll" (normalized: "c:\\windows\\system32\\windows.staterepository.dll")) returned 0x2f [0179.441] CoTaskMemFree (pv=0x6b0040) [0179.441] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff873620000, lpmodinfo=0x268d910, cb=0x18 | out: lpmodinfo=0x268d910*(lpBaseOfDll=0x7ff873620000, SizeOfImage=0x94000, EntryPoint=0x7ff873659210)) returned 1 [0179.447] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0179.447] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff873620000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="StateRepository.Core.dll") returned 0x18 [0179.453] CoTaskMemFree (pv=0x6b2ac0) [0179.453] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0179.453] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff873620000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\StateRepository.Core.dll" (normalized: "c:\\windows\\system32\\staterepository.core.dll")) returned 0x2c [0179.459] CoTaskMemFree (pv=0x6b2240) [0179.459] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff875080000, lpmodinfo=0x268faf8, cb=0x18 | out: lpmodinfo=0x268faf8*(lpBaseOfDll=0x7ff875080000, SizeOfImage=0x41000, EntryPoint=0x7ff875084840)) returned 1 [0179.464] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0179.465] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff875080000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="usermgrproxy.dll") returned 0x10 [0179.471] CoTaskMemFree (pv=0x6b2ac0) [0179.471] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0179.471] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff875080000, lpFilename=0x6b1140, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\usermgrproxy.dll" (normalized: "c:\\windows\\system32\\usermgrproxy.dll")) returned 0x24 [0179.477] CoTaskMemFree (pv=0x6b1140) [0179.477] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff867260000, lpmodinfo=0x2691cc0, cb=0x18 | out: lpmodinfo=0x2691cc0*(lpBaseOfDll=0x7ff867260000, SizeOfImage=0x4b000, EntryPoint=0x7ff867271590)) returned 1 [0179.484] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0179.484] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff867260000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="vaultcli.dll") returned 0xc [0179.490] CoTaskMemFree (pv=0x6b3340) [0179.490] CoTaskMemAlloc (cb=0x804) returned 0x6b08c0 [0179.490] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff867260000, lpFilename=0x6b08c0, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\vaultcli.dll" (normalized: "c:\\windows\\system32\\vaultcli.dll")) returned 0x20 [0179.504] CoTaskMemFree (pv=0x6b08c0) [0179.504] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87d170000, lpmodinfo=0x2693e78, cb=0x18 | out: lpmodinfo=0x2693e78*(lpBaseOfDll=0x7ff87d170000, SizeOfImage=0x1c7000, EntryPoint=0x7ff87d1cdb80)) returned 1 [0179.510] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0179.510] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87d170000, lpBaseName=0x6b2240, nSize=0x800 | out: lpBaseName="CRYPT32.dll") returned 0xb [0179.517] CoTaskMemFree (pv=0x6b2240) [0179.517] CoTaskMemAlloc (cb=0x804) returned 0x6b19c0 [0179.517] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87d170000, lpFilename=0x6b19c0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\CRYPT32.dll" (normalized: "c:\\windows\\system32\\crypt32.dll")) returned 0x1f [0179.523] CoTaskMemFree (pv=0x6b19c0) [0179.523] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff87c5c0000, lpmodinfo=0x2696020, cb=0x18 | out: lpmodinfo=0x2696020*(lpBaseOfDll=0x7ff87c5c0000, SizeOfImage=0x10000, EntryPoint=0x7ff87c5c56e0)) returned 1 [0179.529] CoTaskMemAlloc (cb=0x804) returned 0x6b1140 [0179.529] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff87c5c0000, lpBaseName=0x6b1140, nSize=0x800 | out: lpBaseName="MSASN1.dll") returned 0xa [0179.535] CoTaskMemFree (pv=0x6b1140) [0179.535] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0179.535] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff87c5c0000, lpFilename=0x6b2ac0, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\MSASN1.dll" (normalized: "c:\\windows\\system32\\msasn1.dll")) returned 0x1e [0179.542] CoTaskMemFree (pv=0x6b2ac0) [0179.543] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff870840000, lpmodinfo=0x26981c8, cb=0x18 | out: lpmodinfo=0x26981c8*(lpBaseOfDll=0x7ff870840000, SizeOfImage=0x1b8000, EntryPoint=0x7ff8708ae630)) returned 1 [0179.549] CoTaskMemAlloc (cb=0x804) returned 0x6b2ac0 [0179.549] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff870840000, lpBaseName=0x6b2ac0, nSize=0x800 | out: lpBaseName="urlmon.dll") returned 0xa [0179.555] CoTaskMemFree (pv=0x6b2ac0) [0179.555] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0179.556] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff870840000, lpFilename=0x6b3340, nSize=0x800 | out: lpFilename="C:\\Windows\\system32\\urlmon.dll" (normalized: "c:\\windows\\system32\\urlmon.dll")) returned 0x1e [0179.643] CoTaskMemFree (pv=0x6b3340) [0179.643] GetModuleInformation (in: hProcess=0x264, hModule=0x7ff861360000, lpmodinfo=0x269a370, cb=0x18 | out: lpmodinfo=0x269a370*(lpBaseOfDll=0x7ff861360000, SizeOfImage=0xa3000, EntryPoint=0x7ff861374810)) returned 1 [0179.649] CoTaskMemAlloc (cb=0x804) returned 0x6b3340 [0179.649] GetModuleBaseNameW (in: hProcess=0x264, hModule=0x7ff861360000, lpBaseName=0x6b3340, nSize=0x800 | out: lpBaseName="wpnapps.dll") returned 0xb [0179.655] CoTaskMemFree (pv=0x6b3340) [0179.655] CoTaskMemAlloc (cb=0x804) returned 0x6b2240 [0179.655] GetModuleFileNameExW (in: hProcess=0x264, hModule=0x7ff861360000, lpFilename=0x6b2240, nSize=0x800 | out: lpFilename="C:\\Windows\\System32\\wpnapps.dll" (normalized: "c:\\windows\\system32\\wpnapps.dll")) returned 0x1f [0179.662] CoTaskMemFree (pv=0x6b2240) [0179.662] CloseHandle (hObject=0x264) returned 1 [0179.663] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0179.723] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0179.766] CoTaskMemAlloc (cb=0x20c) returned 0x63c010 [0179.766] SHGetFolderPathW (in: hwnd=0x0, csidl=7, hToken=0x0, dwFlags=0x0, pszPath=0x63c010 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x0 [0179.773] CoTaskMemFree (pv=0x63c010) [0179.773] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpFilePart=0x0) returned 0x53 [0179.773] CoTaskMemAlloc (cb=0x20c) returned 0x63c010 [0179.773] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x63c010 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0179.774] CoTaskMemFree (pv=0x63c010) [0179.774] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0179.815] CoTaskMemAlloc (cb=0x20c) returned 0x63c010 [0179.815] SHGetFolderPathW (in: hwnd=0x0, csidl=7, hToken=0x0, dwFlags=0x0, pszPath=0x63c010 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x0 [0179.815] CoTaskMemFree (pv=0x63c010) [0179.815] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpFilePart=0x0) returned 0x53 [0179.815] GetCurrentProcessId () returned 0x57c [0179.817] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x1250a1b0, Length=0x20000, ResultLength=0x14efa0 | out: SystemInformation=0x1250a1b0, ResultLength=0x14efa0*=0x1de40) returned 0x0 [0179.837] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.url", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.url", lpFilePart=0x0) returned 0x5f [0179.838] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed70) returned 1 [0179.838] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.url" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\svchost.url"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2d4 [0179.842] GetFileType (hFile=0x2d4) returned 0x1 [0179.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ece0) returned 1 [0179.842] GetFileType (hFile=0x2d4) returned 0x1 [0179.842] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", nBufferLength=0x105, lpBuffer=0x14e920, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\svchost.exe", lpFilePart=0x0) returned 0x31 [0179.856] WriteFile (in: hFile=0x2d4, lpBuffer=0x26d7ab8*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x14ee28, lpOverlapped=0x0 | out: lpBuffer=0x26d7ab8*, lpNumberOfBytesWritten=0x14ee28*=0x9c, lpOverlapped=0x0) returned 1 [0179.857] CloseHandle (hObject=0x2d4) returned 1 [0179.909] GetLogicalDrives () returned 0x4 [0179.910] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0180.017] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0180.018] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0180.023] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e [0180.032] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xd0b2e0a, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0xd0b2e0a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0180.033] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xd0b2e0a, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0xd0b2e0a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0180.034] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a22e910, ftCreationTime.dwHighDateTime=0x1d81bfa, ftLastAccessTime.dwLowDateTime=0xea63790, ftLastAccessTime.dwHighDateTime=0x1d82818, ftLastWriteTime.dwLowDateTime=0xea63790, ftLastWriteTime.dwHighDateTime=0x1d82818, nFileSizeHigh=0x0, nFileSizeLow=0x876e, dwReserved0=0x0, dwReserved1=0x0, cFileName="2tiKE.m4a", cAlternateFileName="")) returned 1 [0180.034] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd86a9360, ftCreationTime.dwHighDateTime=0x1d82362, ftLastAccessTime.dwLowDateTime=0xcc3c5400, ftLastAccessTime.dwHighDateTime=0x1d826ed, ftLastWriteTime.dwLowDateTime=0xcc3c5400, ftLastWriteTime.dwHighDateTime=0x1d826ed, nFileSizeHigh=0x0, nFileSizeLow=0x1294c, dwReserved0=0x0, dwReserved1=0x0, cFileName="505vm9.swf", cAlternateFileName="")) returned 1 [0180.034] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5be420, ftCreationTime.dwHighDateTime=0x1d8230f, ftLastAccessTime.dwLowDateTime=0xd6ceea20, ftLastAccessTime.dwHighDateTime=0x1d82857, ftLastWriteTime.dwLowDateTime=0xd6ceea20, ftLastWriteTime.dwHighDateTime=0x1d82857, nFileSizeHigh=0x0, nFileSizeLow=0x173c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="9ABjQ1b3wA2cIKcd.flv", cAlternateFileName="9ABJQ1~1.FLV")) returned 1 [0180.034] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb91e780, ftCreationTime.dwHighDateTime=0x1d858f1, ftLastAccessTime.dwLowDateTime=0xeb91e780, ftLastAccessTime.dwHighDateTime=0x1d858f1, ftLastWriteTime.dwLowDateTime=0x263f5400, ftLastWriteTime.dwHighDateTime=0x1d858e1, nFileSizeHigh=0x0, nFileSizeLow=0x6800, dwReserved0=0x0, dwReserved1=0x0, cFileName="a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", cAlternateFileName="A7F09C~1.EXE")) returned 1 [0180.035] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83be2040, ftCreationTime.dwHighDateTime=0x1d8285b, ftLastAccessTime.dwLowDateTime=0xc2b25400, ftLastAccessTime.dwHighDateTime=0x1d82893, ftLastWriteTime.dwLowDateTime=0xc2b25400, ftLastWriteTime.dwHighDateTime=0x1d82893, nFileSizeHigh=0x0, nFileSizeLow=0x8918, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bh_dyqBOzR8.swf", cAlternateFileName="BH_DYQ~1.SWF")) returned 1 [0180.035] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfba64860, ftCreationTime.dwHighDateTime=0x1d81b97, ftLastAccessTime.dwLowDateTime=0x7c2644a0, ftLastAccessTime.dwHighDateTime=0x1d81f7f, ftLastWriteTime.dwLowDateTime=0x7c2644a0, ftLastWriteTime.dwHighDateTime=0x1d81f7f, nFileSizeHigh=0x0, nFileSizeLow=0x6569, dwReserved0=0x0, dwReserved1=0x0, cFileName="BiqZhzQpPpNFiiegsAS.mkv", cAlternateFileName="BIQZHZ~1.MKV")) returned 1 [0180.035] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91746cd0, ftCreationTime.dwHighDateTime=0x1d828ce, ftLastAccessTime.dwLowDateTime=0xf8bcdaf0, ftLastAccessTime.dwHighDateTime=0x1d829b7, ftLastWriteTime.dwLowDateTime=0xf8bcdaf0, ftLastWriteTime.dwHighDateTime=0x1d829b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bjr3u", cAlternateFileName="")) returned 1 [0180.035] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd308590, ftCreationTime.dwHighDateTime=0x1d81fef, ftLastAccessTime.dwLowDateTime=0xb961b180, ftLastAccessTime.dwHighDateTime=0x1d8256d, ftLastWriteTime.dwLowDateTime=0xb961b180, ftLastWriteTime.dwHighDateTime=0x1d8256d, nFileSizeHigh=0x0, nFileSizeLow=0x6407, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cp L8O_LsjVMCQa-GI.gif", cAlternateFileName="CPL8O_~1.GIF")) returned 1 [0180.035] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0180.035] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e06dc30, ftCreationTime.dwHighDateTime=0x1d821ae, ftLastAccessTime.dwLowDateTime=0x2ae6cd40, ftLastAccessTime.dwHighDateTime=0x1d826b3, ftLastWriteTime.dwLowDateTime=0x2ae6cd40, ftLastWriteTime.dwHighDateTime=0x1d826b3, nFileSizeHigh=0x0, nFileSizeLow=0x1774d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ICzw-hYXI.bmp", cAlternateFileName="ICZW-H~1.BMP")) returned 1 [0180.035] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf54d8940, ftCreationTime.dwHighDateTime=0x1d820ad, ftLastAccessTime.dwLowDateTime=0xd9ca63a0, ftLastAccessTime.dwHighDateTime=0x1d824e5, ftLastWriteTime.dwLowDateTime=0xd9ca63a0, ftLastWriteTime.dwHighDateTime=0x1d824e5, nFileSizeHigh=0x0, nFileSizeLow=0x643a, dwReserved0=0x0, dwReserved1=0x0, cFileName="iEg5ajMoeBZC.mp4", cAlternateFileName="IEG5AJ~1.MP4")) returned 1 [0180.036] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc458100, ftCreationTime.dwHighDateTime=0x1d81a09, ftLastAccessTime.dwLowDateTime=0x5aa65240, ftLastAccessTime.dwHighDateTime=0x1d8286f, ftLastWriteTime.dwLowDateTime=0x5aa65240, ftLastWriteTime.dwHighDateTime=0x1d8286f, nFileSizeHigh=0x0, nFileSizeLow=0x1354f, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkAT8Q.rtf", cAlternateFileName="")) returned 1 [0180.036] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cab9260, ftCreationTime.dwHighDateTime=0x1d81e4e, ftLastAccessTime.dwLowDateTime=0x2ae8bbf0, ftLastAccessTime.dwHighDateTime=0x1d828ca, ftLastWriteTime.dwLowDateTime=0x2ae8bbf0, ftLastWriteTime.dwHighDateTime=0x1d828ca, nFileSizeHigh=0x0, nFileSizeLow=0x7415, dwReserved0=0x0, dwReserved1=0x0, cFileName="k-2kcKE.mkv", cAlternateFileName="")) returned 1 [0180.036] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ad53b00, ftCreationTime.dwHighDateTime=0x1d8282e, ftLastAccessTime.dwLowDateTime=0x17573b10, ftLastAccessTime.dwHighDateTime=0x1d82943, ftLastWriteTime.dwLowDateTime=0x17573b10, ftLastWriteTime.dwHighDateTime=0x1d82943, nFileSizeHigh=0x0, nFileSizeLow=0x16655, dwReserved0=0x0, dwReserved1=0x0, cFileName="KvJg7fTjd.ppt", cAlternateFileName="KVJG7F~1.PPT")) returned 1 [0180.036] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb434b270, ftCreationTime.dwHighDateTime=0x1d825f4, ftLastAccessTime.dwLowDateTime=0x87f2f760, ftLastAccessTime.dwHighDateTime=0x1d829bb, ftLastWriteTime.dwLowDateTime=0x87f2f760, ftLastWriteTime.dwHighDateTime=0x1d829bb, nFileSizeHigh=0x0, nFileSizeLow=0x166a6, dwReserved0=0x0, dwReserved1=0x0, cFileName="mS0Pc.m4a", cAlternateFileName="")) returned 1 [0180.036] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xceb94b00, ftCreationTime.dwHighDateTime=0x1d82244, ftLastAccessTime.dwLowDateTime=0xa09154c0, ftLastAccessTime.dwHighDateTime=0x1d827c1, ftLastWriteTime.dwLowDateTime=0xa09154c0, ftLastWriteTime.dwHighDateTime=0x1d827c1, nFileSizeHigh=0x0, nFileSizeLow=0x58ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="NdRfu9tUbI.wav", cAlternateFileName="NDRFU9~1.WAV")) returned 1 [0180.036] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3f8fc10, ftCreationTime.dwHighDateTime=0x1d820b6, ftLastAccessTime.dwLowDateTime=0xfd4c06c0, ftLastAccessTime.dwHighDateTime=0x1d82798, ftLastWriteTime.dwLowDateTime=0xfd4c06c0, ftLastWriteTime.dwHighDateTime=0x1d82798, nFileSizeHigh=0x0, nFileSizeLow=0x10167, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pdz8n1 UI6B5ybck59.mp3", cAlternateFileName="PDZ8N1~1.MP3")) returned 1 [0180.036] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc76fa210, ftCreationTime.dwHighDateTime=0x1d81c6b, ftLastAccessTime.dwLowDateTime=0x71903d50, ftLastAccessTime.dwHighDateTime=0x1d81cbb, ftLastWriteTime.dwLowDateTime=0x71903d50, ftLastWriteTime.dwHighDateTime=0x1d81cbb, nFileSizeHigh=0x0, nFileSizeLow=0xe264, dwReserved0=0x0, dwReserved1=0x0, cFileName="R4ZOtCCfPyPi.png", cAlternateFileName="R4ZOTC~1.PNG")) returned 1 [0180.037] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa27af970, ftCreationTime.dwHighDateTime=0x1d82178, ftLastAccessTime.dwLowDateTime=0x8ba88920, ftLastAccessTime.dwHighDateTime=0x1d8296a, ftLastWriteTime.dwLowDateTime=0x8ba88920, ftLastWriteTime.dwHighDateTime=0x1d8296a, nFileSizeHigh=0x0, nFileSizeLow=0x13f3f, dwReserved0=0x0, dwReserved1=0x0, cFileName="SfNsa8YB.avi", cAlternateFileName="")) returned 1 [0180.037] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fe8e730, ftCreationTime.dwHighDateTime=0x1d82610, ftLastAccessTime.dwLowDateTime=0x6e274200, ftLastAccessTime.dwHighDateTime=0x1d8262d, ftLastWriteTime.dwLowDateTime=0x6e274200, ftLastWriteTime.dwHighDateTime=0x1d8262d, nFileSizeHigh=0x0, nFileSizeLow=0x6e31, dwReserved0=0x0, dwReserved1=0x0, cFileName="sxWMOh.mkv", cAlternateFileName="")) returned 1 [0180.037] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xace2b8b0, ftCreationTime.dwHighDateTime=0x1d82166, ftLastAccessTime.dwLowDateTime=0xe534fe60, ftLastAccessTime.dwHighDateTime=0x1d8254b, ftLastWriteTime.dwLowDateTime=0xe534fe60, ftLastWriteTime.dwHighDateTime=0x1d8254b, nFileSizeHigh=0x0, nFileSizeLow=0x6458, dwReserved0=0x0, dwReserved1=0x0, cFileName="t8p41K1nPNZvX.m4a", cAlternateFileName="T8P41K~1.M4A")) returned 1 [0180.037] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e00acc0, ftCreationTime.dwHighDateTime=0x1d81f60, ftLastAccessTime.dwLowDateTime=0x3fcaf4c0, ftLastAccessTime.dwHighDateTime=0x1d828ca, ftLastWriteTime.dwLowDateTime=0x3fcaf4c0, ftLastWriteTime.dwHighDateTime=0x1d828ca, nFileSizeHigh=0x0, nFileSizeLow=0x18ee7, dwReserved0=0x0, dwReserved1=0x0, cFileName="tSEGMvCPcMx.jpg", cAlternateFileName="TSEGMV~1.JPG")) returned 1 [0180.037] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x650c8f10, ftCreationTime.dwHighDateTime=0x1d81c21, ftLastAccessTime.dwLowDateTime=0xd62974d0, ftLastAccessTime.dwHighDateTime=0x1d81c42, ftLastWriteTime.dwLowDateTime=0xd62974d0, ftLastWriteTime.dwHighDateTime=0x1d81c42, nFileSizeHigh=0x0, nFileSizeLow=0x9ee0, dwReserved0=0x0, dwReserved1=0x0, cFileName="y2H9O8xlmETgCAbycT.png", cAlternateFileName="Y2H9O8~1.PNG")) returned 1 [0180.037] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2e23fe0, ftCreationTime.dwHighDateTime=0x1d82a28, ftLastAccessTime.dwLowDateTime=0xcf668310, ftLastAccessTime.dwHighDateTime=0x1d82a28, ftLastWriteTime.dwLowDateTime=0xcf668310, ftLastWriteTime.dwHighDateTime=0x1d82a28, nFileSizeHigh=0x0, nFileSizeLow=0x15aff, dwReserved0=0x0, dwReserved1=0x0, cFileName="ys5FVy3YwYbsg.m4a", cAlternateFileName="YS5FVY~1.M4A")) returned 1 [0180.038] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4dd50a0, ftCreationTime.dwHighDateTime=0x1d8247d, ftLastAccessTime.dwLowDateTime=0x7316e100, ftLastAccessTime.dwHighDateTime=0x1d82545, ftLastWriteTime.dwLowDateTime=0x7316e100, ftLastWriteTime.dwHighDateTime=0x1d82545, nFileSizeHigh=0x0, nFileSizeLow=0x116db, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ze-VEOovGiNCD_-X5js.ots", cAlternateFileName="ZE-VEO~1.OTS")) returned 1 [0180.038] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4140020, ftCreationTime.dwHighDateTime=0x1d81ca9, ftLastAccessTime.dwLowDateTime=0x88bbbd30, ftLastAccessTime.dwHighDateTime=0x1d820c9, ftLastWriteTime.dwLowDateTime=0x88bbbd30, ftLastWriteTime.dwHighDateTime=0x1d820c9, nFileSizeHigh=0x0, nFileSizeLow=0x138c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zr1fJuAtmLuvrKkw.gif", cAlternateFileName="ZR1FJU~1.GIF")) returned 1 [0180.038] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0180.038] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0180.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0180.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0180.059] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a", lpFilePart=0x0) returned 0x27 [0180.060] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a", lpFilePart=0x0) returned 0x27 [0180.060] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a", dwFileAttributes=0x80) returned 1 [0180.063] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0180.064] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\2tike.m4a"), fInfoLevelId=0x0, lpFileInformation=0x26ddf40 | out: lpFileInformation=0x26ddf40*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x3a22e910, ftCreationTime.dwHighDateTime=0x1d81bfa, ftLastAccessTime.dwLowDateTime=0xea63790, ftLastAccessTime.dwHighDateTime=0x1d82818, ftLastWriteTime.dwLowDateTime=0xea63790, ftLastWriteTime.dwHighDateTime=0x1d82818, nFileSizeHigh=0x0, nFileSizeLow=0x876e)) returned 1 [0180.064] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0180.081] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a", lpFilePart=0x0) returned 0x27 [0180.081] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0180.081] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\2tike.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2d4 [0180.081] GetFileType (hFile=0x2d4) returned 0x1 [0180.081] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0180.081] GetFileType (hFile=0x2d4) returned 0x1 [0180.081] GetFileSize (in: hFile=0x2d4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x876e [0180.082] ReadFile (in: hFile=0x2d4, lpBuffer=0x26de3a0, nNumberOfBytesToRead=0x876e, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x26de3a0*, lpNumberOfBytesRead=0x14edd8*=0x876e, lpOverlapped=0x0) returned 1 [0180.084] CloseHandle (hObject=0x2d4) returned 1 [0180.193] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x14ee20 | out: pfEnabled=0x14ee20) returned 0x0 [0180.621] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a", lpFilePart=0x0) returned 0x27 [0180.621] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0180.621] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\2tike.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0180.622] GetFileType (hFile=0x2f4) returned 0x1 [0180.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0180.622] GetFileType (hFile=0x2f4) returned 0x1 [0180.623] WriteFile (in: hFile=0x2f4, lpBuffer=0x2794270*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2794270*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0180.625] WriteFile (in: hFile=0x2f4, lpBuffer=0x2794270*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2794270*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0180.625] WriteFile (in: hFile=0x2f4, lpBuffer=0x2794270*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2794270*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0180.626] WriteFile (in: hFile=0x2f4, lpBuffer=0x2794270*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2794270*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0180.627] WriteFile (in: hFile=0x2f4, lpBuffer=0x2794270*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2794270*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0180.627] WriteFile (in: hFile=0x2f4, lpBuffer=0x2794270*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2794270*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0180.628] WriteFile (in: hFile=0x2f4, lpBuffer=0x2794270*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2794270*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0180.628] WriteFile (in: hFile=0x2f4, lpBuffer=0x2794270*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2794270*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0180.629] WriteFile (in: hFile=0x2f4, lpBuffer=0x2794270*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2794270*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0180.629] WriteFile (in: hFile=0x2f4, lpBuffer=0x2794270*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2794270*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0180.629] WriteFile (in: hFile=0x2f4, lpBuffer=0x2794270*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2794270*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0180.629] WriteFile (in: hFile=0x2f4, lpBuffer=0x2794270*, nNumberOfBytesToWrite=0x560, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2794270*, lpNumberOfBytesWritten=0x14ec98*=0x560, lpOverlapped=0x0) returned 1 [0180.630] CloseHandle (hObject=0x2f4) returned 1 [0180.657] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a", lpFilePart=0x0) returned 0x27 [0180.657] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a.ampkcz", lpFilePart=0x0) returned 0x2e [0180.657] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0180.657] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\2tike.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a22e910, ftCreationTime.dwHighDateTime=0x1d81bfa, ftLastAccessTime.dwLowDateTime=0xea63790, ftLastAccessTime.dwHighDateTime=0x1d82818, ftLastWriteTime.dwLowDateTime=0x5a10affd, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xb560)) returned 1 [0180.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0180.658] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\2tike.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\2tiKE.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\2tike.m4a.ampkcz")) returned 1 [0180.661] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\readme.txt", lpFilePart=0x0) returned 0x28 [0180.661] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0180.661] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0180.662] GetFileType (hFile=0x2f4) returned 0x1 [0180.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0180.662] GetFileType (hFile=0x2f4) returned 0x1 [0180.665] WriteFile (in: hFile=0x2f4, lpBuffer=0x2797498*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ed48, lpOverlapped=0x0 | out: lpBuffer=0x2797498*, lpNumberOfBytesWritten=0x14ed48*=0x6c6, lpOverlapped=0x0) returned 1 [0180.666] CloseHandle (hObject=0x2f4) returned 1 [0180.669] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf", lpFilePart=0x0) returned 0x28 [0180.669] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf", lpFilePart=0x0) returned 0x28 [0180.669] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf", dwFileAttributes=0x80) returned 1 [0180.669] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0180.669] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\505vm9.swf"), fInfoLevelId=0x0, lpFileInformation=0x2799800 | out: lpFileInformation=0x2799800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd86a9360, ftCreationTime.dwHighDateTime=0x1d82362, ftLastAccessTime.dwLowDateTime=0xcc3c5400, ftLastAccessTime.dwHighDateTime=0x1d826ed, ftLastWriteTime.dwLowDateTime=0xcc3c5400, ftLastWriteTime.dwHighDateTime=0x1d826ed, nFileSizeHigh=0x0, nFileSizeLow=0x1294c)) returned 1 [0180.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0180.670] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf", lpFilePart=0x0) returned 0x28 [0180.670] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0180.670] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\505vm9.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0180.670] GetFileType (hFile=0x2f4) returned 0x1 [0180.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0180.670] GetFileType (hFile=0x2f4) returned 0x1 [0180.670] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x1294c [0180.670] ReadFile (in: hFile=0x2f4, lpBuffer=0x2799c40, nNumberOfBytesToRead=0x1294c, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2799c40*, lpNumberOfBytesRead=0x14edd8*=0x1294c, lpOverlapped=0x0) returned 1 [0180.672] CloseHandle (hObject=0x2f4) returned 1 [0181.474] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf", lpFilePart=0x0) returned 0x28 [0181.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0181.474] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\505vm9.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0181.486] GetFileType (hFile=0x2f4) returned 0x1 [0181.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0181.486] GetFileType (hFile=0x2f4) returned 0x1 [0181.486] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.488] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.488] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.489] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.489] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.489] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.490] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.490] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.490] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.491] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.491] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.492] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.492] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.492] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.493] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.510] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.510] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.511] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.511] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.511] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.512] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.512] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.513] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.513] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0181.513] WriteFile (in: hFile=0x2f4, lpBuffer=0x26844c8*, nNumberOfBytesToWrite=0xd34, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26844c8*, lpNumberOfBytesWritten=0x14ec98*=0xd34, lpOverlapped=0x0) returned 1 [0181.513] CloseHandle (hObject=0x2f4) returned 1 [0181.523] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf", lpFilePart=0x0) returned 0x28 [0181.523] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf.ampkcz", lpFilePart=0x0) returned 0x2f [0181.523] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0181.523] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\505vm9.swf"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd86a9360, ftCreationTime.dwHighDateTime=0x1d82362, ftLastAccessTime.dwLowDateTime=0xcc3c5400, ftLastAccessTime.dwHighDateTime=0x1d826ed, ftLastWriteTime.dwLowDateTime=0x5a97fab2, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x18d34)) returned 1 [0181.523] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0181.523] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\505vm9.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\505vm9.swf.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\505vm9.swf.ampkcz")) returned 1 [0181.555] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv", lpFilePart=0x0) returned 0x32 [0181.555] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv", lpFilePart=0x0) returned 0x32 [0181.555] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv", dwFileAttributes=0x80) returned 1 [0181.588] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0181.589] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9abjq1b3wa2cikcd.flv"), fInfoLevelId=0x0, lpFileInformation=0x2686420 | out: lpFileInformation=0x2686420*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc5be420, ftCreationTime.dwHighDateTime=0x1d8230f, ftLastAccessTime.dwLowDateTime=0xd6ceea20, ftLastAccessTime.dwHighDateTime=0x1d82857, ftLastWriteTime.dwLowDateTime=0xd6ceea20, ftLastWriteTime.dwHighDateTime=0x1d82857, nFileSizeHigh=0x0, nFileSizeLow=0x173c3)) returned 1 [0181.590] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0181.590] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv", lpFilePart=0x0) returned 0x32 [0181.590] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0181.590] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9abjq1b3wa2cikcd.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0181.590] GetFileType (hFile=0x2f4) returned 0x1 [0181.590] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0181.590] GetFileType (hFile=0x2f4) returned 0x1 [0181.590] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x173c3 [0181.590] ReadFile (in: hFile=0x2f4, lpBuffer=0x125dfcd0, nNumberOfBytesToRead=0x173c3, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x125dfcd0*, lpNumberOfBytesRead=0x14edd8*=0x173c3, lpOverlapped=0x0) returned 1 [0181.593] CloseHandle (hObject=0x2f4) returned 1 [0182.008] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv", lpFilePart=0x0) returned 0x32 [0182.008] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0182.009] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9abjq1b3wa2cikcd.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0182.012] GetFileType (hFile=0x2f4) returned 0x1 [0182.012] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0182.012] GetFileType (hFile=0x2f4) returned 0x1 [0182.012] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.013] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.014] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.014] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.015] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.015] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.015] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.015] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.017] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.017] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.018] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.018] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.019] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.019] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.020] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.020] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.020] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.021] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.021] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.021] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.022] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.022] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.022] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.023] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.023] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.023] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.024] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.024] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.024] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.025] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.025] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecb8, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ecb8*=0x1000, lpOverlapped=0x0) returned 1 [0182.026] WriteFile (in: hFile=0x2f4, lpBuffer=0x26ffd18*, nNumberOfBytesToWrite=0x88, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26ffd18*, lpNumberOfBytesWritten=0x14ec98*=0x88, lpOverlapped=0x0) returned 1 [0182.026] CloseHandle (hObject=0x2f4) returned 1 [0182.052] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv", lpFilePart=0x0) returned 0x32 [0182.052] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv.ampkcz", lpFilePart=0x0) returned 0x39 [0182.052] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0182.052] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9abjq1b3wa2cikcd.flv"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5be420, ftCreationTime.dwHighDateTime=0x1d8230f, ftLastAccessTime.dwLowDateTime=0xd6ceea20, ftLastAccessTime.dwHighDateTime=0x1d82857, ftLastWriteTime.dwLowDateTime=0x5ae68886, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1f088)) returned 1 [0182.052] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0182.052] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9abjq1b3wa2cikcd.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\9ABjQ1b3wA2cIKcd.flv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\9abjq1b3wa2cikcd.flv.ampkcz")) returned 1 [0182.059] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf", lpFilePart=0x0) returned 0x2d [0182.059] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf", lpFilePart=0x0) returned 0x2d [0182.059] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf", dwFileAttributes=0x80) returned 1 [0182.060] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0182.060] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bh_dyqbozr8.swf"), fInfoLevelId=0x0, lpFileInformation=0x2704578 | out: lpFileInformation=0x2704578*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x83be2040, ftCreationTime.dwHighDateTime=0x1d8285b, ftLastAccessTime.dwLowDateTime=0xc2b25400, ftLastAccessTime.dwHighDateTime=0x1d82893, ftLastWriteTime.dwLowDateTime=0xc2b25400, ftLastWriteTime.dwHighDateTime=0x1d82893, nFileSizeHigh=0x0, nFileSizeLow=0x8918)) returned 1 [0182.061] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0182.061] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf", lpFilePart=0x0) returned 0x2d [0182.085] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0182.085] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bh_dyqbozr8.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0182.086] GetFileType (hFile=0x2f4) returned 0x1 [0182.086] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0182.086] GetFileType (hFile=0x2f4) returned 0x1 [0182.086] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x8918 [0182.086] ReadFile (in: hFile=0x2f4, lpBuffer=0x27049e0, nNumberOfBytesToRead=0x8918, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x27049e0*, lpNumberOfBytesRead=0x14edd8*=0x8918, lpOverlapped=0x0) returned 1 [0182.087] CloseHandle (hObject=0x2f4) returned 1 [0182.445] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf", lpFilePart=0x0) returned 0x2d [0182.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0182.445] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bh_dyqbozr8.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0182.447] GetFileType (hFile=0x2f4) returned 0x1 [0182.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0182.447] GetFileType (hFile=0x2f4) returned 0x1 [0182.447] WriteFile (in: hFile=0x2f4, lpBuffer=0x27b1508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27b1508*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.448] WriteFile (in: hFile=0x2f4, lpBuffer=0x27b1508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27b1508*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.449] WriteFile (in: hFile=0x2f4, lpBuffer=0x27b1508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27b1508*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.449] WriteFile (in: hFile=0x2f4, lpBuffer=0x27b1508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27b1508*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.449] WriteFile (in: hFile=0x2f4, lpBuffer=0x27b1508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27b1508*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.450] WriteFile (in: hFile=0x2f4, lpBuffer=0x27b1508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27b1508*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.450] WriteFile (in: hFile=0x2f4, lpBuffer=0x27b1508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27b1508*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.450] WriteFile (in: hFile=0x2f4, lpBuffer=0x27b1508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27b1508*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.450] WriteFile (in: hFile=0x2f4, lpBuffer=0x27b1508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27b1508*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.451] WriteFile (in: hFile=0x2f4, lpBuffer=0x27b1508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27b1508*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.451] WriteFile (in: hFile=0x2f4, lpBuffer=0x27b1508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27b1508*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0182.451] WriteFile (in: hFile=0x2f4, lpBuffer=0x27b1508*, nNumberOfBytesToWrite=0x7a0, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x27b1508*, lpNumberOfBytesWritten=0x14ec98*=0x7a0, lpOverlapped=0x0) returned 1 [0182.452] CloseHandle (hObject=0x2f4) returned 1 [0182.455] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf", lpFilePart=0x0) returned 0x2d [0182.455] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf.ampkcz", lpFilePart=0x0) returned 0x34 [0182.455] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0182.455] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bh_dyqbozr8.swf"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83be2040, ftCreationTime.dwHighDateTime=0x1d8285b, ftLastAccessTime.dwLowDateTime=0xc2b25400, ftLastAccessTime.dwHighDateTime=0x1d82893, ftLastWriteTime.dwLowDateTime=0x5b269fe7, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xb7a0)) returned 1 [0182.455] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0182.455] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bh_dyqbozr8.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bh_dyqBOzR8.swf.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bh_dyqbozr8.swf.ampkcz")) returned 1 [0182.457] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv", lpFilePart=0x0) returned 0x35 [0182.457] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv", lpFilePart=0x0) returned 0x35 [0182.457] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv", dwFileAttributes=0x80) returned 1 [0182.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0182.458] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\biqzhzqpppnfiiegsas.mkv"), fInfoLevelId=0x0, lpFileInformation=0x27b2e48 | out: lpFileInformation=0x27b2e48*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xfba64860, ftCreationTime.dwHighDateTime=0x1d81b97, ftLastAccessTime.dwLowDateTime=0x7c2644a0, ftLastAccessTime.dwHighDateTime=0x1d81f7f, ftLastWriteTime.dwLowDateTime=0x7c2644a0, ftLastWriteTime.dwHighDateTime=0x1d81f7f, nFileSizeHigh=0x0, nFileSizeLow=0x6569)) returned 1 [0182.458] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0182.458] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv", lpFilePart=0x0) returned 0x35 [0182.458] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0182.458] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\biqzhzqpppnfiiegsas.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0182.459] GetFileType (hFile=0x2f4) returned 0x1 [0182.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0182.459] GetFileType (hFile=0x2f4) returned 0x1 [0182.459] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x6569 [0182.459] ReadFile (in: hFile=0x2f4, lpBuffer=0x27b3300, nNumberOfBytesToRead=0x6569, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x27b3300*, lpNumberOfBytesRead=0x14edd8*=0x6569, lpOverlapped=0x0) returned 1 [0182.460] CloseHandle (hObject=0x2f4) returned 1 [0183.106] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv", lpFilePart=0x0) returned 0x35 [0183.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0183.106] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\biqzhzqpppnfiiegsas.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0183.110] GetFileType (hFile=0x2f4) returned 0x1 [0183.110] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0183.110] GetFileType (hFile=0x2f4) returned 0x1 [0183.110] WriteFile (in: hFile=0x2f4, lpBuffer=0x267a220*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x267a220*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0183.111] WriteFile (in: hFile=0x2f4, lpBuffer=0x267a220*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x267a220*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0183.112] WriteFile (in: hFile=0x2f4, lpBuffer=0x267a220*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x267a220*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0183.112] WriteFile (in: hFile=0x2f4, lpBuffer=0x267a220*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x267a220*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0183.113] WriteFile (in: hFile=0x2f4, lpBuffer=0x267a220*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x267a220*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0183.113] WriteFile (in: hFile=0x2f4, lpBuffer=0x267a220*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x267a220*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0183.113] WriteFile (in: hFile=0x2f4, lpBuffer=0x267a220*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x267a220*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0183.114] WriteFile (in: hFile=0x2f4, lpBuffer=0x267a220*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x267a220*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0183.114] WriteFile (in: hFile=0x2f4, lpBuffer=0x267a220*, nNumberOfBytesToWrite=0x808, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x267a220*, lpNumberOfBytesWritten=0x14ec98*=0x808, lpOverlapped=0x0) returned 1 [0183.114] CloseHandle (hObject=0x2f4) returned 1 [0183.180] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv", lpFilePart=0x0) returned 0x35 [0183.180] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv.ampkcz", lpFilePart=0x0) returned 0x3c [0183.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0183.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\biqzhzqpppnfiiegsas.mkv"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfba64860, ftCreationTime.dwHighDateTime=0x1d81b97, ftLastAccessTime.dwLowDateTime=0x7c2644a0, ftLastAccessTime.dwHighDateTime=0x1d81f7f, ftLastWriteTime.dwLowDateTime=0x5b8c0217, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8808)) returned 1 [0183.181] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0183.181] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\biqzhzqpppnfiiegsas.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\BiqZhzQpPpNFiiegsAS.mkv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\biqzhzqpppnfiiegsas.mkv.ampkcz")) returned 1 [0183.204] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif", lpFilePart=0x0) returned 0x34 [0183.204] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif", lpFilePart=0x0) returned 0x34 [0183.204] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif", dwFileAttributes=0x80) returned 1 [0183.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0183.208] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\cp l8o_lsjvmcqa-gi.gif"), fInfoLevelId=0x0, lpFileInformation=0x267c720 | out: lpFileInformation=0x267c720*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xfd308590, ftCreationTime.dwHighDateTime=0x1d81fef, ftLastAccessTime.dwLowDateTime=0xb961b180, ftLastAccessTime.dwHighDateTime=0x1d8256d, ftLastWriteTime.dwLowDateTime=0xb961b180, ftLastWriteTime.dwHighDateTime=0x1d8256d, nFileSizeHigh=0x0, nFileSizeLow=0x6407)) returned 1 [0183.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0183.208] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif", lpFilePart=0x0) returned 0x34 [0183.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0183.209] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\cp l8o_lsjvmcqa-gi.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0183.209] GetFileType (hFile=0x2f4) returned 0x1 [0183.209] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0183.209] GetFileType (hFile=0x2f4) returned 0x1 [0183.209] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x6407 [0183.209] ReadFile (in: hFile=0x2f4, lpBuffer=0x267cbd8, nNumberOfBytesToRead=0x6407, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x267cbd8*, lpNumberOfBytesRead=0x14edd8*=0x6407, lpOverlapped=0x0) returned 1 [0183.210] CloseHandle (hObject=0x2f4) returned 1 [0183.567] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif", lpFilePart=0x0) returned 0x34 [0183.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0183.567] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\cp l8o_lsjvmcqa-gi.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0183.589] GetFileType (hFile=0x2f4) returned 0x1 [0183.590] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0183.590] GetFileType (hFile=0x2f4) returned 0x1 [0183.590] WriteFile (in: hFile=0x2f4, lpBuffer=0x273d048*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x273d048*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0183.591] WriteFile (in: hFile=0x2f4, lpBuffer=0x273d048*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x273d048*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0183.592] WriteFile (in: hFile=0x2f4, lpBuffer=0x273d048*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x273d048*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0183.592] WriteFile (in: hFile=0x2f4, lpBuffer=0x273d048*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x273d048*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0183.592] WriteFile (in: hFile=0x2f4, lpBuffer=0x273d048*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x273d048*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0183.593] WriteFile (in: hFile=0x2f4, lpBuffer=0x273d048*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x273d048*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0183.593] WriteFile (in: hFile=0x2f4, lpBuffer=0x273d048*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x273d048*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0183.594] WriteFile (in: hFile=0x2f4, lpBuffer=0x273d048*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x273d048*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0183.594] WriteFile (in: hFile=0x2f4, lpBuffer=0x273d048*, nNumberOfBytesToWrite=0x634, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x273d048*, lpNumberOfBytesWritten=0x14ec98*=0x634, lpOverlapped=0x0) returned 1 [0183.594] CloseHandle (hObject=0x2f4) returned 1 [0183.616] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif", lpFilePart=0x0) returned 0x34 [0183.616] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif.ampkcz", lpFilePart=0x0) returned 0x3b [0183.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0183.616] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\cp l8o_lsjvmcqa-gi.gif"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd308590, ftCreationTime.dwHighDateTime=0x1d81fef, ftLastAccessTime.dwLowDateTime=0xb961b180, ftLastAccessTime.dwHighDateTime=0x1d8256d, ftLastWriteTime.dwLowDateTime=0x5bd54292, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8634)) returned 1 [0183.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0183.617] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\cp l8o_lsjvmcqa-gi.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Cp L8O_LsjVMCQa-GI.gif.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\cp l8o_lsjvmcqa-gi.gif.ampkcz")) returned 1 [0183.623] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x29 [0183.623] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x29 [0183.623] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini", dwFileAttributes=0x80) returned 1 [0183.628] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0183.628] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x273f228 | out: lpFileInformation=0x273f228*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1 [0183.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0183.629] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x29 [0183.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0183.629] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0183.629] GetFileType (hFile=0x2f4) returned 0x1 [0183.629] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0183.629] GetFileType (hFile=0x2f4) returned 0x1 [0183.629] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x11a [0183.629] ReadFile (in: hFile=0x2f4, lpBuffer=0x273f7a0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x273f7a0*, lpNumberOfBytesRead=0x14edd8*=0x11a, lpOverlapped=0x0) returned 1 [0183.629] CloseHandle (hObject=0x2f4) returned 1 [0183.938] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x29 [0183.938] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0183.939] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0183.941] GetFileType (hFile=0x2f4) returned 0x1 [0183.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0183.941] GetFileType (hFile=0x2f4) returned 0x1 [0183.941] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ba970*, nNumberOfBytesToWrite=0x248, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x27ba970*, lpNumberOfBytesWritten=0x14ec98*=0x248, lpOverlapped=0x0) returned 1 [0183.942] CloseHandle (hObject=0x2f4) returned 1 [0183.944] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini", lpFilePart=0x0) returned 0x29 [0183.944] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini.ampkcz", lpFilePart=0x0) returned 0x30 [0183.944] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0183.945] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5c0a3b58, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x248)) returned 1 [0183.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0183.945] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\desktop.ini"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\desktop.ini.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\desktop.ini.ampkcz")) returned 1 [0183.948] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp", lpFilePart=0x0) returned 0x2b [0183.948] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp", lpFilePart=0x0) returned 0x2b [0183.948] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp", dwFileAttributes=0x80) returned 1 [0183.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0183.949] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\iczw-hyxi.bmp"), fInfoLevelId=0x0, lpFileInformation=0x27bc260 | out: lpFileInformation=0x27bc260*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8e06dc30, ftCreationTime.dwHighDateTime=0x1d821ae, ftLastAccessTime.dwLowDateTime=0x2ae6cd40, ftLastAccessTime.dwHighDateTime=0x1d826b3, ftLastWriteTime.dwLowDateTime=0x2ae6cd40, ftLastWriteTime.dwHighDateTime=0x1d826b3, nFileSizeHigh=0x0, nFileSizeLow=0x1774d)) returned 1 [0183.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0183.949] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp", lpFilePart=0x0) returned 0x2b [0183.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0183.950] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\iczw-hyxi.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0183.950] GetFileType (hFile=0x2f4) returned 0x1 [0183.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0183.950] GetFileType (hFile=0x2f4) returned 0x1 [0183.950] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x1774d [0183.950] ReadFile (in: hFile=0x2f4, lpBuffer=0x12715300, nNumberOfBytesToRead=0x1774d, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x12715300*, lpNumberOfBytesRead=0x14edd8*=0x1774d, lpOverlapped=0x0) returned 1 [0183.953] CloseHandle (hObject=0x2f4) returned 1 [0184.615] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp", lpFilePart=0x0) returned 0x2b [0184.615] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0184.616] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\iczw-hyxi.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0184.625] GetFileType (hFile=0x2f4) returned 0x1 [0184.625] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0184.625] GetFileType (hFile=0x2f4) returned 0x1 [0184.625] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.626] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.627] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.647] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.647] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.647] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.648] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.648] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.648] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.649] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.649] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.649] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.650] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.650] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.650] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.650] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.651] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.651] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.651] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.652] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.652] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.654] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.654] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.654] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.655] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.655] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.655] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.656] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.656] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.656] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.657] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0184.657] WriteFile (in: hFile=0x2f4, lpBuffer=0x262ea28*, nNumberOfBytesToWrite=0x534, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x262ea28*, lpNumberOfBytesWritten=0x14ec98*=0x534, lpOverlapped=0x0) returned 1 [0184.657] CloseHandle (hObject=0x2f4) returned 1 [0184.697] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp", lpFilePart=0x0) returned 0x2b [0184.697] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp.ampkcz", lpFilePart=0x0) returned 0x32 [0184.697] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0184.697] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\iczw-hyxi.bmp"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e06dc30, ftCreationTime.dwHighDateTime=0x1d821ae, ftLastAccessTime.dwLowDateTime=0x2ae6cd40, ftLastAccessTime.dwHighDateTime=0x1d826b3, ftLastWriteTime.dwLowDateTime=0x5c77c155, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1f534)) returned 1 [0184.697] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0184.697] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\iczw-hyxi.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ICzw-hYXI.bmp.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\iczw-hyxi.bmp.ampkcz")) returned 1 [0184.703] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4", lpFilePart=0x0) returned 0x2e [0184.703] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4", lpFilePart=0x0) returned 0x2e [0184.703] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4", dwFileAttributes=0x80) returned 1 [0184.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0184.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ieg5ajmoebzc.mp4"), fInfoLevelId=0x0, lpFileInformation=0x2630230 | out: lpFileInformation=0x2630230*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf54d8940, ftCreationTime.dwHighDateTime=0x1d820ad, ftLastAccessTime.dwLowDateTime=0xd9ca63a0, ftLastAccessTime.dwHighDateTime=0x1d824e5, ftLastWriteTime.dwLowDateTime=0xd9ca63a0, ftLastWriteTime.dwHighDateTime=0x1d824e5, nFileSizeHigh=0x0, nFileSizeLow=0x643a)) returned 1 [0184.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0184.705] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4", lpFilePart=0x0) returned 0x2e [0184.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0184.705] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ieg5ajmoebzc.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0184.705] GetFileType (hFile=0x2f4) returned 0x1 [0184.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0184.706] GetFileType (hFile=0x2f4) returned 0x1 [0184.706] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x643a [0184.706] ReadFile (in: hFile=0x2f4, lpBuffer=0x26306a8, nNumberOfBytesToRead=0x643a, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x26306a8*, lpNumberOfBytesRead=0x14edd8*=0x643a, lpOverlapped=0x0) returned 1 [0184.708] CloseHandle (hObject=0x2f4) returned 1 [0185.256] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4", lpFilePart=0x0) returned 0x2e [0185.256] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0185.256] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ieg5ajmoebzc.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0185.263] GetFileType (hFile=0x2f4) returned 0x1 [0185.263] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0185.263] GetFileType (hFile=0x2f4) returned 0x1 [0185.263] WriteFile (in: hFile=0x2f4, lpBuffer=0x26f0d20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26f0d20*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.265] WriteFile (in: hFile=0x2f4, lpBuffer=0x26f0d20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26f0d20*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.265] WriteFile (in: hFile=0x2f4, lpBuffer=0x26f0d20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26f0d20*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.265] WriteFile (in: hFile=0x2f4, lpBuffer=0x26f0d20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26f0d20*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.266] WriteFile (in: hFile=0x2f4, lpBuffer=0x26f0d20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26f0d20*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.266] WriteFile (in: hFile=0x2f4, lpBuffer=0x26f0d20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26f0d20*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.267] WriteFile (in: hFile=0x2f4, lpBuffer=0x26f0d20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26f0d20*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.267] WriteFile (in: hFile=0x2f4, lpBuffer=0x26f0d20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26f0d20*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.267] WriteFile (in: hFile=0x2f4, lpBuffer=0x26f0d20*, nNumberOfBytesToWrite=0x674, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26f0d20*, lpNumberOfBytesWritten=0x14ec98*=0x674, lpOverlapped=0x0) returned 1 [0185.268] CloseHandle (hObject=0x2f4) returned 1 [0185.279] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4", lpFilePart=0x0) returned 0x2e [0185.279] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4.ampkcz", lpFilePart=0x0) returned 0x35 [0185.279] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0185.279] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ieg5ajmoebzc.mp4"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf54d8940, ftCreationTime.dwHighDateTime=0x1d820ad, ftLastAccessTime.dwLowDateTime=0xd9ca63a0, ftLastAccessTime.dwHighDateTime=0x1d824e5, ftLastWriteTime.dwLowDateTime=0x5cd5790f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8674)) returned 1 [0185.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0185.279] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ieg5ajmoebzc.mp4"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\iEg5ajMoeBZC.mp4.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ieg5ajmoebzc.mp4.ampkcz")) returned 1 [0185.299] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf", lpFilePart=0x0) returned 0x28 [0185.299] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf", lpFilePart=0x0) returned 0x28 [0185.299] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf", dwFileAttributes=0x80) returned 1 [0185.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0185.322] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jkat8q.rtf"), fInfoLevelId=0x0, lpFileInformation=0x26f25f8 | out: lpFileInformation=0x26f25f8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xdc458100, ftCreationTime.dwHighDateTime=0x1d81a09, ftLastAccessTime.dwLowDateTime=0x5aa65240, ftLastAccessTime.dwHighDateTime=0x1d8286f, ftLastWriteTime.dwLowDateTime=0x5aa65240, ftLastWriteTime.dwHighDateTime=0x1d8286f, nFileSizeHigh=0x0, nFileSizeLow=0x1354f)) returned 1 [0185.322] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0185.322] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf", lpFilePart=0x0) returned 0x28 [0185.322] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0185.322] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jkat8q.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0185.323] GetFileType (hFile=0x2f4) returned 0x1 [0185.323] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0185.323] GetFileType (hFile=0x2f4) returned 0x1 [0185.323] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x1354f [0185.323] ReadFile (in: hFile=0x2f4, lpBuffer=0x26f2a38, nNumberOfBytesToRead=0x1354f, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x26f2a38*, lpNumberOfBytesRead=0x14edd8*=0x1354f, lpOverlapped=0x0) returned 1 [0185.325] CloseHandle (hObject=0x2f4) returned 1 [0185.945] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf", lpFilePart=0x0) returned 0x28 [0185.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0185.945] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jkat8q.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0185.965] GetFileType (hFile=0x2f4) returned 0x1 [0185.965] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0185.965] GetFileType (hFile=0x2f4) returned 0x1 [0185.965] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.967] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.967] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.968] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.968] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.968] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.969] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.969] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.969] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.970] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.970] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.970] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.971] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.971] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.971] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.972] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.972] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.972] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.973] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.973] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.973] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.974] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.974] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.974] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.975] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0185.975] WriteFile (in: hFile=0x2f4, lpBuffer=0x260abe8*, nNumberOfBytesToWrite=0xd34, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x260abe8*, lpNumberOfBytesWritten=0x14ec98*=0xd34, lpOverlapped=0x0) returned 1 [0185.975] CloseHandle (hObject=0x2f4) returned 1 [0186.024] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf", lpFilePart=0x0) returned 0x28 [0186.024] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf.ampkcz", lpFilePart=0x0) returned 0x2f [0186.024] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0186.024] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jkat8q.rtf"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc458100, ftCreationTime.dwHighDateTime=0x1d81a09, ftLastAccessTime.dwLowDateTime=0x5aa65240, ftLastAccessTime.dwHighDateTime=0x1d8286f, ftLastWriteTime.dwLowDateTime=0x5d41266b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x19d34)) returned 1 [0186.025] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0186.025] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jkat8q.rtf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\jkAT8Q.rtf.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\jkat8q.rtf.ampkcz")) returned 1 [0186.038] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv", lpFilePart=0x0) returned 0x29 [0186.038] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv", lpFilePart=0x0) returned 0x29 [0186.038] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv", dwFileAttributes=0x80) returned 1 [0186.062] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0186.063] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\k-2kcke.mkv"), fInfoLevelId=0x0, lpFileInformation=0x260c4e8 | out: lpFileInformation=0x260c4e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5cab9260, ftCreationTime.dwHighDateTime=0x1d81e4e, ftLastAccessTime.dwLowDateTime=0x2ae8bbf0, ftLastAccessTime.dwHighDateTime=0x1d828ca, ftLastWriteTime.dwLowDateTime=0x2ae8bbf0, ftLastWriteTime.dwHighDateTime=0x1d828ca, nFileSizeHigh=0x0, nFileSizeLow=0x7415)) returned 1 [0186.063] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0186.063] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv", lpFilePart=0x0) returned 0x29 [0186.063] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0186.063] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\k-2kcke.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0186.063] GetFileType (hFile=0x2f4) returned 0x1 [0186.063] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0186.063] GetFileType (hFile=0x2f4) returned 0x1 [0186.063] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x7415 [0186.063] ReadFile (in: hFile=0x2f4, lpBuffer=0x260c928, nNumberOfBytesToRead=0x7415, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x260c928*, lpNumberOfBytesRead=0x14edd8*=0x7415, lpOverlapped=0x0) returned 1 [0186.064] CloseHandle (hObject=0x2f4) returned 1 [0186.585] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv", lpFilePart=0x0) returned 0x29 [0186.585] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0186.585] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\k-2kcke.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0186.595] GetFileType (hFile=0x2f4) returned 0x1 [0186.595] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0186.595] GetFileType (hFile=0x2f4) returned 0x1 [0186.595] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d8378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d8378*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0186.596] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d8378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d8378*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0186.597] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d8378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d8378*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0186.597] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d8378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d8378*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0186.598] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d8378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d8378*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0186.598] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d8378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d8378*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0186.598] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d8378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d8378*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0186.599] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d8378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d8378*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0186.599] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d8378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d8378*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0186.599] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d8378*, nNumberOfBytesToWrite=0xba0, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26d8378*, lpNumberOfBytesWritten=0x14ec98*=0xba0, lpOverlapped=0x0) returned 1 [0186.600] CloseHandle (hObject=0x2f4) returned 1 [0186.607] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv", lpFilePart=0x0) returned 0x29 [0186.607] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv.ampkcz", lpFilePart=0x0) returned 0x30 [0186.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0186.607] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\k-2kcke.mkv"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cab9260, ftCreationTime.dwHighDateTime=0x1d81e4e, ftLastAccessTime.dwLowDateTime=0x2ae8bbf0, ftLastAccessTime.dwHighDateTime=0x1d828ca, ftLastWriteTime.dwLowDateTime=0x5d9feb3f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x9ba0)) returned 1 [0186.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0186.607] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\k-2kcke.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\k-2kcKE.mkv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\k-2kcke.mkv.ampkcz")) returned 1 [0186.627] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt", lpFilePart=0x0) returned 0x2b [0186.627] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt", lpFilePart=0x0) returned 0x2b [0186.627] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt", dwFileAttributes=0x80) returned 1 [0186.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0186.629] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\kvjg7ftjd.ppt"), fInfoLevelId=0x0, lpFileInformation=0x26d9768 | out: lpFileInformation=0x26d9768*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5ad53b00, ftCreationTime.dwHighDateTime=0x1d8282e, ftLastAccessTime.dwLowDateTime=0x17573b10, ftLastAccessTime.dwHighDateTime=0x1d82943, ftLastWriteTime.dwLowDateTime=0x17573b10, ftLastWriteTime.dwHighDateTime=0x1d82943, nFileSizeHigh=0x0, nFileSizeLow=0x16655)) returned 1 [0186.629] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0186.629] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt", lpFilePart=0x0) returned 0x2b [0186.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0186.629] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\kvjg7ftjd.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0186.629] GetFileType (hFile=0x2f4) returned 0x1 [0186.629] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0186.629] GetFileType (hFile=0x2f4) returned 0x1 [0186.629] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x16655 [0186.630] ReadFile (in: hFile=0x2f4, lpBuffer=0x125b8060, nNumberOfBytesToRead=0x16655, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x125b8060*, lpNumberOfBytesRead=0x14edd8*=0x16655, lpOverlapped=0x0) returned 1 [0186.634] CloseHandle (hObject=0x2f4) returned 1 [0187.181] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt", lpFilePart=0x0) returned 0x2b [0187.181] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0187.181] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\kvjg7ftjd.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0187.315] GetFileType (hFile=0x2f4) returned 0x1 [0187.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0187.315] GetFileType (hFile=0x2f4) returned 0x1 [0187.315] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.318] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.318] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.319] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.321] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.321] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.322] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.322] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.322] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.323] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.323] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.323] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.324] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.324] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.325] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.325] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.325] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.326] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.326] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.326] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.327] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.327] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.328] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.328] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.328] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.329] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.329] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.329] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.330] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.330] WriteFile (in: hFile=0x2f4, lpBuffer=0x2752ff0*, nNumberOfBytesToWrite=0xea0, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2752ff0*, lpNumberOfBytesWritten=0x14ec98*=0xea0, lpOverlapped=0x0) returned 1 [0187.330] CloseHandle (hObject=0x2f4) returned 1 [0187.349] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt", lpFilePart=0x0) returned 0x2b [0187.349] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt.ampkcz", lpFilePart=0x0) returned 0x32 [0187.350] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0187.350] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\kvjg7ftjd.ppt"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ad53b00, ftCreationTime.dwHighDateTime=0x1d8282e, ftLastAccessTime.dwLowDateTime=0x17573b10, ftLastAccessTime.dwHighDateTime=0x1d82943, ftLastWriteTime.dwLowDateTime=0x5e0fa9db, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1dea0)) returned 1 [0187.353] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0187.353] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\kvjg7ftjd.ppt"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\KvJg7fTjd.ppt.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\kvjg7ftjd.ppt.ampkcz")) returned 1 [0187.358] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a", lpFilePart=0x0) returned 0x27 [0187.358] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a", lpFilePart=0x0) returned 0x27 [0187.358] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a", dwFileAttributes=0x80) returned 1 [0187.377] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0187.377] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ms0pc.m4a"), fInfoLevelId=0x0, lpFileInformation=0x2754ef0 | out: lpFileInformation=0x2754ef0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xb434b270, ftCreationTime.dwHighDateTime=0x1d825f4, ftLastAccessTime.dwLowDateTime=0x87f2f760, ftLastAccessTime.dwHighDateTime=0x1d829bb, ftLastWriteTime.dwLowDateTime=0x87f2f760, ftLastWriteTime.dwHighDateTime=0x1d829bb, nFileSizeHigh=0x0, nFileSizeLow=0x166a6)) returned 1 [0187.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0187.377] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a", lpFilePart=0x0) returned 0x27 [0187.377] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0187.377] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ms0pc.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0187.378] GetFileType (hFile=0x2f4) returned 0x1 [0187.378] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0187.378] GetFileType (hFile=0x2f4) returned 0x1 [0187.378] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x166a6 [0187.378] ReadFile (in: hFile=0x2f4, lpBuffer=0x126b60e0, nNumberOfBytesToRead=0x166a6, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x126b60e0*, lpNumberOfBytesRead=0x14edd8*=0x166a6, lpOverlapped=0x0) returned 1 [0187.381] CloseHandle (hObject=0x2f4) returned 1 [0187.865] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a", lpFilePart=0x0) returned 0x27 [0187.865] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0187.865] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ms0pc.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0187.980] GetFileType (hFile=0x2f4) returned 0x1 [0187.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0187.980] GetFileType (hFile=0x2f4) returned 0x1 [0187.980] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.981] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.982] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.982] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.983] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.983] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.983] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.984] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.984] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.985] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.985] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.985] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.986] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.986] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.986] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.986] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.987] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.987] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.987] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.988] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.990] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.990] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.991] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.991] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.991] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.993] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.994] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.994] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.995] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0187.995] WriteFile (in: hFile=0x2f4, lpBuffer=0x27ce740*, nNumberOfBytesToWrite=0xf08, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x27ce740*, lpNumberOfBytesWritten=0x14ec98*=0xf08, lpOverlapped=0x0) returned 1 [0187.995] CloseHandle (hObject=0x2f4) returned 1 [0188.007] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a", lpFilePart=0x0) returned 0x27 [0188.007] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a.ampkcz", lpFilePart=0x0) returned 0x2e [0188.007] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0188.007] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ms0pc.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb434b270, ftCreationTime.dwHighDateTime=0x1d825f4, ftLastAccessTime.dwLowDateTime=0x87f2f760, ftLastAccessTime.dwHighDateTime=0x1d829bb, ftLastWriteTime.dwLowDateTime=0x5e751aa6, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1df08)) returned 1 [0188.007] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0188.007] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ms0pc.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\mS0Pc.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ms0pc.m4a.ampkcz")) returned 1 [0188.041] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav", lpFilePart=0x0) returned 0x2c [0188.041] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav", lpFilePart=0x0) returned 0x2c [0188.041] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav", dwFileAttributes=0x80) returned 1 [0188.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0188.043] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ndrfu9tubi.wav"), fInfoLevelId=0x0, lpFileInformation=0x27d0978 | out: lpFileInformation=0x27d0978*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xceb94b00, ftCreationTime.dwHighDateTime=0x1d82244, ftLastAccessTime.dwLowDateTime=0xa09154c0, ftLastAccessTime.dwHighDateTime=0x1d827c1, ftLastWriteTime.dwLowDateTime=0xa09154c0, ftLastWriteTime.dwHighDateTime=0x1d827c1, nFileSizeHigh=0x0, nFileSizeLow=0x58ff)) returned 1 [0188.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0188.043] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav", lpFilePart=0x0) returned 0x2c [0188.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0188.043] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ndrfu9tubi.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0188.043] GetFileType (hFile=0x2f4) returned 0x1 [0188.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0188.044] GetFileType (hFile=0x2f4) returned 0x1 [0188.044] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x58ff [0188.044] ReadFile (in: hFile=0x2f4, lpBuffer=0x27d0de0, nNumberOfBytesToRead=0x58ff, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x27d0de0*, lpNumberOfBytesRead=0x14edd8*=0x58ff, lpOverlapped=0x0) returned 1 [0188.045] CloseHandle (hObject=0x2f4) returned 1 [0188.723] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav", lpFilePart=0x0) returned 0x2c [0188.724] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0188.724] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ndrfu9tubi.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0188.730] GetFileType (hFile=0x2f4) returned 0x1 [0188.730] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0188.730] GetFileType (hFile=0x2f4) returned 0x1 [0188.731] WriteFile (in: hFile=0x2f4, lpBuffer=0x268df10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x268df10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0188.732] WriteFile (in: hFile=0x2f4, lpBuffer=0x268df10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x268df10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0188.732] WriteFile (in: hFile=0x2f4, lpBuffer=0x268df10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x268df10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0188.733] WriteFile (in: hFile=0x2f4, lpBuffer=0x268df10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x268df10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0188.733] WriteFile (in: hFile=0x2f4, lpBuffer=0x268df10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x268df10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0188.733] WriteFile (in: hFile=0x2f4, lpBuffer=0x268df10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x268df10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0188.734] WriteFile (in: hFile=0x2f4, lpBuffer=0x268df10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x268df10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0188.734] WriteFile (in: hFile=0x2f4, lpBuffer=0x268df10*, nNumberOfBytesToWrite=0x774, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x268df10*, lpNumberOfBytesWritten=0x14ec98*=0x774, lpOverlapped=0x0) returned 1 [0188.734] CloseHandle (hObject=0x2f4) returned 1 [0188.740] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav", lpFilePart=0x0) returned 0x2c [0188.740] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav.ampkcz", lpFilePart=0x0) returned 0x33 [0188.740] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0188.740] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ndrfu9tubi.wav"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xceb94b00, ftCreationTime.dwHighDateTime=0x1d82244, ftLastAccessTime.dwLowDateTime=0xa09154c0, ftLastAccessTime.dwHighDateTime=0x1d827c1, ftLastWriteTime.dwLowDateTime=0x5ee59db6, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x7774)) returned 1 [0188.740] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0188.740] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ndrfu9tubi.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\NdRfu9tUbI.wav.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ndrfu9tubi.wav.ampkcz")) returned 1 [0188.744] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3", lpFilePart=0x0) returned 0x34 [0188.744] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3", lpFilePart=0x0) returned 0x34 [0188.744] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3", dwFileAttributes=0x80) returned 1 [0188.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0188.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\pdz8n1 ui6b5ybck59.mp3"), fInfoLevelId=0x0, lpFileInformation=0x268f700 | out: lpFileInformation=0x268f700*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xa3f8fc10, ftCreationTime.dwHighDateTime=0x1d820b6, ftLastAccessTime.dwLowDateTime=0xfd4c06c0, ftLastAccessTime.dwHighDateTime=0x1d82798, ftLastWriteTime.dwLowDateTime=0xfd4c06c0, ftLastWriteTime.dwHighDateTime=0x1d82798, nFileSizeHigh=0x0, nFileSizeLow=0x10167)) returned 1 [0188.749] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0188.749] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3", lpFilePart=0x0) returned 0x34 [0188.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0188.749] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\pdz8n1 ui6b5ybck59.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0188.749] GetFileType (hFile=0x2f4) returned 0x1 [0188.749] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0188.749] GetFileType (hFile=0x2f4) returned 0x1 [0188.749] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x10167 [0188.750] ReadFile (in: hFile=0x2f4, lpBuffer=0x268fbb8, nNumberOfBytesToRead=0x10167, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x268fbb8*, lpNumberOfBytesRead=0x14edd8*=0x10167, lpOverlapped=0x0) returned 1 [0188.751] CloseHandle (hObject=0x2f4) returned 1 [0189.325] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3", lpFilePart=0x0) returned 0x34 [0189.325] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0189.325] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\pdz8n1 ui6b5ybck59.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0189.340] GetFileType (hFile=0x2f4) returned 0x1 [0189.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0189.340] GetFileType (hFile=0x2f4) returned 0x1 [0189.340] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.341] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.342] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.342] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.343] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.343] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.343] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.344] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.344] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.345] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.345] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.345] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.346] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.346] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.347] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.347] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.348] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.348] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.348] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.349] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.349] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.350] WriteFile (in: hFile=0x2f4, lpBuffer=0x2749610*, nNumberOfBytesToWrite=0x808, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2749610*, lpNumberOfBytesWritten=0x14ec98*=0x808, lpOverlapped=0x0) returned 1 [0189.350] CloseHandle (hObject=0x2f4) returned 1 [0189.375] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3", lpFilePart=0x0) returned 0x34 [0189.376] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3.ampkcz", lpFilePart=0x0) returned 0x3b [0189.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0189.376] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\pdz8n1 ui6b5ybck59.mp3"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3f8fc10, ftCreationTime.dwHighDateTime=0x1d820b6, ftLastAccessTime.dwLowDateTime=0xfd4c06c0, ftLastAccessTime.dwHighDateTime=0x1d82798, ftLastWriteTime.dwLowDateTime=0x5f43ef64, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x15808)) returned 1 [0189.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0189.376] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\pdz8n1 ui6b5ybck59.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Pdz8n1 UI6B5ybck59.mp3.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\pdz8n1 ui6b5ybck59.mp3.ampkcz")) returned 1 [0189.434] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png", lpFilePart=0x0) returned 0x2e [0189.434] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png", lpFilePart=0x0) returned 0x2e [0189.434] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png", dwFileAttributes=0x80) returned 1 [0189.436] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0189.436] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\r4zotccfpypi.png"), fInfoLevelId=0x0, lpFileInformation=0x274ab58 | out: lpFileInformation=0x274ab58*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc76fa210, ftCreationTime.dwHighDateTime=0x1d81c6b, ftLastAccessTime.dwLowDateTime=0x71903d50, ftLastAccessTime.dwHighDateTime=0x1d81cbb, ftLastWriteTime.dwLowDateTime=0x71903d50, ftLastWriteTime.dwHighDateTime=0x1d81cbb, nFileSizeHigh=0x0, nFileSizeLow=0xe264)) returned 1 [0189.436] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0189.437] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png", lpFilePart=0x0) returned 0x2e [0189.437] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0189.437] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\r4zotccfpypi.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0189.437] GetFileType (hFile=0x2f4) returned 0x1 [0189.437] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0189.437] GetFileType (hFile=0x2f4) returned 0x1 [0189.437] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0xe264 [0189.437] ReadFile (in: hFile=0x2f4, lpBuffer=0x274afd0, nNumberOfBytesToRead=0xe264, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x274afd0*, lpNumberOfBytesRead=0x14edd8*=0xe264, lpOverlapped=0x0) returned 1 [0189.440] CloseHandle (hObject=0x2f4) returned 1 [0189.789] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png", lpFilePart=0x0) returned 0x2e [0189.789] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0189.790] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\r4zotccfpypi.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0189.797] GetFileType (hFile=0x2f4) returned 0x1 [0189.797] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0189.797] GetFileType (hFile=0x2f4) returned 0x1 [0189.797] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.799] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.799] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.799] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.800] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.800] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.800] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.801] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.801] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.801] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.802] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.802] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.802] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.803] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.803] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.803] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.804] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.804] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0189.805] WriteFile (in: hFile=0x2f4, lpBuffer=0x253ebb8*, nNumberOfBytesToWrite=0xeb4, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x253ebb8*, lpNumberOfBytesWritten=0x14ec98*=0xeb4, lpOverlapped=0x0) returned 1 [0189.805] CloseHandle (hObject=0x2f4) returned 1 [0189.811] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png", lpFilePart=0x0) returned 0x2e [0189.811] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png.ampkcz", lpFilePart=0x0) returned 0x35 [0189.811] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0189.811] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\r4zotccfpypi.png"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc76fa210, ftCreationTime.dwHighDateTime=0x1d81c6b, ftLastAccessTime.dwLowDateTime=0x71903d50, ftLastAccessTime.dwHighDateTime=0x1d81cbb, ftLastWriteTime.dwLowDateTime=0x5f8940ed, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x12eb4)) returned 1 [0189.811] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0189.811] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\r4zotccfpypi.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\R4ZOtCCfPyPi.png.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\r4zotccfpypi.png.ampkcz")) returned 1 [0189.815] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi", lpFilePart=0x0) returned 0x2a [0189.816] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi", lpFilePart=0x0) returned 0x2a [0189.816] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi", dwFileAttributes=0x80) returned 1 [0189.818] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0189.818] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\sfnsa8yb.avi"), fInfoLevelId=0x0, lpFileInformation=0x2540510 | out: lpFileInformation=0x2540510*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xa27af970, ftCreationTime.dwHighDateTime=0x1d82178, ftLastAccessTime.dwLowDateTime=0x8ba88920, ftLastAccessTime.dwHighDateTime=0x1d8296a, ftLastWriteTime.dwLowDateTime=0x8ba88920, ftLastWriteTime.dwHighDateTime=0x1d8296a, nFileSizeHigh=0x0, nFileSizeLow=0x13f3f)) returned 1 [0189.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0189.818] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi", lpFilePart=0x0) returned 0x2a [0189.818] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0189.818] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\sfnsa8yb.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0189.818] GetFileType (hFile=0x2f4) returned 0x1 [0189.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0189.818] GetFileType (hFile=0x2f4) returned 0x1 [0189.818] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x13f3f [0189.818] ReadFile (in: hFile=0x2f4, lpBuffer=0x2540960, nNumberOfBytesToRead=0x13f3f, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2540960*, lpNumberOfBytesRead=0x14edd8*=0x13f3f, lpOverlapped=0x0) returned 1 [0189.820] CloseHandle (hObject=0x2f4) returned 1 [0190.157] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi", lpFilePart=0x0) returned 0x2a [0190.157] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0190.157] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\sfnsa8yb.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0190.162] GetFileType (hFile=0x2f4) returned 0x1 [0190.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0190.162] GetFileType (hFile=0x2f4) returned 0x1 [0190.162] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.164] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.164] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.164] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.165] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.165] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.165] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.166] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.166] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.166] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.167] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.167] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.167] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.168] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.168] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.169] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.169] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.169] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.170] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.170] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.170] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.171] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.171] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.172] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.172] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.174] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.174] WriteFile (in: hFile=0x2f4, lpBuffer=0x2609ad0*, nNumberOfBytesToWrite=0xa74, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2609ad0*, lpNumberOfBytesWritten=0x14ec98*=0xa74, lpOverlapped=0x0) returned 1 [0190.174] CloseHandle (hObject=0x2f4) returned 1 [0190.189] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi", lpFilePart=0x0) returned 0x2a [0190.189] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi.ampkcz", lpFilePart=0x0) returned 0x31 [0190.189] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0190.189] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\sfnsa8yb.avi"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa27af970, ftCreationTime.dwHighDateTime=0x1d82178, ftLastAccessTime.dwLowDateTime=0x8ba88920, ftLastAccessTime.dwHighDateTime=0x1d8296a, ftLastWriteTime.dwLowDateTime=0x5fc2c9d5, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1aa74)) returned 1 [0190.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0190.189] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\sfnsa8yb.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\SfNsa8YB.avi.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\sfnsa8yb.avi.ampkcz")) returned 1 [0190.193] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv", lpFilePart=0x0) returned 0x28 [0190.193] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv", lpFilePart=0x0) returned 0x28 [0190.193] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv", dwFileAttributes=0x80) returned 1 [0190.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0190.196] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\sxwmoh.mkv"), fInfoLevelId=0x0, lpFileInformation=0x260b3e0 | out: lpFileInformation=0x260b3e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x3fe8e730, ftCreationTime.dwHighDateTime=0x1d82610, ftLastAccessTime.dwLowDateTime=0x6e274200, ftLastAccessTime.dwHighDateTime=0x1d8262d, ftLastWriteTime.dwLowDateTime=0x6e274200, ftLastWriteTime.dwHighDateTime=0x1d8262d, nFileSizeHigh=0x0, nFileSizeLow=0x6e31)) returned 1 [0190.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0190.197] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv", lpFilePart=0x0) returned 0x28 [0190.197] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0190.197] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\sxwmoh.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0190.197] GetFileType (hFile=0x2f4) returned 0x1 [0190.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0190.197] GetFileType (hFile=0x2f4) returned 0x1 [0190.197] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x6e31 [0190.197] ReadFile (in: hFile=0x2f4, lpBuffer=0x260b820, nNumberOfBytesToRead=0x6e31, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x260b820*, lpNumberOfBytesRead=0x14edd8*=0x6e31, lpOverlapped=0x0) returned 1 [0190.199] CloseHandle (hObject=0x2f4) returned 1 [0190.833] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv", lpFilePart=0x0) returned 0x28 [0190.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0190.833] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\sxwmoh.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0190.919] GetFileType (hFile=0x2f4) returned 0x1 [0190.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0190.920] GetFileType (hFile=0x2f4) returned 0x1 [0190.920] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d2fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d2fd0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.924] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d2fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d2fd0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.924] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d2fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d2fd0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.925] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d2fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d2fd0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.925] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d2fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d2fd0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.926] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d2fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d2fd0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.926] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d2fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d2fd0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.926] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d2fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d2fd0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0190.927] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d2fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecb8, lpOverlapped=0x0 | out: lpBuffer=0x26d2fd0*, lpNumberOfBytesWritten=0x14ecb8*=0x1000, lpOverlapped=0x0) returned 1 [0190.927] WriteFile (in: hFile=0x2f4, lpBuffer=0x26d2fd0*, nNumberOfBytesToWrite=0x3c8, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26d2fd0*, lpNumberOfBytesWritten=0x14ec98*=0x3c8, lpOverlapped=0x0) returned 1 [0190.927] CloseHandle (hObject=0x2f4) returned 1 [0190.959] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv", lpFilePart=0x0) returned 0x28 [0190.959] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv.ampkcz", lpFilePart=0x0) returned 0x2f [0190.959] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0190.959] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\sxwmoh.mkv"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fe8e730, ftCreationTime.dwHighDateTime=0x1d82610, ftLastAccessTime.dwLowDateTime=0x6e274200, ftLastAccessTime.dwHighDateTime=0x1d8262d, ftLastWriteTime.dwLowDateTime=0x6034436d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x93c8)) returned 1 [0190.959] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0190.959] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\sxwmoh.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\sxWMOh.mkv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\sxwmoh.mkv.ampkcz")) returned 1 [0190.971] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a", lpFilePart=0x0) returned 0x2f [0190.971] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a", lpFilePart=0x0) returned 0x2f [0190.971] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a", dwFileAttributes=0x80) returned 1 [0190.989] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0190.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\t8p41k1npnzvx.m4a"), fInfoLevelId=0x0, lpFileInformation=0x26d4ed0 | out: lpFileInformation=0x26d4ed0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xace2b8b0, ftCreationTime.dwHighDateTime=0x1d82166, ftLastAccessTime.dwLowDateTime=0xe534fe60, ftLastAccessTime.dwHighDateTime=0x1d8254b, ftLastWriteTime.dwLowDateTime=0xe534fe60, ftLastWriteTime.dwHighDateTime=0x1d8254b, nFileSizeHigh=0x0, nFileSizeLow=0x6458)) returned 1 [0190.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0190.990] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a", lpFilePart=0x0) returned 0x2f [0190.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0190.990] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\t8p41k1npnzvx.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0190.990] GetFileType (hFile=0x2f4) returned 0x1 [0190.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0190.990] GetFileType (hFile=0x2f4) returned 0x1 [0190.990] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x6458 [0190.990] ReadFile (in: hFile=0x2f4, lpBuffer=0x26d5348, nNumberOfBytesToRead=0x6458, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x26d5348*, lpNumberOfBytesRead=0x14edd8*=0x6458, lpOverlapped=0x0) returned 1 [0190.991] CloseHandle (hObject=0x2f4) returned 1 [0191.650] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a", lpFilePart=0x0) returned 0x2f [0191.650] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0191.650] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\t8p41k1npnzvx.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0191.654] GetFileType (hFile=0x2f4) returned 0x1 [0191.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0191.654] GetFileType (hFile=0x2f4) returned 0x1 [0191.655] WriteFile (in: hFile=0x2f4, lpBuffer=0x259c5b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259c5b8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0191.656] WriteFile (in: hFile=0x2f4, lpBuffer=0x259c5b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259c5b8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0191.657] WriteFile (in: hFile=0x2f4, lpBuffer=0x259c5b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259c5b8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0191.657] WriteFile (in: hFile=0x2f4, lpBuffer=0x259c5b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259c5b8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0191.657] WriteFile (in: hFile=0x2f4, lpBuffer=0x259c5b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259c5b8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0191.658] WriteFile (in: hFile=0x2f4, lpBuffer=0x259c5b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259c5b8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0191.658] WriteFile (in: hFile=0x2f4, lpBuffer=0x259c5b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259c5b8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0191.658] WriteFile (in: hFile=0x2f4, lpBuffer=0x259c5b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259c5b8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0191.658] WriteFile (in: hFile=0x2f4, lpBuffer=0x259c5b8*, nNumberOfBytesToWrite=0x6a0, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x259c5b8*, lpNumberOfBytesWritten=0x14ec98*=0x6a0, lpOverlapped=0x0) returned 1 [0191.659] CloseHandle (hObject=0x2f4) returned 1 [0191.681] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a", lpFilePart=0x0) returned 0x2f [0191.681] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a.ampkcz", lpFilePart=0x0) returned 0x36 [0191.681] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0191.681] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\t8p41k1npnzvx.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xace2b8b0, ftCreationTime.dwHighDateTime=0x1d82166, ftLastAccessTime.dwLowDateTime=0xe534fe60, ftLastAccessTime.dwHighDateTime=0x1d8254b, ftLastWriteTime.dwLowDateTime=0x60a3d145, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x86a0)) returned 1 [0191.681] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0191.681] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\t8p41k1npnzvx.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\t8p41K1nPNZvX.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\t8p41k1npnzvx.m4a.ampkcz")) returned 1 [0191.694] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg", lpFilePart=0x0) returned 0x2d [0191.694] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg", lpFilePart=0x0) returned 0x2d [0191.694] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg", dwFileAttributes=0x80) returned 1 [0191.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0191.731] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\tsegmvcpcmx.jpg"), fInfoLevelId=0x0, lpFileInformation=0x259da38 | out: lpFileInformation=0x259da38*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8e00acc0, ftCreationTime.dwHighDateTime=0x1d81f60, ftLastAccessTime.dwLowDateTime=0x3fcaf4c0, ftLastAccessTime.dwHighDateTime=0x1d828ca, ftLastWriteTime.dwLowDateTime=0x3fcaf4c0, ftLastWriteTime.dwHighDateTime=0x1d828ca, nFileSizeHigh=0x0, nFileSizeLow=0x18ee7)) returned 1 [0191.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0191.731] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg", lpFilePart=0x0) returned 0x2d [0191.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0191.732] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\tsegmvcpcmx.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0191.732] GetFileType (hFile=0x2f4) returned 0x1 [0191.732] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0191.732] GetFileType (hFile=0x2f4) returned 0x1 [0191.732] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x18ee7 [0191.732] ReadFile (in: hFile=0x2f4, lpBuffer=0x126247f8, nNumberOfBytesToRead=0x18ee7, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x126247f8*, lpNumberOfBytesRead=0x14edd8*=0x18ee7, lpOverlapped=0x0) returned 1 [0191.735] CloseHandle (hObject=0x2f4) returned 1 [0192.201] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg", lpFilePart=0x0) returned 0x2d [0192.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0192.201] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\tsegmvcpcmx.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0192.279] GetFileType (hFile=0x2f4) returned 0x1 [0192.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0192.280] GetFileType (hFile=0x2f4) returned 0x1 [0192.280] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.281] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.282] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.282] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.283] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.283] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.283] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.284] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.284] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.285] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.285] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.285] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.286] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.286] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.286] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.287] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.287] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.287] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.288] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.288] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.288] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.289] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.289] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.289] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.291] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.292] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.292] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.293] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.293] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.293] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.294] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.296] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.296] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0192.296] WriteFile (in: hFile=0x2f4, lpBuffer=0x26172e0*, nNumberOfBytesToWrite=0x4b4, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26172e0*, lpNumberOfBytesWritten=0x14ec98*=0x4b4, lpOverlapped=0x0) returned 1 [0192.297] CloseHandle (hObject=0x2f4) returned 1 [0192.308] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg", lpFilePart=0x0) returned 0x2d [0192.308] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg.ampkcz", lpFilePart=0x0) returned 0x34 [0192.308] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0192.308] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\tsegmvcpcmx.jpg"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e00acc0, ftCreationTime.dwHighDateTime=0x1d81f60, ftLastAccessTime.dwLowDateTime=0x3fcaf4c0, ftLastAccessTime.dwHighDateTime=0x1d828ca, ftLastWriteTime.dwLowDateTime=0x610604fa, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x214b4)) returned 1 [0192.309] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0192.309] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\tsegmvcpcmx.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\tSEGMvCPcMx.jpg.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\tsegmvcpcmx.jpg.ampkcz")) returned 1 [0192.315] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png", lpFilePart=0x0) returned 0x34 [0192.315] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png", lpFilePart=0x0) returned 0x34 [0192.315] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png", dwFileAttributes=0x80) returned 1 [0192.350] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0192.350] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\y2h9o8xlmetgcabyct.png"), fInfoLevelId=0x0, lpFileInformation=0x2618810 | out: lpFileInformation=0x2618810*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x650c8f10, ftCreationTime.dwHighDateTime=0x1d81c21, ftLastAccessTime.dwLowDateTime=0xd62974d0, ftLastAccessTime.dwHighDateTime=0x1d81c42, ftLastWriteTime.dwLowDateTime=0xd62974d0, ftLastWriteTime.dwHighDateTime=0x1d81c42, nFileSizeHigh=0x0, nFileSizeLow=0x9ee0)) returned 1 [0192.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0192.350] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png", lpFilePart=0x0) returned 0x34 [0192.350] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0192.350] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\y2h9o8xlmetgcabyct.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0192.350] GetFileType (hFile=0x2f4) returned 0x1 [0192.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0192.350] GetFileType (hFile=0x2f4) returned 0x1 [0192.350] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x9ee0 [0192.350] ReadFile (in: hFile=0x2f4, lpBuffer=0x2618cc8, nNumberOfBytesToRead=0x9ee0, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2618cc8*, lpNumberOfBytesRead=0x14edd8*=0x9ee0, lpOverlapped=0x0) returned 1 [0192.351] CloseHandle (hObject=0x2f4) returned 1 [0192.854] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png", lpFilePart=0x0) returned 0x34 [0192.854] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0192.854] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\y2h9o8xlmetgcabyct.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0193.083] GetFileType (hFile=0x2f4) returned 0x1 [0193.083] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0193.083] GetFileType (hFile=0x2f4) returned 0x1 [0193.084] WriteFile (in: hFile=0x2f4, lpBuffer=0x26cdaf0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26cdaf0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.085] WriteFile (in: hFile=0x2f4, lpBuffer=0x26cdaf0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26cdaf0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.085] WriteFile (in: hFile=0x2f4, lpBuffer=0x26cdaf0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26cdaf0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.086] WriteFile (in: hFile=0x2f4, lpBuffer=0x26cdaf0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26cdaf0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.086] WriteFile (in: hFile=0x2f4, lpBuffer=0x26cdaf0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26cdaf0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.087] WriteFile (in: hFile=0x2f4, lpBuffer=0x26cdaf0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26cdaf0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.087] WriteFile (in: hFile=0x2f4, lpBuffer=0x26cdaf0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26cdaf0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.087] WriteFile (in: hFile=0x2f4, lpBuffer=0x26cdaf0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26cdaf0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.088] WriteFile (in: hFile=0x2f4, lpBuffer=0x26cdaf0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26cdaf0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.088] WriteFile (in: hFile=0x2f4, lpBuffer=0x26cdaf0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26cdaf0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.088] WriteFile (in: hFile=0x2f4, lpBuffer=0x26cdaf0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26cdaf0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.089] WriteFile (in: hFile=0x2f4, lpBuffer=0x26cdaf0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26cdaf0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.089] WriteFile (in: hFile=0x2f4, lpBuffer=0x26cdaf0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26cdaf0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.089] WriteFile (in: hFile=0x2f4, lpBuffer=0x26cdaf0*, nNumberOfBytesToWrite=0x4b4, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26cdaf0*, lpNumberOfBytesWritten=0x14ec98*=0x4b4, lpOverlapped=0x0) returned 1 [0193.090] CloseHandle (hObject=0x2f4) returned 1 [0193.095] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png", lpFilePart=0x0) returned 0x34 [0193.095] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png.ampkcz", lpFilePart=0x0) returned 0x3b [0193.095] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0193.095] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\y2h9o8xlmetgcabyct.png"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x650c8f10, ftCreationTime.dwHighDateTime=0x1d81c21, ftLastAccessTime.dwLowDateTime=0xd62974d0, ftLastAccessTime.dwHighDateTime=0x1d81c42, ftLastWriteTime.dwLowDateTime=0x617e4bed, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd4b4)) returned 1 [0193.095] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0193.095] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\y2h9o8xlmetgcabyct.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\y2H9O8xlmETgCAbycT.png.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\y2h9o8xlmetgcabyct.png.ampkcz")) returned 1 [0193.113] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a", lpFilePart=0x0) returned 0x2f [0193.113] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a", lpFilePart=0x0) returned 0x2f [0193.113] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a", dwFileAttributes=0x80) returned 1 [0193.115] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0193.115] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ys5fvy3ywybsg.m4a"), fInfoLevelId=0x0, lpFileInformation=0x26cfa38 | out: lpFileInformation=0x26cfa38*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xb2e23fe0, ftCreationTime.dwHighDateTime=0x1d82a28, ftLastAccessTime.dwLowDateTime=0xcf668310, ftLastAccessTime.dwHighDateTime=0x1d82a28, ftLastWriteTime.dwLowDateTime=0xcf668310, ftLastWriteTime.dwHighDateTime=0x1d82a28, nFileSizeHigh=0x0, nFileSizeLow=0x15aff)) returned 1 [0193.115] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0193.115] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a", lpFilePart=0x0) returned 0x2f [0193.115] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0193.116] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ys5fvy3ywybsg.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0193.116] GetFileType (hFile=0x2f4) returned 0x1 [0193.116] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0193.116] GetFileType (hFile=0x2f4) returned 0x1 [0193.116] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x15aff [0193.116] ReadFile (in: hFile=0x2f4, lpBuffer=0x127745e8, nNumberOfBytesToRead=0x15aff, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x127745e8*, lpNumberOfBytesRead=0x14edd8*=0x15aff, lpOverlapped=0x0) returned 1 [0193.119] CloseHandle (hObject=0x2f4) returned 1 [0193.510] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a", lpFilePart=0x0) returned 0x2f [0193.510] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0193.510] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ys5fvy3ywybsg.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0193.515] GetFileType (hFile=0x2f4) returned 0x1 [0193.515] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0193.515] GetFileType (hFile=0x2f4) returned 0x1 [0193.515] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.516] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.517] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.517] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.517] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.518] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.518] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.518] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.519] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.519] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.519] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.520] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.520] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.521] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.521] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.521] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.522] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.522] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.522] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.523] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.523] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.523] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.524] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.524] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.524] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.525] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.525] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.526] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.526] WriteFile (in: hFile=0x2f4, lpBuffer=0x25204a8*, nNumberOfBytesToWrite=0xf74, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25204a8*, lpNumberOfBytesWritten=0x14ec98*=0xf74, lpOverlapped=0x0) returned 1 [0193.526] CloseHandle (hObject=0x2f4) returned 1 [0193.532] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a", lpFilePart=0x0) returned 0x2f [0193.532] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a.ampkcz", lpFilePart=0x0) returned 0x36 [0193.532] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0193.532] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ys5fvy3ywybsg.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2e23fe0, ftCreationTime.dwHighDateTime=0x1d82a28, ftLastAccessTime.dwLowDateTime=0xcf668310, ftLastAccessTime.dwHighDateTime=0x1d82a28, ftLastWriteTime.dwLowDateTime=0x61c1010e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1cf74)) returned 1 [0193.532] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0193.532] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ys5fvy3ywybsg.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\ys5FVy3YwYbsg.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\ys5fvy3ywybsg.m4a.ampkcz")) returned 1 [0193.539] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif", lpFilePart=0x0) returned 0x32 [0193.539] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif", lpFilePart=0x0) returned 0x32 [0193.539] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif", dwFileAttributes=0x80) returned 1 [0193.544] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0193.544] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\zr1fjuatmluvrkkw.gif"), fInfoLevelId=0x0, lpFileInformation=0x25253d0 | out: lpFileInformation=0x25253d0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4140020, ftCreationTime.dwHighDateTime=0x1d81ca9, ftLastAccessTime.dwLowDateTime=0x88bbbd30, ftLastAccessTime.dwHighDateTime=0x1d820c9, ftLastWriteTime.dwLowDateTime=0x88bbbd30, ftLastWriteTime.dwHighDateTime=0x1d820c9, nFileSizeHigh=0x0, nFileSizeLow=0x138c4)) returned 1 [0193.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0193.544] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif", lpFilePart=0x0) returned 0x32 [0193.544] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0193.544] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\zr1fjuatmluvrkkw.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0193.544] GetFileType (hFile=0x2f4) returned 0x1 [0193.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0193.544] GetFileType (hFile=0x2f4) returned 0x1 [0193.544] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x138c4 [0193.546] ReadFile (in: hFile=0x2f4, lpBuffer=0x2525870, nNumberOfBytesToRead=0x138c4, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2525870*, lpNumberOfBytesRead=0x14edd8*=0x138c4, lpOverlapped=0x0) returned 1 [0193.547] CloseHandle (hObject=0x2f4) returned 1 [0193.902] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif", lpFilePart=0x0) returned 0x32 [0193.903] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0193.903] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\zr1fjuatmluvrkkw.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0193.908] GetFileType (hFile=0x2f4) returned 0x1 [0193.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0193.908] GetFileType (hFile=0x2f4) returned 0x1 [0193.908] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.910] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.910] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.911] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.911] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.911] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.912] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.912] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.912] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.913] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.913] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.913] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.914] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.914] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.914] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.915] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.915] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.915] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.916] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.916] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.916] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.917] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.917] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.917] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.918] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0193.918] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecb8, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ecb8*=0x1000, lpOverlapped=0x0) returned 1 [0193.918] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ed040*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25ed040*, lpNumberOfBytesWritten=0x14ec98*=0x1e0, lpOverlapped=0x0) returned 1 [0193.919] CloseHandle (hObject=0x2f4) returned 1 [0193.925] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif", lpFilePart=0x0) returned 0x32 [0193.925] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif.ampkcz", lpFilePart=0x0) returned 0x39 [0193.925] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0193.925] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\zr1fjuatmluvrkkw.gif"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4140020, ftCreationTime.dwHighDateTime=0x1d81ca9, ftLastAccessTime.dwLowDateTime=0x88bbbd30, ftLastAccessTime.dwHighDateTime=0x1d820c9, ftLastWriteTime.dwLowDateTime=0x61fcddbe, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a1e0)) returned 1 [0193.925] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0193.926] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\zr1fjuatmluvrkkw.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Zr1fJuAtmLuvrKkw.gif.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\zr1fjuatmluvrkkw.gif.ampkcz")) returned 1 [0193.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0193.930] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0193.930] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e [0193.930] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x61fd6f19, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x61fd6f19, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0193.932] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x61fd6f19, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x61fd6f19, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.933] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a22e910, ftCreationTime.dwHighDateTime=0x1d81bfa, ftLastAccessTime.dwLowDateTime=0xea63790, ftLastAccessTime.dwHighDateTime=0x1d82818, ftLastWriteTime.dwLowDateTime=0x5a10affd, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xb560, dwReserved0=0x0, dwReserved1=0x0, cFileName="2tiKE.m4a.ampkcz", cAlternateFileName="2TIKEM~1.AMP")) returned 1 [0193.933] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd86a9360, ftCreationTime.dwHighDateTime=0x1d82362, ftLastAccessTime.dwLowDateTime=0xcc3c5400, ftLastAccessTime.dwHighDateTime=0x1d826ed, ftLastWriteTime.dwLowDateTime=0x5a97fab2, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x18d34, dwReserved0=0x0, dwReserved1=0x0, cFileName="505vm9.swf.ampkcz", cAlternateFileName="505VM9~1.AMP")) returned 1 [0193.933] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5be420, ftCreationTime.dwHighDateTime=0x1d8230f, ftLastAccessTime.dwLowDateTime=0xd6ceea20, ftLastAccessTime.dwHighDateTime=0x1d82857, ftLastWriteTime.dwLowDateTime=0x5ae68886, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1f088, dwReserved0=0x0, dwReserved1=0x0, cFileName="9ABjQ1b3wA2cIKcd.flv.ampkcz", cAlternateFileName="9ABJQ1~1.AMP")) returned 1 [0193.934] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb91e780, ftCreationTime.dwHighDateTime=0x1d858f1, ftLastAccessTime.dwLowDateTime=0xeb91e780, ftLastAccessTime.dwHighDateTime=0x1d858f1, ftLastWriteTime.dwLowDateTime=0x263f5400, ftLastWriteTime.dwHighDateTime=0x1d858e1, nFileSizeHigh=0x0, nFileSizeLow=0x6800, dwReserved0=0x0, dwReserved1=0x0, cFileName="a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", cAlternateFileName="A7F09C~1.EXE")) returned 1 [0193.934] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83be2040, ftCreationTime.dwHighDateTime=0x1d8285b, ftLastAccessTime.dwLowDateTime=0xc2b25400, ftLastAccessTime.dwHighDateTime=0x1d82893, ftLastWriteTime.dwLowDateTime=0x5b269fe7, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xb7a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bh_dyqBOzR8.swf.ampkcz", cAlternateFileName="BH_DYQ~1.AMP")) returned 1 [0193.934] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfba64860, ftCreationTime.dwHighDateTime=0x1d81b97, ftLastAccessTime.dwLowDateTime=0x7c2644a0, ftLastAccessTime.dwHighDateTime=0x1d81f7f, ftLastWriteTime.dwLowDateTime=0x5b8c0217, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8808, dwReserved0=0x0, dwReserved1=0x0, cFileName="BiqZhzQpPpNFiiegsAS.mkv.ampkcz", cAlternateFileName="BIQZHZ~1.AMP")) returned 1 [0193.934] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91746cd0, ftCreationTime.dwHighDateTime=0x1d828ce, ftLastAccessTime.dwLowDateTime=0xf8bcdaf0, ftLastAccessTime.dwHighDateTime=0x1d829b7, ftLastWriteTime.dwLowDateTime=0xf8bcdaf0, ftLastWriteTime.dwHighDateTime=0x1d829b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bjr3u", cAlternateFileName="")) returned 1 [0193.934] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd308590, ftCreationTime.dwHighDateTime=0x1d81fef, ftLastAccessTime.dwLowDateTime=0xb961b180, ftLastAccessTime.dwHighDateTime=0x1d8256d, ftLastWriteTime.dwLowDateTime=0x5bd54292, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8634, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cp L8O_LsjVMCQa-GI.gif.ampkcz", cAlternateFileName="CPL8O_~1.AMP")) returned 1 [0193.935] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5c0a3b58, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x248, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0193.935] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e06dc30, ftCreationTime.dwHighDateTime=0x1d821ae, ftLastAccessTime.dwLowDateTime=0x2ae6cd40, ftLastAccessTime.dwHighDateTime=0x1d826b3, ftLastWriteTime.dwLowDateTime=0x5c77c155, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1f534, dwReserved0=0x0, dwReserved1=0x0, cFileName="ICzw-hYXI.bmp.ampkcz", cAlternateFileName="ICZW-H~1.AMP")) returned 1 [0193.935] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf54d8940, ftCreationTime.dwHighDateTime=0x1d820ad, ftLastAccessTime.dwLowDateTime=0xd9ca63a0, ftLastAccessTime.dwHighDateTime=0x1d824e5, ftLastWriteTime.dwLowDateTime=0x5cd5790f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8674, dwReserved0=0x0, dwReserved1=0x0, cFileName="iEg5ajMoeBZC.mp4.ampkcz", cAlternateFileName="IEG5AJ~1.AMP")) returned 1 [0193.935] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc458100, ftCreationTime.dwHighDateTime=0x1d81a09, ftLastAccessTime.dwLowDateTime=0x5aa65240, ftLastAccessTime.dwHighDateTime=0x1d8286f, ftLastWriteTime.dwLowDateTime=0x5d41266b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x19d34, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkAT8Q.rtf.ampkcz", cAlternateFileName="JKAT8Q~1.AMP")) returned 1 [0193.935] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cab9260, ftCreationTime.dwHighDateTime=0x1d81e4e, ftLastAccessTime.dwLowDateTime=0x2ae8bbf0, ftLastAccessTime.dwHighDateTime=0x1d828ca, ftLastWriteTime.dwLowDateTime=0x5d9feb3f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x9ba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="k-2kcKE.mkv.ampkcz", cAlternateFileName="K-2KCK~1.AMP")) returned 1 [0193.936] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ad53b00, ftCreationTime.dwHighDateTime=0x1d8282e, ftLastAccessTime.dwLowDateTime=0x17573b10, ftLastAccessTime.dwHighDateTime=0x1d82943, ftLastWriteTime.dwLowDateTime=0x5e0fa9db, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1dea0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KvJg7fTjd.ppt.ampkcz", cAlternateFileName="KVJG7F~1.AMP")) returned 1 [0193.936] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb434b270, ftCreationTime.dwHighDateTime=0x1d825f4, ftLastAccessTime.dwLowDateTime=0x87f2f760, ftLastAccessTime.dwHighDateTime=0x1d829bb, ftLastWriteTime.dwLowDateTime=0x5e751aa6, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1df08, dwReserved0=0x0, dwReserved1=0x0, cFileName="mS0Pc.m4a.ampkcz", cAlternateFileName="MS0PCM~1.AMP")) returned 1 [0193.936] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xceb94b00, ftCreationTime.dwHighDateTime=0x1d82244, ftLastAccessTime.dwLowDateTime=0xa09154c0, ftLastAccessTime.dwHighDateTime=0x1d827c1, ftLastWriteTime.dwLowDateTime=0x5ee59db6, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x7774, dwReserved0=0x0, dwReserved1=0x0, cFileName="NdRfu9tUbI.wav.ampkcz", cAlternateFileName="NDRFU9~1.AMP")) returned 1 [0193.936] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3f8fc10, ftCreationTime.dwHighDateTime=0x1d820b6, ftLastAccessTime.dwLowDateTime=0xfd4c06c0, ftLastAccessTime.dwHighDateTime=0x1d82798, ftLastWriteTime.dwLowDateTime=0x5f43ef64, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x15808, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pdz8n1 UI6B5ybck59.mp3.ampkcz", cAlternateFileName="PDZ8N1~1.AMP")) returned 1 [0193.937] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc76fa210, ftCreationTime.dwHighDateTime=0x1d81c6b, ftLastAccessTime.dwLowDateTime=0x71903d50, ftLastAccessTime.dwHighDateTime=0x1d81cbb, ftLastWriteTime.dwLowDateTime=0x5f8940ed, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x12eb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="R4ZOtCCfPyPi.png.ampkcz", cAlternateFileName="R4ZOTC~1.AMP")) returned 1 [0193.937] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a156260, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x5a156260, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x5a165cc6, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0193.937] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa27af970, ftCreationTime.dwHighDateTime=0x1d82178, ftLastAccessTime.dwLowDateTime=0x8ba88920, ftLastAccessTime.dwHighDateTime=0x1d8296a, ftLastWriteTime.dwLowDateTime=0x5fc2c9d5, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1aa74, dwReserved0=0x0, dwReserved1=0x0, cFileName="SfNsa8YB.avi.ampkcz", cAlternateFileName="SFNSA8~1.AMP")) returned 1 [0193.937] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fe8e730, ftCreationTime.dwHighDateTime=0x1d82610, ftLastAccessTime.dwLowDateTime=0x6e274200, ftLastAccessTime.dwHighDateTime=0x1d8262d, ftLastWriteTime.dwLowDateTime=0x6034436d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x93c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="sxWMOh.mkv.ampkcz", cAlternateFileName="SXWMOH~1.AMP")) returned 1 [0193.937] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xace2b8b0, ftCreationTime.dwHighDateTime=0x1d82166, ftLastAccessTime.dwLowDateTime=0xe534fe60, ftLastAccessTime.dwHighDateTime=0x1d8254b, ftLastWriteTime.dwLowDateTime=0x60a3d145, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x86a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="t8p41K1nPNZvX.m4a.ampkcz", cAlternateFileName="T8P41K~1.AMP")) returned 1 [0193.939] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e00acc0, ftCreationTime.dwHighDateTime=0x1d81f60, ftLastAccessTime.dwLowDateTime=0x3fcaf4c0, ftLastAccessTime.dwHighDateTime=0x1d828ca, ftLastWriteTime.dwLowDateTime=0x610604fa, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x214b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="tSEGMvCPcMx.jpg.ampkcz", cAlternateFileName="TSEGMV~1.AMP")) returned 1 [0193.940] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x650c8f10, ftCreationTime.dwHighDateTime=0x1d81c21, ftLastAccessTime.dwLowDateTime=0xd62974d0, ftLastAccessTime.dwHighDateTime=0x1d81c42, ftLastWriteTime.dwLowDateTime=0x617e4bed, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd4b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="y2H9O8xlmETgCAbycT.png.ampkcz", cAlternateFileName="Y2H9O8~1.AMP")) returned 1 [0193.940] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2e23fe0, ftCreationTime.dwHighDateTime=0x1d82a28, ftLastAccessTime.dwLowDateTime=0xcf668310, ftLastAccessTime.dwHighDateTime=0x1d82a28, ftLastWriteTime.dwLowDateTime=0x61c1010e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1cf74, dwReserved0=0x0, dwReserved1=0x0, cFileName="ys5FVy3YwYbsg.m4a.ampkcz", cAlternateFileName="YS5FVY~1.AMP")) returned 1 [0193.940] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4dd50a0, ftCreationTime.dwHighDateTime=0x1d8247d, ftLastAccessTime.dwLowDateTime=0x7316e100, ftLastAccessTime.dwHighDateTime=0x1d82545, ftLastWriteTime.dwLowDateTime=0x7316e100, ftLastWriteTime.dwHighDateTime=0x1d82545, nFileSizeHigh=0x0, nFileSizeLow=0x116db, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ze-VEOovGiNCD_-X5js.ots", cAlternateFileName="ZE-VEO~1.OTS")) returned 1 [0193.940] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4140020, ftCreationTime.dwHighDateTime=0x1d81ca9, ftLastAccessTime.dwLowDateTime=0x88bbbd30, ftLastAccessTime.dwHighDateTime=0x1d820c9, ftLastWriteTime.dwLowDateTime=0x61fcddbe, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a1e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zr1fJuAtmLuvrKkw.gif.ampkcz", cAlternateFileName="ZR1FJU~1.AMP")) returned 1 [0193.940] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4140020, ftCreationTime.dwHighDateTime=0x1d81ca9, ftLastAccessTime.dwLowDateTime=0x88bbbd30, ftLastAccessTime.dwHighDateTime=0x1d820c9, ftLastWriteTime.dwLowDateTime=0x61fcddbe, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a1e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zr1fJuAtmLuvrKkw.gif.ampkcz", cAlternateFileName="ZR1FJU~1.AMP")) returned 0 [0193.940] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0193.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0193.941] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0193.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0193.941] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u", lpFilePart=0x0) returned 0x23 [0193.941] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\", lpFilePart=0x0) returned 0x24 [0193.941] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91746cd0, ftCreationTime.dwHighDateTime=0x1d828ce, ftLastAccessTime.dwLowDateTime=0xf8bcdaf0, ftLastAccessTime.dwHighDateTime=0x1d829b7, ftLastWriteTime.dwLowDateTime=0xf8bcdaf0, ftLastWriteTime.dwHighDateTime=0x1d829b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0193.941] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91746cd0, ftCreationTime.dwHighDateTime=0x1d828ce, ftLastAccessTime.dwLowDateTime=0xf8bcdaf0, ftLastAccessTime.dwHighDateTime=0x1d829b7, ftLastWriteTime.dwLowDateTime=0xf8bcdaf0, ftLastWriteTime.dwHighDateTime=0x1d829b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0193.942] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d0ed080, ftCreationTime.dwHighDateTime=0x1d8262f, ftLastAccessTime.dwLowDateTime=0x57392270, ftLastAccessTime.dwHighDateTime=0x1d826c3, ftLastWriteTime.dwLowDateTime=0x57392270, ftLastWriteTime.dwHighDateTime=0x1d826c3, nFileSizeHigh=0x0, nFileSizeLow=0xd911, dwReserved0=0x0, dwReserved1=0x0, cFileName="2HtL-q.csv", cAlternateFileName="")) returned 1 [0193.942] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x454e2e00, ftCreationTime.dwHighDateTime=0x1d81af9, ftLastAccessTime.dwLowDateTime=0x59375bc0, ftLastAccessTime.dwHighDateTime=0x1d82347, ftLastWriteTime.dwLowDateTime=0x59375bc0, ftLastWriteTime.dwHighDateTime=0x1d82347, nFileSizeHigh=0x0, nFileSizeLow=0x9c90, dwReserved0=0x0, dwReserved1=0x0, cFileName="7Bsy4NSMiVQmfv8k.m4a", cAlternateFileName="7BSY4N~1.M4A")) returned 1 [0193.942] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde052540, ftCreationTime.dwHighDateTime=0x1d825e4, ftLastAccessTime.dwLowDateTime=0x6d621250, ftLastAccessTime.dwHighDateTime=0x1d82853, ftLastWriteTime.dwLowDateTime=0x6d621250, ftLastWriteTime.dwHighDateTime=0x1d82853, nFileSizeHigh=0x0, nFileSizeLow=0x340b, dwReserved0=0x0, dwReserved1=0x0, cFileName="8LljmtPnMSEYSYG.csv", cAlternateFileName="8LLJMT~1.CSV")) returned 1 [0193.942] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c230220, ftCreationTime.dwHighDateTime=0x1d81ce7, ftLastAccessTime.dwLowDateTime=0xd569ebb0, ftLastAccessTime.dwHighDateTime=0x1d8202f, ftLastWriteTime.dwLowDateTime=0xd569ebb0, ftLastWriteTime.dwHighDateTime=0x1d8202f, nFileSizeHigh=0x0, nFileSizeLow=0x113f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="8Vi4 VdapZ6YLX5Sp.flv", cAlternateFileName="8VI4VD~1.FLV")) returned 1 [0193.942] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb4c88e0, ftCreationTime.dwHighDateTime=0x1d829c4, ftLastAccessTime.dwLowDateTime=0xc7ac84b0, ftLastAccessTime.dwHighDateTime=0x1d829f8, ftLastWriteTime.dwLowDateTime=0xc7ac84b0, ftLastWriteTime.dwHighDateTime=0x1d829f8, nFileSizeHigh=0x0, nFileSizeLow=0xd28c, dwReserved0=0x0, dwReserved1=0x0, cFileName="BKUVLc.bmp", cAlternateFileName="")) returned 1 [0193.942] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf992f60, ftCreationTime.dwHighDateTime=0x1d81df3, ftLastAccessTime.dwLowDateTime=0x23f58620, ftLastAccessTime.dwHighDateTime=0x1d8229e, ftLastWriteTime.dwLowDateTime=0x23f58620, ftLastWriteTime.dwHighDateTime=0x1d8229e, nFileSizeHigh=0x0, nFileSizeLow=0x10585, dwReserved0=0x0, dwReserved1=0x0, cFileName="bz0WFA-cPHK_6RXp.m4a", cAlternateFileName="BZ0WFA~1.M4A")) returned 1 [0193.942] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefad3610, ftCreationTime.dwHighDateTime=0x1d826b2, ftLastAccessTime.dwLowDateTime=0x86ecf760, ftLastAccessTime.dwHighDateTime=0x1d8286e, ftLastWriteTime.dwLowDateTime=0x86ecf760, ftLastWriteTime.dwHighDateTime=0x1d8286e, nFileSizeHigh=0x0, nFileSizeLow=0xa2c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="ggv8WxB.gif", cAlternateFileName="")) returned 1 [0193.943] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d72fbe0, ftCreationTime.dwHighDateTime=0x1d823de, ftLastAccessTime.dwLowDateTime=0x677989e0, ftLastAccessTime.dwHighDateTime=0x1d82605, ftLastWriteTime.dwLowDateTime=0x677989e0, ftLastWriteTime.dwHighDateTime=0x1d82605, nFileSizeHigh=0x0, nFileSizeLow=0x3c2b, dwReserved0=0x0, dwReserved1=0x0, cFileName="JHyJ2FcVg5iar.mp3", cAlternateFileName="JHYJ2F~1.MP3")) returned 1 [0193.943] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71191240, ftCreationTime.dwHighDateTime=0x1d81d4f, ftLastAccessTime.dwLowDateTime=0xa3f402c0, ftLastAccessTime.dwHighDateTime=0x1d82587, ftLastWriteTime.dwLowDateTime=0xa3f402c0, ftLastWriteTime.dwHighDateTime=0x1d82587, nFileSizeHigh=0x0, nFileSizeLow=0x19d8, dwReserved0=0x0, dwReserved1=0x0, cFileName="mB4Ez1kKY5Cs.mp3", cAlternateFileName="MB4EZ1~1.MP3")) returned 1 [0193.943] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51b8e290, ftCreationTime.dwHighDateTime=0x1d822d1, ftLastAccessTime.dwLowDateTime=0x9cb3d000, ftLastAccessTime.dwHighDateTime=0x1d8232d, ftLastWriteTime.dwLowDateTime=0x9cb3d000, ftLastWriteTime.dwHighDateTime=0x1d8232d, nFileSizeHigh=0x0, nFileSizeLow=0x551f, dwReserved0=0x0, dwReserved1=0x0, cFileName="mFs5gB9Z3Uguw495HmEZ.jpg", cAlternateFileName="MFS5GB~1.JPG")) returned 1 [0193.943] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9befbf0, ftCreationTime.dwHighDateTime=0x1d81cfd, ftLastAccessTime.dwLowDateTime=0x87f76dc0, ftLastAccessTime.dwHighDateTime=0x1d82756, ftLastWriteTime.dwLowDateTime=0x87f76dc0, ftLastWriteTime.dwHighDateTime=0x1d82756, nFileSizeHigh=0x0, nFileSizeLow=0x12b15, dwReserved0=0x0, dwReserved1=0x0, cFileName="RPzmf9DjF1.pptx", cAlternateFileName="RPZMF9~1.PPT")) returned 1 [0193.943] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a169430, ftCreationTime.dwHighDateTime=0x1d828ca, ftLastAccessTime.dwLowDateTime=0x5fd5e050, ftLastAccessTime.dwHighDateTime=0x1d8290f, ftLastWriteTime.dwLowDateTime=0x5fd5e050, ftLastWriteTime.dwHighDateTime=0x1d8290f, nFileSizeHigh=0x0, nFileSizeLow=0xc0d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="SjWyWkMIArJ.docx", cAlternateFileName="SJWYWK~1.DOC")) returned 1 [0193.943] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9650, ftCreationTime.dwHighDateTime=0x1d81a02, ftLastAccessTime.dwLowDateTime=0x56f29500, ftLastAccessTime.dwHighDateTime=0x1d8247d, ftLastWriteTime.dwLowDateTime=0x56f29500, ftLastWriteTime.dwHighDateTime=0x1d8247d, nFileSizeHigh=0x0, nFileSizeLow=0x137ae, dwReserved0=0x0, dwReserved1=0x0, cFileName="VADyx2_L0xN.flv", cAlternateFileName="VADYX2~1.FLV")) returned 1 [0193.943] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ee1500, ftCreationTime.dwHighDateTime=0x1d8225e, ftLastAccessTime.dwLowDateTime=0x25426d90, ftLastAccessTime.dwHighDateTime=0x1d829a6, ftLastWriteTime.dwLowDateTime=0x25426d90, ftLastWriteTime.dwHighDateTime=0x1d829a6, nFileSizeHigh=0x0, nFileSizeLow=0x1866e, dwReserved0=0x0, dwReserved1=0x0, cFileName="vXhGV8MRaVScOkV5f5.ods", cAlternateFileName="VXHGV8~1.ODS")) returned 1 [0193.944] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd36485d0, ftCreationTime.dwHighDateTime=0x1d82671, ftLastAccessTime.dwLowDateTime=0x5e9bed80, ftLastAccessTime.dwHighDateTime=0x1d8280e, ftLastWriteTime.dwLowDateTime=0x5e9bed80, ftLastWriteTime.dwHighDateTime=0x1d8280e, nFileSizeHigh=0x0, nFileSizeLow=0x3698, dwReserved0=0x0, dwReserved1=0x0, cFileName="WTyYMq00n.m4a", cAlternateFileName="WTYYMQ~1.M4A")) returned 1 [0193.944] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d025c90, ftCreationTime.dwHighDateTime=0x1d820a6, ftLastAccessTime.dwLowDateTime=0xf2464730, ftLastAccessTime.dwHighDateTime=0x1d82172, ftLastWriteTime.dwLowDateTime=0xf2464730, ftLastWriteTime.dwHighDateTime=0x1d82172, nFileSizeHigh=0x0, nFileSizeLow=0x635, dwReserved0=0x0, dwReserved1=0x0, cFileName="Y_Ku-Plvvx.png", cAlternateFileName="Y_KU-P~1.PNG")) returned 1 [0193.944] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0193.944] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0193.944] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0193.944] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0193.945] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv", lpFilePart=0x0) returned 0x2e [0193.945] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv", lpFilePart=0x0) returned 0x2e [0193.945] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv", dwFileAttributes=0x80) returned 1 [0193.947] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0193.947] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\2htl-q.csv"), fInfoLevelId=0x0, lpFileInformation=0x25f47c0 | out: lpFileInformation=0x25f47c0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5d0ed080, ftCreationTime.dwHighDateTime=0x1d8262f, ftLastAccessTime.dwLowDateTime=0x57392270, ftLastAccessTime.dwHighDateTime=0x1d826c3, ftLastWriteTime.dwLowDateTime=0x57392270, ftLastWriteTime.dwHighDateTime=0x1d826c3, nFileSizeHigh=0x0, nFileSizeLow=0xd911)) returned 1 [0193.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0193.947] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv", lpFilePart=0x0) returned 0x2e [0193.947] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0193.947] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\2htl-q.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0193.947] GetFileType (hFile=0x2f4) returned 0x1 [0193.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0193.947] GetFileType (hFile=0x2f4) returned 0x1 [0193.947] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xd911 [0193.947] ReadFile (in: hFile=0x2f4, lpBuffer=0x25f4c18, nNumberOfBytesToRead=0xd911, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25f4c18*, lpNumberOfBytesRead=0x14ed68*=0xd911, lpOverlapped=0x0) returned 1 [0193.949] CloseHandle (hObject=0x2f4) returned 1 [0194.436] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv", lpFilePart=0x0) returned 0x2e [0194.436] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0194.436] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\2htl-q.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0194.442] GetFileType (hFile=0x2f4) returned 0x1 [0194.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0194.442] GetFileType (hFile=0x2f4) returned 0x1 [0194.443] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0194.444] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0194.444] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0194.445] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0194.445] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0194.445] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0194.446] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0194.446] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0194.447] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0194.447] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0194.447] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0194.448] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0194.448] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0194.448] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0194.449] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0194.449] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0194.449] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0194.449] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0194.450] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a4508*, nNumberOfBytesToWrite=0x248, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26a4508*, lpNumberOfBytesWritten=0x14ec28*=0x248, lpOverlapped=0x0) returned 1 [0194.450] CloseHandle (hObject=0x2f4) returned 1 [0194.456] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv", lpFilePart=0x0) returned 0x2e [0194.456] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv.ampkcz", lpFilePart=0x0) returned 0x35 [0194.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0194.457] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\2htl-q.csv"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d0ed080, ftCreationTime.dwHighDateTime=0x1d8262f, ftLastAccessTime.dwLowDateTime=0x57392270, ftLastAccessTime.dwHighDateTime=0x1d826c3, ftLastWriteTime.dwLowDateTime=0x624de466, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x12248)) returned 1 [0194.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0194.457] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\2htl-q.csv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\2HtL-q.csv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\2htl-q.csv.ampkcz")) returned 1 [0194.507] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\readme.txt", lpFilePart=0x0) returned 0x2e [0194.507] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0194.507] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0194.512] GetFileType (hFile=0x2f4) returned 0x1 [0194.512] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0194.512] GetFileType (hFile=0x2f4) returned 0x1 [0194.514] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a7708*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x26a7708*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0194.515] CloseHandle (hObject=0x2f4) returned 1 [0194.556] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a", lpFilePart=0x0) returned 0x38 [0194.556] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a", lpFilePart=0x0) returned 0x38 [0194.556] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a", dwFileAttributes=0x80) returned 1 [0194.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0194.557] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\7bsy4nsmivqmfv8k.m4a"), fInfoLevelId=0x0, lpFileInformation=0x26a9c18 | out: lpFileInformation=0x26a9c18*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x454e2e00, ftCreationTime.dwHighDateTime=0x1d81af9, ftLastAccessTime.dwLowDateTime=0x59375bc0, ftLastAccessTime.dwHighDateTime=0x1d82347, ftLastWriteTime.dwLowDateTime=0x59375bc0, ftLastWriteTime.dwHighDateTime=0x1d82347, nFileSizeHigh=0x0, nFileSizeLow=0x9c90)) returned 1 [0194.557] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0194.557] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a", lpFilePart=0x0) returned 0x38 [0194.557] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0194.557] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\7bsy4nsmivqmfv8k.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0194.558] GetFileType (hFile=0x2f4) returned 0x1 [0194.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0194.558] GetFileType (hFile=0x2f4) returned 0x1 [0194.558] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x9c90 [0194.558] ReadFile (in: hFile=0x2f4, lpBuffer=0x26aa0e8, nNumberOfBytesToRead=0x9c90, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x26aa0e8*, lpNumberOfBytesRead=0x14ed68*=0x9c90, lpOverlapped=0x0) returned 1 [0194.559] CloseHandle (hObject=0x2f4) returned 1 [0195.029] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a", lpFilePart=0x0) returned 0x38 [0195.029] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0195.029] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\7bsy4nsmivqmfv8k.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0195.038] GetFileType (hFile=0x2f4) returned 0x1 [0195.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0195.038] GetFileType (hFile=0x2f4) returned 0x1 [0195.039] WriteFile (in: hFile=0x2f4, lpBuffer=0x2568dc8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2568dc8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.040] WriteFile (in: hFile=0x2f4, lpBuffer=0x2568dc8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2568dc8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.040] WriteFile (in: hFile=0x2f4, lpBuffer=0x2568dc8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2568dc8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.040] WriteFile (in: hFile=0x2f4, lpBuffer=0x2568dc8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2568dc8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.041] WriteFile (in: hFile=0x2f4, lpBuffer=0x2568dc8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2568dc8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.041] WriteFile (in: hFile=0x2f4, lpBuffer=0x2568dc8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2568dc8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.041] WriteFile (in: hFile=0x2f4, lpBuffer=0x2568dc8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2568dc8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.042] WriteFile (in: hFile=0x2f4, lpBuffer=0x2568dc8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2568dc8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.042] WriteFile (in: hFile=0x2f4, lpBuffer=0x2568dc8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2568dc8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.042] WriteFile (in: hFile=0x2f4, lpBuffer=0x2568dc8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2568dc8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.043] WriteFile (in: hFile=0x2f4, lpBuffer=0x2568dc8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2568dc8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.043] WriteFile (in: hFile=0x2f4, lpBuffer=0x2568dc8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2568dc8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.043] WriteFile (in: hFile=0x2f4, lpBuffer=0x2568dc8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x2568dc8*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0195.044] WriteFile (in: hFile=0x2f4, lpBuffer=0x2568dc8*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2568dc8*, lpNumberOfBytesWritten=0x14ec28*=0x1a0, lpOverlapped=0x0) returned 1 [0195.044] CloseHandle (hObject=0x2f4) returned 1 [0195.082] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a", lpFilePart=0x0) returned 0x38 [0195.082] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a.ampkcz", lpFilePart=0x0) returned 0x3f [0195.082] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0195.082] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\7bsy4nsmivqmfv8k.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x454e2e00, ftCreationTime.dwHighDateTime=0x1d81af9, ftLastAccessTime.dwLowDateTime=0x59375bc0, ftLastAccessTime.dwHighDateTime=0x1d82347, ftLastWriteTime.dwLowDateTime=0x62a8631f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd1a0)) returned 1 [0195.082] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0195.082] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\7bsy4nsmivqmfv8k.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\7Bsy4NSMiVQmfv8k.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\7bsy4nsmivqmfv8k.m4a.ampkcz")) returned 1 [0195.153] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv", lpFilePart=0x0) returned 0x37 [0195.153] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv", lpFilePart=0x0) returned 0x37 [0195.154] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv", dwFileAttributes=0x80) returned 1 [0195.169] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0195.169] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\8lljmtpnmseysyg.csv"), fInfoLevelId=0x0, lpFileInformation=0x256a350 | out: lpFileInformation=0x256a350*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xde052540, ftCreationTime.dwHighDateTime=0x1d825e4, ftLastAccessTime.dwLowDateTime=0x6d621250, ftLastAccessTime.dwHighDateTime=0x1d82853, ftLastWriteTime.dwLowDateTime=0x6d621250, ftLastWriteTime.dwHighDateTime=0x1d82853, nFileSizeHigh=0x0, nFileSizeLow=0x340b)) returned 1 [0195.170] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0195.170] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv", lpFilePart=0x0) returned 0x37 [0195.170] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0195.170] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\8lljmtpnmseysyg.csv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0195.170] GetFileType (hFile=0x2f4) returned 0x1 [0195.170] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0195.170] GetFileType (hFile=0x2f4) returned 0x1 [0195.170] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x340b [0195.170] ReadFile (in: hFile=0x2f4, lpBuffer=0x256a7f8, nNumberOfBytesToRead=0x340b, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x256a7f8*, lpNumberOfBytesRead=0x14ed68*=0x340b, lpOverlapped=0x0) returned 1 [0195.171] CloseHandle (hObject=0x2f4) returned 1 [0195.540] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv", lpFilePart=0x0) returned 0x37 [0195.540] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0195.540] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\8lljmtpnmseysyg.csv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0195.558] GetFileType (hFile=0x2f4) returned 0x1 [0195.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0195.558] GetFileType (hFile=0x2f4) returned 0x1 [0195.558] WriteFile (in: hFile=0x2f4, lpBuffer=0x2608c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2608c60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.560] WriteFile (in: hFile=0x2f4, lpBuffer=0x2608c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2608c60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.560] WriteFile (in: hFile=0x2f4, lpBuffer=0x2608c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2608c60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.560] WriteFile (in: hFile=0x2f4, lpBuffer=0x2608c60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2608c60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.561] WriteFile (in: hFile=0x2f4, lpBuffer=0x2608c60*, nNumberOfBytesToWrite=0x634, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2608c60*, lpNumberOfBytesWritten=0x14ec28*=0x634, lpOverlapped=0x0) returned 1 [0195.561] CloseHandle (hObject=0x2f4) returned 1 [0195.563] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv", lpFilePart=0x0) returned 0x37 [0195.564] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv.ampkcz", lpFilePart=0x0) returned 0x3e [0195.564] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0195.564] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\8lljmtpnmseysyg.csv"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde052540, ftCreationTime.dwHighDateTime=0x1d825e4, ftLastAccessTime.dwLowDateTime=0x6d621250, ftLastAccessTime.dwHighDateTime=0x1d82853, ftLastWriteTime.dwLowDateTime=0x62f732be, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x4634)) returned 1 [0195.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0195.564] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\8lljmtpnmseysyg.csv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8LljmtPnMSEYSYG.csv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\8lljmtpnmseysyg.csv.ampkcz")) returned 1 [0195.570] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv", lpFilePart=0x0) returned 0x39 [0195.570] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv", lpFilePart=0x0) returned 0x39 [0195.570] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv", dwFileAttributes=0x80) returned 1 [0195.571] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0195.571] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\8vi4 vdapz6ylx5sp.flv"), fInfoLevelId=0x0, lpFileInformation=0x260ac10 | out: lpFileInformation=0x260ac10*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x3c230220, ftCreationTime.dwHighDateTime=0x1d81ce7, ftLastAccessTime.dwLowDateTime=0xd569ebb0, ftLastAccessTime.dwHighDateTime=0x1d8202f, ftLastWriteTime.dwLowDateTime=0xd569ebb0, ftLastWriteTime.dwHighDateTime=0x1d8202f, nFileSizeHigh=0x0, nFileSizeLow=0x113f5)) returned 1 [0195.571] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0195.571] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv", lpFilePart=0x0) returned 0x39 [0195.572] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0195.572] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\8vi4 vdapz6ylx5sp.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0195.572] GetFileType (hFile=0x2f4) returned 0x1 [0195.572] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0195.572] GetFileType (hFile=0x2f4) returned 0x1 [0195.572] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x113f5 [0195.572] ReadFile (in: hFile=0x2f4, lpBuffer=0x260b0e0, nNumberOfBytesToRead=0x113f5, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x260b0e0*, lpNumberOfBytesRead=0x14ed68*=0x113f5, lpOverlapped=0x0) returned 1 [0195.573] CloseHandle (hObject=0x2f4) returned 1 [0195.993] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv", lpFilePart=0x0) returned 0x39 [0195.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0195.993] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\8vi4 vdapz6ylx5sp.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0195.997] GetFileType (hFile=0x2f4) returned 0x1 [0195.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0195.997] GetFileType (hFile=0x2f4) returned 0x1 [0195.997] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.998] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.999] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.999] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0195.999] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.000] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.000] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.000] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.001] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.001] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.001] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.002] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.002] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.002] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.002] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.003] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.003] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.004] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.004] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.005] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.005] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.005] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.006] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0196.006] WriteFile (in: hFile=0x2f4, lpBuffer=0x26c9580*, nNumberOfBytesToWrite=0xc8, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26c9580*, lpNumberOfBytesWritten=0x14ec28*=0xc8, lpOverlapped=0x0) returned 1 [0196.006] CloseHandle (hObject=0x2f4) returned 1 [0196.025] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv", lpFilePart=0x0) returned 0x39 [0196.026] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv.ampkcz", lpFilePart=0x0) returned 0x40 [0196.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0196.026] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\8vi4 vdapz6ylx5sp.flv"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c230220, ftCreationTime.dwHighDateTime=0x1d81ce7, ftLastAccessTime.dwLowDateTime=0xd569ebb0, ftLastAccessTime.dwHighDateTime=0x1d8202f, ftLastWriteTime.dwLowDateTime=0x633b504b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x170c8)) returned 1 [0196.026] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0196.026] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\8vi4 vdapz6ylx5sp.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\8Vi4 VdapZ6YLX5Sp.flv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\8vi4 vdapz6ylx5sp.flv.ampkcz")) returned 1 [0196.031] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp", lpFilePart=0x0) returned 0x2e [0196.031] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp", lpFilePart=0x0) returned 0x2e [0196.031] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp", dwFileAttributes=0x80) returned 1 [0196.033] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0196.033] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\bkuvlc.bmp"), fInfoLevelId=0x0, lpFileInformation=0x26caec8 | out: lpFileInformation=0x26caec8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xeb4c88e0, ftCreationTime.dwHighDateTime=0x1d829c4, ftLastAccessTime.dwLowDateTime=0xc7ac84b0, ftLastAccessTime.dwHighDateTime=0x1d829f8, ftLastWriteTime.dwLowDateTime=0xc7ac84b0, ftLastWriteTime.dwHighDateTime=0x1d829f8, nFileSizeHigh=0x0, nFileSizeLow=0xd28c)) returned 1 [0196.033] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0196.033] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp", lpFilePart=0x0) returned 0x2e [0196.033] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0196.033] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\bkuvlc.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0196.034] GetFileType (hFile=0x2f4) returned 0x1 [0196.034] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0196.034] GetFileType (hFile=0x2f4) returned 0x1 [0196.034] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xd28c [0196.034] ReadFile (in: hFile=0x2f4, lpBuffer=0x26cb320, nNumberOfBytesToRead=0xd28c, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x26cb320*, lpNumberOfBytesRead=0x14ed68*=0xd28c, lpOverlapped=0x0) returned 1 [0196.035] CloseHandle (hObject=0x2f4) returned 1 [0196.640] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp", lpFilePart=0x0) returned 0x2e [0196.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0196.640] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\bkuvlc.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0196.643] GetFileType (hFile=0x2f4) returned 0x1 [0196.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0196.643] GetFileType (hFile=0x2f4) returned 0x1 [0196.644] WriteFile (in: hFile=0x2f4, lpBuffer=0x259a4a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x259a4a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.645] WriteFile (in: hFile=0x2f4, lpBuffer=0x259a4a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x259a4a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.645] WriteFile (in: hFile=0x2f4, lpBuffer=0x259a4a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x259a4a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.646] WriteFile (in: hFile=0x2f4, lpBuffer=0x259a4a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x259a4a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.646] WriteFile (in: hFile=0x2f4, lpBuffer=0x259a4a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x259a4a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.646] WriteFile (in: hFile=0x2f4, lpBuffer=0x259a4a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x259a4a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.647] WriteFile (in: hFile=0x2f4, lpBuffer=0x259a4a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x259a4a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.647] WriteFile (in: hFile=0x2f4, lpBuffer=0x259a4a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x259a4a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.647] WriteFile (in: hFile=0x2f4, lpBuffer=0x259a4a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x259a4a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.648] WriteFile (in: hFile=0x2f4, lpBuffer=0x259a4a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x259a4a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.648] WriteFile (in: hFile=0x2f4, lpBuffer=0x259a4a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x259a4a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.648] WriteFile (in: hFile=0x2f4, lpBuffer=0x259a4a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x259a4a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.649] WriteFile (in: hFile=0x2f4, lpBuffer=0x259a4a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x259a4a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.649] WriteFile (in: hFile=0x2f4, lpBuffer=0x259a4a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x259a4a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.649] WriteFile (in: hFile=0x2f4, lpBuffer=0x259a4a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x259a4a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.650] WriteFile (in: hFile=0x2f4, lpBuffer=0x259a4a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x259a4a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.650] WriteFile (in: hFile=0x2f4, lpBuffer=0x259a4a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x259a4a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.650] WriteFile (in: hFile=0x2f4, lpBuffer=0x259a4a0*, nNumberOfBytesToWrite=0x988, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x259a4a0*, lpNumberOfBytesWritten=0x14ec28*=0x988, lpOverlapped=0x0) returned 1 [0196.650] CloseHandle (hObject=0x2f4) returned 1 [0196.674] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp", lpFilePart=0x0) returned 0x2e [0196.674] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp.ampkcz", lpFilePart=0x0) returned 0x35 [0196.674] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0196.674] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\bkuvlc.bmp"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb4c88e0, ftCreationTime.dwHighDateTime=0x1d829c4, ftLastAccessTime.dwLowDateTime=0xc7ac84b0, ftLastAccessTime.dwHighDateTime=0x1d829f8, ftLastWriteTime.dwLowDateTime=0x639d94bb, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x11988)) returned 1 [0196.674] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0196.674] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\bkuvlc.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\BKUVLc.bmp.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\bkuvlc.bmp.ampkcz")) returned 1 [0196.681] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a", lpFilePart=0x0) returned 0x38 [0196.681] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a", lpFilePart=0x0) returned 0x38 [0196.681] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a", dwFileAttributes=0x80) returned 1 [0196.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0196.683] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\bz0wfa-cphk_6rxp.m4a"), fInfoLevelId=0x0, lpFileInformation=0x259c3d0 | out: lpFileInformation=0x259c3d0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xaf992f60, ftCreationTime.dwHighDateTime=0x1d81df3, ftLastAccessTime.dwLowDateTime=0x23f58620, ftLastAccessTime.dwHighDateTime=0x1d8229e, ftLastWriteTime.dwLowDateTime=0x23f58620, ftLastWriteTime.dwHighDateTime=0x1d8229e, nFileSizeHigh=0x0, nFileSizeLow=0x10585)) returned 1 [0196.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0196.683] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a", lpFilePart=0x0) returned 0x38 [0196.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0196.683] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\bz0wfa-cphk_6rxp.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0196.683] GetFileType (hFile=0x2f4) returned 0x1 [0196.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0196.683] GetFileType (hFile=0x2f4) returned 0x1 [0196.683] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x10585 [0196.683] ReadFile (in: hFile=0x2f4, lpBuffer=0x259c8a0, nNumberOfBytesToRead=0x10585, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x259c8a0*, lpNumberOfBytesRead=0x14ed68*=0x10585, lpOverlapped=0x0) returned 1 [0196.685] CloseHandle (hObject=0x2f4) returned 1 [0196.983] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a", lpFilePart=0x0) returned 0x38 [0196.983] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0196.983] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\bz0wfa-cphk_6rxp.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0196.990] GetFileType (hFile=0x2f4) returned 0x1 [0196.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0196.990] GetFileType (hFile=0x2f4) returned 0x1 [0196.990] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.991] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.991] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.992] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.992] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.993] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.993] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.993] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.994] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.994] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.994] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.995] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.995] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.995] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.996] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.996] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.996] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.997] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.997] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.997] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.998] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0196.998] WriteFile (in: hFile=0x2f4, lpBuffer=0x2657380*, nNumberOfBytesToWrite=0xd88, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2657380*, lpNumberOfBytesWritten=0x14ec28*=0xd88, lpOverlapped=0x0) returned 1 [0196.998] CloseHandle (hObject=0x2f4) returned 1 [0197.003] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a", lpFilePart=0x0) returned 0x38 [0197.003] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a.ampkcz", lpFilePart=0x0) returned 0x3f [0197.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0197.003] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\bz0wfa-cphk_6rxp.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf992f60, ftCreationTime.dwHighDateTime=0x1d81df3, ftLastAccessTime.dwLowDateTime=0x23f58620, ftLastAccessTime.dwHighDateTime=0x1d8229e, ftLastWriteTime.dwLowDateTime=0x63d2a8f3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x15d88)) returned 1 [0197.003] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0197.003] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\bz0wfa-cphk_6rxp.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\bz0WFA-cPHK_6RXp.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\bz0wfa-cphk_6rxp.m4a.ampkcz")) returned 1 [0197.010] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif", lpFilePart=0x0) returned 0x2f [0197.010] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif", lpFilePart=0x0) returned 0x2f [0197.010] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif", dwFileAttributes=0x80) returned 1 [0197.011] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0197.011] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\ggv8wxb.gif"), fInfoLevelId=0x0, lpFileInformation=0x2659870 | out: lpFileInformation=0x2659870*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xefad3610, ftCreationTime.dwHighDateTime=0x1d826b2, ftLastAccessTime.dwLowDateTime=0x86ecf760, ftLastAccessTime.dwHighDateTime=0x1d8286e, ftLastWriteTime.dwLowDateTime=0x86ecf760, ftLastWriteTime.dwHighDateTime=0x1d8286e, nFileSizeHigh=0x0, nFileSizeLow=0xa2c1)) returned 1 [0197.012] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0197.012] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif", lpFilePart=0x0) returned 0x2f [0197.012] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0197.012] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\ggv8wxb.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0197.012] GetFileType (hFile=0x2f4) returned 0x1 [0197.012] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0197.012] GetFileType (hFile=0x2f4) returned 0x1 [0197.012] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xa2c1 [0197.012] ReadFile (in: hFile=0x2f4, lpBuffer=0x2659cc8, nNumberOfBytesToRead=0xa2c1, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2659cc8*, lpNumberOfBytesRead=0x14ed68*=0xa2c1, lpOverlapped=0x0) returned 1 [0197.013] CloseHandle (hObject=0x2f4) returned 1 [0197.553] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif", lpFilePart=0x0) returned 0x2f [0197.553] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0197.553] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\ggv8wxb.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0197.568] GetFileType (hFile=0x2f4) returned 0x1 [0197.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0197.568] GetFileType (hFile=0x2f4) returned 0x1 [0197.568] WriteFile (in: hFile=0x2f4, lpBuffer=0x2710210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0197.569] WriteFile (in: hFile=0x2f4, lpBuffer=0x2710210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0197.569] WriteFile (in: hFile=0x2f4, lpBuffer=0x2710210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0197.570] WriteFile (in: hFile=0x2f4, lpBuffer=0x2710210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0197.570] WriteFile (in: hFile=0x2f4, lpBuffer=0x2710210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0197.570] WriteFile (in: hFile=0x2f4, lpBuffer=0x2710210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0197.580] WriteFile (in: hFile=0x2f4, lpBuffer=0x2710210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0197.580] WriteFile (in: hFile=0x2f4, lpBuffer=0x2710210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0197.581] WriteFile (in: hFile=0x2f4, lpBuffer=0x2710210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0197.581] WriteFile (in: hFile=0x2f4, lpBuffer=0x2710210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0197.581] WriteFile (in: hFile=0x2f4, lpBuffer=0x2710210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0197.582] WriteFile (in: hFile=0x2f4, lpBuffer=0x2710210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0197.582] WriteFile (in: hFile=0x2f4, lpBuffer=0x2710210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0197.582] WriteFile (in: hFile=0x2f4, lpBuffer=0x2710210*, nNumberOfBytesToWrite=0x9e0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2710210*, lpNumberOfBytesWritten=0x14ec28*=0x9e0, lpOverlapped=0x0) returned 1 [0197.582] CloseHandle (hObject=0x2f4) returned 1 [0197.616] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif", lpFilePart=0x0) returned 0x2f [0197.616] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif.ampkcz", lpFilePart=0x0) returned 0x36 [0197.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0197.617] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\ggv8wxb.gif"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefad3610, ftCreationTime.dwHighDateTime=0x1d826b2, ftLastAccessTime.dwLowDateTime=0x86ecf760, ftLastAccessTime.dwHighDateTime=0x1d8286e, ftLastWriteTime.dwLowDateTime=0x642bddf8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd9e0)) returned 1 [0197.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0197.617] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\ggv8wxb.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\ggv8WxB.gif.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\ggv8wxb.gif.ampkcz")) returned 1 [0197.638] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3", lpFilePart=0x0) returned 0x35 [0197.638] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3", lpFilePart=0x0) returned 0x35 [0197.638] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3", dwFileAttributes=0x80) returned 1 [0197.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0197.642] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\jhyj2fcvg5iar.mp3"), fInfoLevelId=0x0, lpFileInformation=0x2711a08 | out: lpFileInformation=0x2711a08*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x9d72fbe0, ftCreationTime.dwHighDateTime=0x1d823de, ftLastAccessTime.dwLowDateTime=0x677989e0, ftLastAccessTime.dwHighDateTime=0x1d82605, ftLastWriteTime.dwLowDateTime=0x677989e0, ftLastWriteTime.dwHighDateTime=0x1d82605, nFileSizeHigh=0x0, nFileSizeLow=0x3c2b)) returned 1 [0197.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0197.642] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3", lpFilePart=0x0) returned 0x35 [0197.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0197.642] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\jhyj2fcvg5iar.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0197.642] GetFileType (hFile=0x2f4) returned 0x1 [0197.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0197.642] GetFileType (hFile=0x2f4) returned 0x1 [0197.642] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x3c2b [0197.643] ReadFile (in: hFile=0x2f4, lpBuffer=0x2711eb0, nNumberOfBytesToRead=0x3c2b, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2711eb0*, lpNumberOfBytesRead=0x14ed68*=0x3c2b, lpOverlapped=0x0) returned 1 [0197.643] CloseHandle (hObject=0x2f4) returned 1 [0198.113] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3", lpFilePart=0x0) returned 0x35 [0198.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0198.113] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\jhyj2fcvg5iar.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0198.117] GetFileType (hFile=0x2f4) returned 0x1 [0198.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0198.117] GetFileType (hFile=0x2f4) returned 0x1 [0198.118] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ba050*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ba050*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0198.120] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ba050*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ba050*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0198.120] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ba050*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ba050*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0198.120] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ba050*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ba050*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0198.121] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ba050*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x25ba050*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0198.121] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ba050*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25ba050*, lpNumberOfBytesWritten=0x14ec28*=0x108, lpOverlapped=0x0) returned 1 [0198.121] CloseHandle (hObject=0x2f4) returned 1 [0198.138] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3", lpFilePart=0x0) returned 0x35 [0198.139] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3.ampkcz", lpFilePart=0x0) returned 0x3c [0198.139] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0198.139] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\jhyj2fcvg5iar.mp3"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d72fbe0, ftCreationTime.dwHighDateTime=0x1d823de, ftLastAccessTime.dwLowDateTime=0x677989e0, ftLastAccessTime.dwHighDateTime=0x1d82605, ftLastWriteTime.dwLowDateTime=0x647de7ee, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x5108)) returned 1 [0198.139] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0198.139] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\jhyj2fcvg5iar.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\JHyJ2FcVg5iar.mp3.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\jhyj2fcvg5iar.mp3.ampkcz")) returned 1 [0198.142] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3", lpFilePart=0x0) returned 0x34 [0198.142] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3", lpFilePart=0x0) returned 0x34 [0198.142] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3", dwFileAttributes=0x80) returned 1 [0198.143] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0198.143] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\mb4ez1kky5cs.mp3"), fInfoLevelId=0x0, lpFileInformation=0x25bb878 | out: lpFileInformation=0x25bb878*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x71191240, ftCreationTime.dwHighDateTime=0x1d81d4f, ftLastAccessTime.dwLowDateTime=0xa3f402c0, ftLastAccessTime.dwHighDateTime=0x1d82587, ftLastWriteTime.dwLowDateTime=0xa3f402c0, ftLastWriteTime.dwHighDateTime=0x1d82587, nFileSizeHigh=0x0, nFileSizeLow=0x19d8)) returned 1 [0198.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0198.144] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3", lpFilePart=0x0) returned 0x34 [0198.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0198.144] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\mb4ez1kky5cs.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0198.144] GetFileType (hFile=0x2f4) returned 0x1 [0198.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0198.144] GetFileType (hFile=0x2f4) returned 0x1 [0198.144] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x19d8 [0198.144] ReadFile (in: hFile=0x2f4, lpBuffer=0x25bbd20, nNumberOfBytesToRead=0x19d8, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25bbd20*, lpNumberOfBytesRead=0x14ed68*=0x19d8, lpOverlapped=0x0) returned 1 [0198.145] CloseHandle (hObject=0x2f4) returned 1 [0198.652] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3", lpFilePart=0x0) returned 0x34 [0198.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0198.653] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\mb4ez1kky5cs.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0198.675] GetFileType (hFile=0x2f4) returned 0x1 [0198.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0198.675] GetFileType (hFile=0x2f4) returned 0x1 [0198.675] WriteFile (in: hFile=0x2f4, lpBuffer=0x26478b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26478b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0198.676] WriteFile (in: hFile=0x2f4, lpBuffer=0x26478b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x26478b0*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0198.677] WriteFile (in: hFile=0x2f4, lpBuffer=0x26478b0*, nNumberOfBytesToWrite=0x348, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26478b0*, lpNumberOfBytesWritten=0x14ec28*=0x348, lpOverlapped=0x0) returned 1 [0198.677] CloseHandle (hObject=0x2f4) returned 1 [0198.680] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3", lpFilePart=0x0) returned 0x34 [0198.680] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3.ampkcz", lpFilePart=0x0) returned 0x3b [0198.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0198.680] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\mb4ez1kky5cs.mp3"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71191240, ftCreationTime.dwHighDateTime=0x1d81d4f, ftLastAccessTime.dwLowDateTime=0xa3f402c0, ftLastAccessTime.dwHighDateTime=0x1d82587, ftLastWriteTime.dwLowDateTime=0x64d295a4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2348)) returned 1 [0198.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0198.681] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\mb4ez1kky5cs.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mB4Ez1kKY5Cs.mp3.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\mb4ez1kky5cs.mp3.ampkcz")) returned 1 [0198.683] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg", lpFilePart=0x0) returned 0x3c [0198.683] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg", lpFilePart=0x0) returned 0x3c [0198.683] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg", dwFileAttributes=0x80) returned 1 [0198.685] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0198.685] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\mfs5gb9z3uguw495hmez.jpg"), fInfoLevelId=0x0, lpFileInformation=0x2648d68 | out: lpFileInformation=0x2648d68*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x51b8e290, ftCreationTime.dwHighDateTime=0x1d822d1, ftLastAccessTime.dwLowDateTime=0x9cb3d000, ftLastAccessTime.dwHighDateTime=0x1d8232d, ftLastWriteTime.dwLowDateTime=0x9cb3d000, ftLastWriteTime.dwHighDateTime=0x1d8232d, nFileSizeHigh=0x0, nFileSizeLow=0x551f)) returned 1 [0198.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0198.685] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg", lpFilePart=0x0) returned 0x3c [0198.685] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0198.685] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\mfs5gb9z3uguw495hmez.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0198.685] GetFileType (hFile=0x2f4) returned 0x1 [0198.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0198.685] GetFileType (hFile=0x2f4) returned 0x1 [0198.685] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x551f [0198.686] ReadFile (in: hFile=0x2f4, lpBuffer=0x2649260, nNumberOfBytesToRead=0x551f, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2649260*, lpNumberOfBytesRead=0x14ed68*=0x551f, lpOverlapped=0x0) returned 1 [0198.687] CloseHandle (hObject=0x2f4) returned 1 [0199.119] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg", lpFilePart=0x0) returned 0x3c [0199.119] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0199.119] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\mfs5gb9z3uguw495hmez.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0199.123] GetFileType (hFile=0x2f4) returned 0x1 [0199.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0199.123] GetFileType (hFile=0x2f4) returned 0x1 [0199.123] WriteFile (in: hFile=0x2f4, lpBuffer=0x26fed98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26fed98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.124] WriteFile (in: hFile=0x2f4, lpBuffer=0x26fed98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26fed98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.125] WriteFile (in: hFile=0x2f4, lpBuffer=0x26fed98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26fed98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.125] WriteFile (in: hFile=0x2f4, lpBuffer=0x26fed98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26fed98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.125] WriteFile (in: hFile=0x2f4, lpBuffer=0x26fed98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26fed98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.126] WriteFile (in: hFile=0x2f4, lpBuffer=0x26fed98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26fed98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.126] WriteFile (in: hFile=0x2f4, lpBuffer=0x26fed98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x26fed98*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0199.126] WriteFile (in: hFile=0x2f4, lpBuffer=0x26fed98*, nNumberOfBytesToWrite=0x248, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26fed98*, lpNumberOfBytesWritten=0x14ec28*=0x248, lpOverlapped=0x0) returned 1 [0199.126] CloseHandle (hObject=0x2f4) returned 1 [0199.143] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg", lpFilePart=0x0) returned 0x3c [0199.143] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg.ampkcz", lpFilePart=0x0) returned 0x43 [0199.143] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0199.143] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\mfs5gb9z3uguw495hmez.jpg"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51b8e290, ftCreationTime.dwHighDateTime=0x1d822d1, ftLastAccessTime.dwLowDateTime=0x9cb3d000, ftLastAccessTime.dwHighDateTime=0x1d8232d, ftLastWriteTime.dwLowDateTime=0x65173735, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x7248)) returned 1 [0199.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0199.143] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\mfs5gb9z3uguw495hmez.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\mFs5gB9Z3Uguw495HmEZ.jpg.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\mfs5gb9z3uguw495hmez.jpg.ampkcz")) returned 1 [0199.146] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx", lpFilePart=0x0) returned 0x33 [0199.146] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx", lpFilePart=0x0) returned 0x33 [0199.146] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx", dwFileAttributes=0x80) returned 1 [0199.148] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0199.148] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\rpzmf9djf1.pptx"), fInfoLevelId=0x0, lpFileInformation=0x2700218 | out: lpFileInformation=0x2700218*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc9befbf0, ftCreationTime.dwHighDateTime=0x1d81cfd, ftLastAccessTime.dwLowDateTime=0x87f76dc0, ftLastAccessTime.dwHighDateTime=0x1d82756, ftLastWriteTime.dwLowDateTime=0x87f76dc0, ftLastWriteTime.dwHighDateTime=0x1d82756, nFileSizeHigh=0x0, nFileSizeLow=0x12b15)) returned 1 [0199.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0199.148] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx", lpFilePart=0x0) returned 0x33 [0199.148] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0199.148] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\rpzmf9djf1.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0199.149] GetFileType (hFile=0x2f4) returned 0x1 [0199.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0199.149] GetFileType (hFile=0x2f4) returned 0x1 [0199.149] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x12b15 [0199.149] ReadFile (in: hFile=0x2f4, lpBuffer=0x2700698, nNumberOfBytesToRead=0x12b15, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2700698*, lpNumberOfBytesRead=0x14ed68*=0x12b15, lpOverlapped=0x0) returned 1 [0199.150] CloseHandle (hObject=0x2f4) returned 1 [0199.717] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx", lpFilePart=0x0) returned 0x33 [0199.717] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0199.717] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\rpzmf9djf1.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0199.720] GetFileType (hFile=0x2f4) returned 0x1 [0199.720] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0199.720] GetFileType (hFile=0x2f4) returned 0x1 [0199.720] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.721] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.722] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.722] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.722] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.723] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.723] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.723] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.724] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.724] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.724] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.725] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.725] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.725] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.726] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.726] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.726] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.726] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.727] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.727] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.727] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.728] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.728] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.728] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0199.729] WriteFile (in: hFile=0x2f4, lpBuffer=0x2532c38*, nNumberOfBytesToWrite=0xfa0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2532c38*, lpNumberOfBytesWritten=0x14ec28*=0xfa0, lpOverlapped=0x0) returned 1 [0199.729] CloseHandle (hObject=0x2f4) returned 1 [0199.734] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx", lpFilePart=0x0) returned 0x33 [0199.734] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx.ampkcz", lpFilePart=0x0) returned 0x3a [0199.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0199.734] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\rpzmf9djf1.pptx"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9befbf0, ftCreationTime.dwHighDateTime=0x1d81cfd, ftLastAccessTime.dwLowDateTime=0x87f76dc0, ftLastAccessTime.dwHighDateTime=0x1d82756, ftLastWriteTime.dwLowDateTime=0x65736b6e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x18fa0)) returned 1 [0199.734] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0199.734] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\rpzmf9djf1.pptx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\RPzmf9DjF1.pptx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\rpzmf9djf1.pptx.ampkcz")) returned 1 [0199.737] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx", lpFilePart=0x0) returned 0x34 [0199.737] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx", lpFilePart=0x0) returned 0x34 [0199.737] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx", dwFileAttributes=0x80) returned 1 [0199.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0199.754] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\sjwywkmiarj.docx"), fInfoLevelId=0x0, lpFileInformation=0x2533fe8 | out: lpFileInformation=0x2533fe8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8a169430, ftCreationTime.dwHighDateTime=0x1d828ca, ftLastAccessTime.dwLowDateTime=0x5fd5e050, ftLastAccessTime.dwHighDateTime=0x1d8290f, ftLastWriteTime.dwLowDateTime=0x5fd5e050, ftLastWriteTime.dwHighDateTime=0x1d8290f, nFileSizeHigh=0x0, nFileSizeLow=0xc0d2)) returned 1 [0199.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0199.755] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx", lpFilePart=0x0) returned 0x34 [0199.755] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0199.755] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\sjwywkmiarj.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0199.755] GetFileType (hFile=0x2f4) returned 0x1 [0199.757] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0199.757] GetFileType (hFile=0x2f4) returned 0x1 [0199.757] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xc0d2 [0199.757] ReadFile (in: hFile=0x2f4, lpBuffer=0x2534490, nNumberOfBytesToRead=0xc0d2, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2534490*, lpNumberOfBytesRead=0x14ed68*=0xc0d2, lpOverlapped=0x0) returned 1 [0199.759] CloseHandle (hObject=0x2f4) returned 1 [0200.200] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx", lpFilePart=0x0) returned 0x34 [0200.200] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0200.200] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\sjwywkmiarj.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0200.219] GetFileType (hFile=0x2f4) returned 0x1 [0200.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0200.219] GetFileType (hFile=0x2f4) returned 0x1 [0200.220] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ddca0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ddca0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.221] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ddca0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ddca0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.221] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ddca0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ddca0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.222] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ddca0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ddca0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.223] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ddca0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ddca0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.224] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ddca0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ddca0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.224] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ddca0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ddca0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.224] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ddca0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ddca0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.225] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ddca0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ddca0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.225] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ddca0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ddca0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.225] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ddca0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ddca0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.226] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ddca0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ddca0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.226] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ddca0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ddca0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.226] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ddca0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ddca0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.227] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ddca0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ddca0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.227] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ddca0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x25ddca0*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0200.227] WriteFile (in: hFile=0x2f4, lpBuffer=0x25ddca0*, nNumberOfBytesToWrite=0x1f4, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25ddca0*, lpNumberOfBytesWritten=0x14ec28*=0x1f4, lpOverlapped=0x0) returned 1 [0200.227] CloseHandle (hObject=0x2f4) returned 1 [0200.231] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx", lpFilePart=0x0) returned 0x34 [0200.231] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx.ampkcz", lpFilePart=0x0) returned 0x3b [0200.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0200.231] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\sjwywkmiarj.docx"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a169430, ftCreationTime.dwHighDateTime=0x1d828ca, ftLastAccessTime.dwLowDateTime=0x5fd5e050, ftLastAccessTime.dwHighDateTime=0x1d8290f, ftLastWriteTime.dwLowDateTime=0x65bf65c8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x101f4)) returned 1 [0200.265] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0200.265] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\sjwywkmiarj.docx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\SjWyWkMIArJ.docx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\sjwywkmiarj.docx.ampkcz")) returned 1 [0200.271] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv", lpFilePart=0x0) returned 0x33 [0200.271] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv", lpFilePart=0x0) returned 0x33 [0200.272] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv", dwFileAttributes=0x80) returned 1 [0200.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0200.274] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\vadyx2_l0xn.flv"), fInfoLevelId=0x0, lpFileInformation=0x25dfc30 | out: lpFileInformation=0x25dfc30*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x104a9650, ftCreationTime.dwHighDateTime=0x1d81a02, ftLastAccessTime.dwLowDateTime=0x56f29500, ftLastAccessTime.dwHighDateTime=0x1d8247d, ftLastWriteTime.dwLowDateTime=0x56f29500, ftLastWriteTime.dwHighDateTime=0x1d8247d, nFileSizeHigh=0x0, nFileSizeLow=0x137ae)) returned 1 [0200.274] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0200.274] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv", lpFilePart=0x0) returned 0x33 [0200.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0200.274] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\vadyx2_l0xn.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0200.274] GetFileType (hFile=0x2f4) returned 0x1 [0200.274] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0200.274] GetFileType (hFile=0x2f4) returned 0x1 [0200.274] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x137ae [0200.274] ReadFile (in: hFile=0x2f4, lpBuffer=0x25e00b0, nNumberOfBytesToRead=0x137ae, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25e00b0*, lpNumberOfBytesRead=0x14ed68*=0x137ae, lpOverlapped=0x0) returned 1 [0200.276] CloseHandle (hObject=0x2f4) returned 1 [0200.720] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv", lpFilePart=0x0) returned 0x33 [0200.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0200.720] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\vadyx2_l0xn.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0200.725] GetFileType (hFile=0x2f4) returned 0x1 [0200.725] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0200.725] GetFileType (hFile=0x2f4) returned 0x1 [0200.725] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.727] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.727] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.727] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.732] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.733] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.733] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.733] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.734] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.734] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.735] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.735] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.735] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.736] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.736] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.736] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.737] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.737] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.737] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.738] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.738] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.738] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.739] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.739] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.739] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0200.739] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0200.740] WriteFile (in: hFile=0x2f4, lpBuffer=0x26a73f0*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26a73f0*, lpNumberOfBytesWritten=0x14ec28*=0x60, lpOverlapped=0x0) returned 1 [0200.740] CloseHandle (hObject=0x2f4) returned 1 [0200.752] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv", lpFilePart=0x0) returned 0x33 [0200.752] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv.ampkcz", lpFilePart=0x0) returned 0x3a [0200.752] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0200.752] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\vadyx2_l0xn.flv"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9650, ftCreationTime.dwHighDateTime=0x1d81a02, ftLastAccessTime.dwLowDateTime=0x56f29500, ftLastAccessTime.dwHighDateTime=0x1d8247d, ftLastWriteTime.dwLowDateTime=0x660c8754, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a060)) returned 1 [0200.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0200.753] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\vadyx2_l0xn.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\VADyx2_L0xN.flv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\vadyx2_l0xn.flv.ampkcz")) returned 1 [0200.844] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods", lpFilePart=0x0) returned 0x3a [0200.844] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods", lpFilePart=0x0) returned 0x3a [0200.844] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods", dwFileAttributes=0x80) returned 1 [0200.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0200.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\vxhgv8mravscokv5f5.ods"), fInfoLevelId=0x0, lpFileInformation=0x26a9798 | out: lpFileInformation=0x26a9798*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1ee1500, ftCreationTime.dwHighDateTime=0x1d8225e, ftLastAccessTime.dwLowDateTime=0x25426d90, ftLastAccessTime.dwHighDateTime=0x1d829a6, ftLastWriteTime.dwLowDateTime=0x25426d90, ftLastWriteTime.dwHighDateTime=0x1d829a6, nFileSizeHigh=0x0, nFileSizeLow=0x1866e)) returned 1 [0200.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0200.850] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods", lpFilePart=0x0) returned 0x3a [0200.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0200.850] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\vxhgv8mravscokv5f5.ods"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0200.850] GetFileType (hFile=0x2f4) returned 0x1 [0200.850] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0200.850] GetFileType (hFile=0x2f4) returned 0x1 [0200.850] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x1866e [0200.851] ReadFile (in: hFile=0x2f4, lpBuffer=0x126757d8, nNumberOfBytesToRead=0x1866e, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x126757d8*, lpNumberOfBytesRead=0x14ed68*=0x1866e, lpOverlapped=0x0) returned 1 [0200.854] CloseHandle (hObject=0x2f4) returned 1 [0201.376] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods", lpFilePart=0x0) returned 0x3a [0201.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0201.376] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\vxhgv8mravscokv5f5.ods"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0201.383] GetFileType (hFile=0x2f4) returned 0x1 [0201.383] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0201.383] GetFileType (hFile=0x2f4) returned 0x1 [0201.383] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.384] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.385] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.385] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.386] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.386] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.393] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.393] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.394] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.394] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.394] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.395] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.395] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.396] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.396] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.396] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.397] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.397] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.398] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.398] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.398] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.399] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.399] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.399] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.400] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.400] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.401] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.401] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.401] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.402] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.402] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.403] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.403] WriteFile (in: hFile=0x2f4, lpBuffer=0x27230c8*, nNumberOfBytesToWrite=0x960, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x27230c8*, lpNumberOfBytesWritten=0x14ec28*=0x960, lpOverlapped=0x0) returned 1 [0201.403] CloseHandle (hObject=0x2f4) returned 1 [0201.411] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods", lpFilePart=0x0) returned 0x3a [0201.411] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods.ampkcz", lpFilePart=0x0) returned 0x41 [0201.411] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0201.412] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\vxhgv8mravscokv5f5.ods"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ee1500, ftCreationTime.dwHighDateTime=0x1d8225e, ftLastAccessTime.dwLowDateTime=0x25426d90, ftLastAccessTime.dwHighDateTime=0x1d829a6, ftLastWriteTime.dwLowDateTime=0x66732100, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x20960)) returned 1 [0201.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0201.412] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\vxhgv8mravscokv5f5.ods"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\vXhGV8MRaVScOkV5f5.ods.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\vxhgv8mravscokv5f5.ods.ampkcz")) returned 1 [0201.422] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a", lpFilePart=0x0) returned 0x31 [0201.422] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a", lpFilePart=0x0) returned 0x31 [0201.422] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a", dwFileAttributes=0x80) returned 1 [0201.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0201.424] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\wtyymq00n.m4a"), fInfoLevelId=0x0, lpFileInformation=0x2725030 | out: lpFileInformation=0x2725030*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd36485d0, ftCreationTime.dwHighDateTime=0x1d82671, ftLastAccessTime.dwLowDateTime=0x5e9bed80, ftLastAccessTime.dwHighDateTime=0x1d8280e, ftLastWriteTime.dwLowDateTime=0x5e9bed80, ftLastWriteTime.dwHighDateTime=0x1d8280e, nFileSizeHigh=0x0, nFileSizeLow=0x3698)) returned 1 [0201.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0201.424] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a", lpFilePart=0x0) returned 0x31 [0201.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0201.424] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\wtyymq00n.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0201.424] GetFileType (hFile=0x2f4) returned 0x1 [0201.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0201.424] GetFileType (hFile=0x2f4) returned 0x1 [0201.424] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x3698 [0201.424] ReadFile (in: hFile=0x2f4, lpBuffer=0x27254b0, nNumberOfBytesToRead=0x3698, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x27254b0*, lpNumberOfBytesRead=0x14ed68*=0x3698, lpOverlapped=0x0) returned 1 [0201.425] CloseHandle (hObject=0x2f4) returned 1 [0201.806] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a", lpFilePart=0x0) returned 0x31 [0201.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0201.806] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\wtyymq00n.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x2f4 [0201.813] GetFileType (hFile=0x2f4) returned 0x1 [0201.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0201.814] GetFileType (hFile=0x2f4) returned 0x1 [0201.815] WriteFile (in: hFile=0x2f4, lpBuffer=0x25c7a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c7a28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.816] WriteFile (in: hFile=0x2f4, lpBuffer=0x25c7a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c7a28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.816] WriteFile (in: hFile=0x2f4, lpBuffer=0x25c7a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c7a28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.817] WriteFile (in: hFile=0x2f4, lpBuffer=0x25c7a28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c7a28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0201.817] WriteFile (in: hFile=0x2f4, lpBuffer=0x25c7a28*, nNumberOfBytesToWrite=0x9a0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25c7a28*, lpNumberOfBytesWritten=0x14ec28*=0x9a0, lpOverlapped=0x0) returned 1 [0201.817] CloseHandle (hObject=0x2f4) returned 1 [0201.822] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a", lpFilePart=0x0) returned 0x31 [0201.822] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a.ampkcz", lpFilePart=0x0) returned 0x38 [0201.822] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0201.822] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\wtyymq00n.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd36485d0, ftCreationTime.dwHighDateTime=0x1d82671, ftLastAccessTime.dwLowDateTime=0x5e9bed80, ftLastAccessTime.dwHighDateTime=0x1d8280e, ftLastWriteTime.dwLowDateTime=0x66b1fb0d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x49a0)) returned 1 [0201.823] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0201.823] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\wtyymq00n.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\WTyYMq00n.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\wtyymq00n.m4a.ampkcz")) returned 1 [0201.826] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png", lpFilePart=0x0) returned 0x32 [0201.826] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png", lpFilePart=0x0) returned 0x32 [0201.826] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png", dwFileAttributes=0x80) returned 1 [0201.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0201.827] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\y_ku-plvvx.png"), fInfoLevelId=0x0, lpFileInformation=0x25c8f60 | out: lpFileInformation=0x25c8f60*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4d025c90, ftCreationTime.dwHighDateTime=0x1d820a6, ftLastAccessTime.dwLowDateTime=0xf2464730, ftLastAccessTime.dwHighDateTime=0x1d82172, ftLastWriteTime.dwLowDateTime=0xf2464730, ftLastWriteTime.dwHighDateTime=0x1d82172, nFileSizeHigh=0x0, nFileSizeLow=0x635)) returned 1 [0201.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0201.827] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png", lpFilePart=0x0) returned 0x32 [0201.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0201.827] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\y_ku-plvvx.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x2f4 [0201.827] GetFileType (hFile=0x2f4) returned 0x1 [0201.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0201.828] GetFileType (hFile=0x2f4) returned 0x1 [0201.828] GetFileSize (in: hFile=0x2f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x635 [0201.828] ReadFile (in: hFile=0x2f4, lpBuffer=0x25c9a30, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25c9a30*, lpNumberOfBytesRead=0x14ed68*=0x635, lpOverlapped=0x0) returned 1 [0201.829] CloseHandle (hObject=0x2f4) returned 1 [0202.333] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png", lpFilePart=0x0) returned 0x32 [0202.333] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0202.333] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\y_ku-plvvx.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0202.432] GetFileType (hFile=0x1f4) returned 0x1 [0202.432] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0202.432] GetFileType (hFile=0x1f4) returned 0x1 [0202.433] WriteFile (in: hFile=0x1f4, lpBuffer=0x2648120*, nNumberOfBytesToWrite=0x920, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2648120*, lpNumberOfBytesWritten=0x14ec28*=0x920, lpOverlapped=0x0) returned 1 [0202.434] CloseHandle (hObject=0x1f4) returned 1 [0202.442] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png", lpFilePart=0x0) returned 0x32 [0202.442] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png.ampkcz", lpFilePart=0x0) returned 0x39 [0202.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0202.442] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\y_ku-plvvx.png"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d025c90, ftCreationTime.dwHighDateTime=0x1d820a6, ftLastAccessTime.dwLowDateTime=0xf2464730, ftLastAccessTime.dwHighDateTime=0x1d82172, ftLastWriteTime.dwLowDateTime=0x670fe283, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x920)) returned 1 [0202.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0202.442] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\y_ku-plvvx.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\Y_Ku-Plvvx.png.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\desktop\\bjr3u\\y_ku-plvvx.png.ampkcz")) returned 1 [0202.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0202.461] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u", lpFilePart=0x0) returned 0x23 [0202.461] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\", lpFilePart=0x0) returned 0x24 [0202.461] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91746cd0, ftCreationTime.dwHighDateTime=0x1d828ce, ftLastAccessTime.dwLowDateTime=0x6710feb0, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6710feb0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687cd0 [0202.462] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91746cd0, ftCreationTime.dwHighDateTime=0x1d828ce, ftLastAccessTime.dwLowDateTime=0x6710feb0, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6710feb0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.462] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d0ed080, ftCreationTime.dwHighDateTime=0x1d8262f, ftLastAccessTime.dwLowDateTime=0x57392270, ftLastAccessTime.dwHighDateTime=0x1d826c3, ftLastWriteTime.dwLowDateTime=0x624de466, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x12248, dwReserved0=0x0, dwReserved1=0x0, cFileName="2HtL-q.csv.ampkcz", cAlternateFileName="2HTL-Q~1.AMP")) returned 1 [0202.462] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x454e2e00, ftCreationTime.dwHighDateTime=0x1d81af9, ftLastAccessTime.dwLowDateTime=0x59375bc0, ftLastAccessTime.dwHighDateTime=0x1d82347, ftLastWriteTime.dwLowDateTime=0x62a8631f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="7Bsy4NSMiVQmfv8k.m4a.ampkcz", cAlternateFileName="7BSY4N~1.AMP")) returned 1 [0202.462] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde052540, ftCreationTime.dwHighDateTime=0x1d825e4, ftLastAccessTime.dwLowDateTime=0x6d621250, ftLastAccessTime.dwHighDateTime=0x1d82853, ftLastWriteTime.dwLowDateTime=0x62f732be, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x4634, dwReserved0=0x0, dwReserved1=0x0, cFileName="8LljmtPnMSEYSYG.csv.ampkcz", cAlternateFileName="8LLJMT~1.AMP")) returned 1 [0202.463] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c230220, ftCreationTime.dwHighDateTime=0x1d81ce7, ftLastAccessTime.dwLowDateTime=0xd569ebb0, ftLastAccessTime.dwHighDateTime=0x1d8202f, ftLastWriteTime.dwLowDateTime=0x633b504b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x170c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="8Vi4 VdapZ6YLX5Sp.flv.ampkcz", cAlternateFileName="8VI4VD~1.AMP")) returned 1 [0202.463] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb4c88e0, ftCreationTime.dwHighDateTime=0x1d829c4, ftLastAccessTime.dwLowDateTime=0xc7ac84b0, ftLastAccessTime.dwHighDateTime=0x1d829f8, ftLastWriteTime.dwLowDateTime=0x639d94bb, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x11988, dwReserved0=0x0, dwReserved1=0x0, cFileName="BKUVLc.bmp.ampkcz", cAlternateFileName="BKUVLC~1.AMP")) returned 1 [0202.463] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf992f60, ftCreationTime.dwHighDateTime=0x1d81df3, ftLastAccessTime.dwLowDateTime=0x23f58620, ftLastAccessTime.dwHighDateTime=0x1d8229e, ftLastWriteTime.dwLowDateTime=0x63d2a8f3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x15d88, dwReserved0=0x0, dwReserved1=0x0, cFileName="bz0WFA-cPHK_6RXp.m4a.ampkcz", cAlternateFileName="BZ0WFA~1.AMP")) returned 1 [0202.463] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefad3610, ftCreationTime.dwHighDateTime=0x1d826b2, ftLastAccessTime.dwLowDateTime=0x86ecf760, ftLastAccessTime.dwHighDateTime=0x1d8286e, ftLastWriteTime.dwLowDateTime=0x642bddf8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd9e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ggv8WxB.gif.ampkcz", cAlternateFileName="GGV8WX~1.AMP")) returned 1 [0202.464] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d72fbe0, ftCreationTime.dwHighDateTime=0x1d823de, ftLastAccessTime.dwLowDateTime=0x677989e0, ftLastAccessTime.dwHighDateTime=0x1d82605, ftLastWriteTime.dwLowDateTime=0x647de7ee, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x5108, dwReserved0=0x0, dwReserved1=0x0, cFileName="JHyJ2FcVg5iar.mp3.ampkcz", cAlternateFileName="JHYJ2F~1.AMP")) returned 1 [0202.464] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71191240, ftCreationTime.dwHighDateTime=0x1d81d4f, ftLastAccessTime.dwLowDateTime=0xa3f402c0, ftLastAccessTime.dwHighDateTime=0x1d82587, ftLastWriteTime.dwLowDateTime=0x64d295a4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2348, dwReserved0=0x0, dwReserved1=0x0, cFileName="mB4Ez1kKY5Cs.mp3.ampkcz", cAlternateFileName="MB4EZ1~1.AMP")) returned 1 [0202.464] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51b8e290, ftCreationTime.dwHighDateTime=0x1d822d1, ftLastAccessTime.dwLowDateTime=0x9cb3d000, ftLastAccessTime.dwHighDateTime=0x1d8232d, ftLastWriteTime.dwLowDateTime=0x65173735, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x7248, dwReserved0=0x0, dwReserved1=0x0, cFileName="mFs5gB9Z3Uguw495HmEZ.jpg.ampkcz", cAlternateFileName="MFS5GB~1.AMP")) returned 1 [0202.464] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6256224f, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x6256224f, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x62575ace, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0202.464] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9befbf0, ftCreationTime.dwHighDateTime=0x1d81cfd, ftLastAccessTime.dwLowDateTime=0x87f76dc0, ftLastAccessTime.dwHighDateTime=0x1d82756, ftLastWriteTime.dwLowDateTime=0x65736b6e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x18fa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RPzmf9DjF1.pptx.ampkcz", cAlternateFileName="RPZMF9~1.AMP")) returned 1 [0202.464] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a169430, ftCreationTime.dwHighDateTime=0x1d828ca, ftLastAccessTime.dwLowDateTime=0x5fd5e050, ftLastAccessTime.dwHighDateTime=0x1d8290f, ftLastWriteTime.dwLowDateTime=0x65bf65c8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x101f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="SjWyWkMIArJ.docx.ampkcz", cAlternateFileName="SJWYWK~1.AMP")) returned 1 [0202.465] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9650, ftCreationTime.dwHighDateTime=0x1d81a02, ftLastAccessTime.dwLowDateTime=0x56f29500, ftLastAccessTime.dwHighDateTime=0x1d8247d, ftLastWriteTime.dwLowDateTime=0x660c8754, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a060, dwReserved0=0x0, dwReserved1=0x0, cFileName="VADyx2_L0xN.flv.ampkcz", cAlternateFileName="VADYX2~1.AMP")) returned 1 [0202.465] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ee1500, ftCreationTime.dwHighDateTime=0x1d8225e, ftLastAccessTime.dwLowDateTime=0x25426d90, ftLastAccessTime.dwHighDateTime=0x1d829a6, ftLastWriteTime.dwLowDateTime=0x66732100, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x20960, dwReserved0=0x0, dwReserved1=0x0, cFileName="vXhGV8MRaVScOkV5f5.ods.ampkcz", cAlternateFileName="VXHGV8~1.AMP")) returned 1 [0202.465] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd36485d0, ftCreationTime.dwHighDateTime=0x1d82671, ftLastAccessTime.dwLowDateTime=0x5e9bed80, ftLastAccessTime.dwHighDateTime=0x1d8280e, ftLastWriteTime.dwLowDateTime=0x66b1fb0d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x49a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WTyYMq00n.m4a.ampkcz", cAlternateFileName="WTYYMQ~1.AMP")) returned 1 [0202.465] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d025c90, ftCreationTime.dwHighDateTime=0x1d820a6, ftLastAccessTime.dwLowDateTime=0xf2464730, ftLastAccessTime.dwHighDateTime=0x1d82172, ftLastWriteTime.dwLowDateTime=0x670fe283, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x920, dwReserved0=0x0, dwReserved1=0x0, cFileName="Y_Ku-Plvvx.png.ampkcz", cAlternateFileName="Y_KU-P~1.AMP")) returned 1 [0202.465] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d025c90, ftCreationTime.dwHighDateTime=0x1d820a6, ftLastAccessTime.dwLowDateTime=0xf2464730, ftLastAccessTime.dwHighDateTime=0x1d82172, ftLastWriteTime.dwLowDateTime=0x670fe283, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x920, dwReserved0=0x0, dwReserved1=0x0, cFileName="Y_Ku-Plvvx.png.ampkcz", cAlternateFileName="Y_KU-P~1.AMP")) returned 0 [0202.466] FindClose (in: hFindFile=0x687cd0 | out: hFindFile=0x687cd0) returned 1 [0202.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0202.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0202.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0202.466] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Links", lpFilePart=0x0) returned 0x1b [0202.466] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Links\\", lpFilePart=0x0) returned 0x1c [0202.466] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437ed538, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0202.466] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437ed538, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.466] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x43754b80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437ed538, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0202.467] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437c7194, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437c7194, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x207, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0202.467] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437c7194, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437c7194, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x3d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0202.467] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0202.467] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0202.467] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0202.467] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0202.469] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini", lpFilePart=0x0) returned 0x27 [0202.469] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini", lpFilePart=0x0) returned 0x27 [0202.469] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini", dwFileAttributes=0x80) returned 1 [0202.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0202.471] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x264d960 | out: lpFileInformation=0x264d960*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x43754b80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437ed538, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0202.471] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0202.471] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini", lpFilePart=0x0) returned 0x27 [0202.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0202.471] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0202.471] GetFileType (hFile=0x1f4) returned 0x1 [0202.471] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0202.471] GetFileType (hFile=0x1f4) returned 0x1 [0202.471] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x1f8 [0202.471] ReadFile (in: hFile=0x1f4, lpBuffer=0x264df98, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x264df98*, lpNumberOfBytesRead=0x14edd8*=0x1f8, lpOverlapped=0x0) returned 1 [0202.472] CloseHandle (hObject=0x1f4) returned 1 [0202.787] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini", lpFilePart=0x0) returned 0x27 [0202.787] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0202.787] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0202.788] GetFileType (hFile=0x1f4) returned 0x1 [0202.788] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0202.788] GetFileType (hFile=0x1f4) returned 0x1 [0202.788] WriteFile (in: hFile=0x1f4, lpBuffer=0x26c9a70*, nNumberOfBytesToWrite=0x374, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26c9a70*, lpNumberOfBytesWritten=0x14ec98*=0x374, lpOverlapped=0x0) returned 1 [0202.789] CloseHandle (hObject=0x1f4) returned 1 [0202.791] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini", lpFilePart=0x0) returned 0x27 [0202.791] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini.ampkcz", lpFilePart=0x0) returned 0x2e [0202.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0202.791] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43754b80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x67462621, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x374)) returned 1 [0202.791] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0202.791] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\desktop.ini"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\desktop.ini.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\desktop.ini.ampkcz")) returned 1 [0202.792] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Links\\readme.txt", lpFilePart=0x0) returned 0x26 [0202.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0202.792] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\links\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0202.793] GetFileType (hFile=0x1f4) returned 0x1 [0202.793] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0202.793] GetFileType (hFile=0x1f4) returned 0x1 [0202.794] WriteFile (in: hFile=0x1f4, lpBuffer=0x26ccc20*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ed48, lpOverlapped=0x0 | out: lpBuffer=0x26ccc20*, lpNumberOfBytesWritten=0x14ed48*=0x6c6, lpOverlapped=0x0) returned 1 [0202.795] CloseHandle (hObject=0x1f4) returned 1 [0202.800] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0202.800] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Links", lpFilePart=0x0) returned 0x1b [0202.800] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Links\\", lpFilePart=0x0) returned 0x1c [0202.800] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Links\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x67463510, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x67465c45, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0202.801] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x67463510, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x67465c45, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.801] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43754b80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x67462621, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x374, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0202.801] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437c7194, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437c7194, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x207, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0202.801] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x437c7194, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437c7194, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437c7194, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x3d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0202.801] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67465c45, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x67465c45, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6746aa33, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0202.801] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67465c45, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x67465c45, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6746aa33, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0202.802] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0202.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0202.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0202.802] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0202.802] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Contacts", lpFilePart=0x0) returned 0x1e [0202.802] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Contacts\\", lpFilePart=0x0) returned 0x1f [0202.802] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0202.802] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0202.803] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0202.803] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0202.803] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0202.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0202.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0202.803] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini", lpFilePart=0x0) returned 0x2a [0202.803] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini", lpFilePart=0x0) returned 0x2a [0202.803] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini", dwFileAttributes=0x80) returned 1 [0202.803] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0202.804] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\contacts\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x26d6190 | out: lpFileInformation=0x26d6190*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x435fd682, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x19c)) returned 1 [0202.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0202.804] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini", lpFilePart=0x0) returned 0x2a [0202.804] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0202.804] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\contacts\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0202.804] GetFileType (hFile=0x1f4) returned 0x1 [0202.804] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0202.804] GetFileType (hFile=0x1f4) returned 0x1 [0202.804] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x19c [0202.804] ReadFile (in: hFile=0x1f4, lpBuffer=0x26d6788, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x26d6788*, lpNumberOfBytesRead=0x14edd8*=0x19c, lpOverlapped=0x0) returned 1 [0202.804] CloseHandle (hObject=0x1f4) returned 1 [0203.396] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini", lpFilePart=0x0) returned 0x2a [0203.396] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0203.396] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\contacts\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0203.398] GetFileType (hFile=0x1f4) returned 0x1 [0203.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0203.398] GetFileType (hFile=0x1f4) returned 0x1 [0203.398] WriteFile (in: hFile=0x1f4, lpBuffer=0x25594e0*, nNumberOfBytesToWrite=0x2f4, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25594e0*, lpNumberOfBytesWritten=0x14ec98*=0x2f4, lpOverlapped=0x0) returned 1 [0203.399] CloseHandle (hObject=0x1f4) returned 1 [0203.400] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini", lpFilePart=0x0) returned 0x2a [0203.400] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini.ampkcz", lpFilePart=0x0) returned 0x31 [0203.400] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0203.400] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\contacts\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x67a311ab, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2f4)) returned 1 [0203.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0203.401] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\contacts\\desktop.ini"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\desktop.ini.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\contacts\\desktop.ini.ampkcz")) returned 1 [0203.401] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Contacts\\readme.txt", lpFilePart=0x0) returned 0x29 [0203.401] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0203.401] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\contacts\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0203.402] GetFileType (hFile=0x1f4) returned 0x1 [0203.402] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0203.402] GetFileType (hFile=0x1f4) returned 0x1 [0203.403] WriteFile (in: hFile=0x1f4, lpBuffer=0x255c6b8*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ed48, lpOverlapped=0x0 | out: lpBuffer=0x255c6b8*, lpNumberOfBytesWritten=0x14ed48*=0x6c6, lpOverlapped=0x0) returned 1 [0203.404] CloseHandle (hObject=0x1f4) returned 1 [0203.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0203.404] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Contacts", lpFilePart=0x0) returned 0x1e [0203.404] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Contacts\\", lpFilePart=0x0) returned 0x1f [0203.405] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Contacts\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x67a33765, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x67a34b3e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0203.405] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x67a33765, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x67a34b3e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.405] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x67a311ab, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0203.405] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67a34b3e, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x67a34b3e, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x67a3ae29, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0203.405] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67a34b3e, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x67a34b3e, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x67a3ae29, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0203.406] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0203.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0203.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0203.406] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0203.406] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0203.406] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e [0203.406] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x61fd6f19, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x61fd6f19, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0203.406] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x61fd6f19, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x61fd6f19, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.407] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a22e910, ftCreationTime.dwHighDateTime=0x1d81bfa, ftLastAccessTime.dwLowDateTime=0xea63790, ftLastAccessTime.dwHighDateTime=0x1d82818, ftLastWriteTime.dwLowDateTime=0x5a10affd, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xb560, dwReserved0=0x0, dwReserved1=0x0, cFileName="2tiKE.m4a.ampkcz", cAlternateFileName="2TIKEM~1.AMP")) returned 1 [0203.407] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd86a9360, ftCreationTime.dwHighDateTime=0x1d82362, ftLastAccessTime.dwLowDateTime=0xcc3c5400, ftLastAccessTime.dwHighDateTime=0x1d826ed, ftLastWriteTime.dwLowDateTime=0x5a97fab2, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x18d34, dwReserved0=0x0, dwReserved1=0x0, cFileName="505vm9.swf.ampkcz", cAlternateFileName="505VM9~1.AMP")) returned 1 [0203.407] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5be420, ftCreationTime.dwHighDateTime=0x1d8230f, ftLastAccessTime.dwLowDateTime=0xd6ceea20, ftLastAccessTime.dwHighDateTime=0x1d82857, ftLastWriteTime.dwLowDateTime=0x5ae68886, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1f088, dwReserved0=0x0, dwReserved1=0x0, cFileName="9ABjQ1b3wA2cIKcd.flv.ampkcz", cAlternateFileName="9ABJQ1~1.AMP")) returned 1 [0203.407] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb91e780, ftCreationTime.dwHighDateTime=0x1d858f1, ftLastAccessTime.dwLowDateTime=0xeb91e780, ftLastAccessTime.dwHighDateTime=0x1d858f1, ftLastWriteTime.dwLowDateTime=0x263f5400, ftLastWriteTime.dwHighDateTime=0x1d858e1, nFileSizeHigh=0x0, nFileSizeLow=0x6800, dwReserved0=0x0, dwReserved1=0x0, cFileName="a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", cAlternateFileName="A7F09C~1.EXE")) returned 1 [0203.407] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83be2040, ftCreationTime.dwHighDateTime=0x1d8285b, ftLastAccessTime.dwLowDateTime=0xc2b25400, ftLastAccessTime.dwHighDateTime=0x1d82893, ftLastWriteTime.dwLowDateTime=0x5b269fe7, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xb7a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bh_dyqBOzR8.swf.ampkcz", cAlternateFileName="BH_DYQ~1.AMP")) returned 1 [0203.407] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfba64860, ftCreationTime.dwHighDateTime=0x1d81b97, ftLastAccessTime.dwLowDateTime=0x7c2644a0, ftLastAccessTime.dwHighDateTime=0x1d81f7f, ftLastWriteTime.dwLowDateTime=0x5b8c0217, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8808, dwReserved0=0x0, dwReserved1=0x0, cFileName="BiqZhzQpPpNFiiegsAS.mkv.ampkcz", cAlternateFileName="BIQZHZ~1.AMP")) returned 1 [0203.408] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91746cd0, ftCreationTime.dwHighDateTime=0x1d828ce, ftLastAccessTime.dwLowDateTime=0x6710feb0, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6710feb0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bjr3u", cAlternateFileName="")) returned 1 [0203.408] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd308590, ftCreationTime.dwHighDateTime=0x1d81fef, ftLastAccessTime.dwLowDateTime=0xb961b180, ftLastAccessTime.dwHighDateTime=0x1d8256d, ftLastWriteTime.dwLowDateTime=0x5bd54292, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8634, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cp L8O_LsjVMCQa-GI.gif.ampkcz", cAlternateFileName="CPL8O_~1.AMP")) returned 1 [0203.408] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5c0a3b58, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x248, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0203.408] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e06dc30, ftCreationTime.dwHighDateTime=0x1d821ae, ftLastAccessTime.dwLowDateTime=0x2ae6cd40, ftLastAccessTime.dwHighDateTime=0x1d826b3, ftLastWriteTime.dwLowDateTime=0x5c77c155, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1f534, dwReserved0=0x0, dwReserved1=0x0, cFileName="ICzw-hYXI.bmp.ampkcz", cAlternateFileName="ICZW-H~1.AMP")) returned 1 [0203.408] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf54d8940, ftCreationTime.dwHighDateTime=0x1d820ad, ftLastAccessTime.dwLowDateTime=0xd9ca63a0, ftLastAccessTime.dwHighDateTime=0x1d824e5, ftLastWriteTime.dwLowDateTime=0x5cd5790f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8674, dwReserved0=0x0, dwReserved1=0x0, cFileName="iEg5ajMoeBZC.mp4.ampkcz", cAlternateFileName="IEG5AJ~1.AMP")) returned 1 [0203.408] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc458100, ftCreationTime.dwHighDateTime=0x1d81a09, ftLastAccessTime.dwLowDateTime=0x5aa65240, ftLastAccessTime.dwHighDateTime=0x1d8286f, ftLastWriteTime.dwLowDateTime=0x5d41266b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x19d34, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkAT8Q.rtf.ampkcz", cAlternateFileName="JKAT8Q~1.AMP")) returned 1 [0203.409] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cab9260, ftCreationTime.dwHighDateTime=0x1d81e4e, ftLastAccessTime.dwLowDateTime=0x2ae8bbf0, ftLastAccessTime.dwHighDateTime=0x1d828ca, ftLastWriteTime.dwLowDateTime=0x5d9feb3f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x9ba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="k-2kcKE.mkv.ampkcz", cAlternateFileName="K-2KCK~1.AMP")) returned 1 [0203.409] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ad53b00, ftCreationTime.dwHighDateTime=0x1d8282e, ftLastAccessTime.dwLowDateTime=0x17573b10, ftLastAccessTime.dwHighDateTime=0x1d82943, ftLastWriteTime.dwLowDateTime=0x5e0fa9db, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1dea0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KvJg7fTjd.ppt.ampkcz", cAlternateFileName="KVJG7F~1.AMP")) returned 1 [0203.409] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb434b270, ftCreationTime.dwHighDateTime=0x1d825f4, ftLastAccessTime.dwLowDateTime=0x87f2f760, ftLastAccessTime.dwHighDateTime=0x1d829bb, ftLastWriteTime.dwLowDateTime=0x5e751aa6, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1df08, dwReserved0=0x0, dwReserved1=0x0, cFileName="mS0Pc.m4a.ampkcz", cAlternateFileName="MS0PCM~1.AMP")) returned 1 [0203.409] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xceb94b00, ftCreationTime.dwHighDateTime=0x1d82244, ftLastAccessTime.dwLowDateTime=0xa09154c0, ftLastAccessTime.dwHighDateTime=0x1d827c1, ftLastWriteTime.dwLowDateTime=0x5ee59db6, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x7774, dwReserved0=0x0, dwReserved1=0x0, cFileName="NdRfu9tUbI.wav.ampkcz", cAlternateFileName="NDRFU9~1.AMP")) returned 1 [0203.409] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3f8fc10, ftCreationTime.dwHighDateTime=0x1d820b6, ftLastAccessTime.dwLowDateTime=0xfd4c06c0, ftLastAccessTime.dwHighDateTime=0x1d82798, ftLastWriteTime.dwLowDateTime=0x5f43ef64, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x15808, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pdz8n1 UI6B5ybck59.mp3.ampkcz", cAlternateFileName="PDZ8N1~1.AMP")) returned 1 [0203.409] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc76fa210, ftCreationTime.dwHighDateTime=0x1d81c6b, ftLastAccessTime.dwLowDateTime=0x71903d50, ftLastAccessTime.dwHighDateTime=0x1d81cbb, ftLastWriteTime.dwLowDateTime=0x5f8940ed, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x12eb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="R4ZOtCCfPyPi.png.ampkcz", cAlternateFileName="R4ZOTC~1.AMP")) returned 1 [0203.409] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a156260, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x5a156260, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x5a165cc6, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0203.410] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa27af970, ftCreationTime.dwHighDateTime=0x1d82178, ftLastAccessTime.dwLowDateTime=0x8ba88920, ftLastAccessTime.dwHighDateTime=0x1d8296a, ftLastWriteTime.dwLowDateTime=0x5fc2c9d5, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1aa74, dwReserved0=0x0, dwReserved1=0x0, cFileName="SfNsa8YB.avi.ampkcz", cAlternateFileName="SFNSA8~1.AMP")) returned 1 [0203.410] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fe8e730, ftCreationTime.dwHighDateTime=0x1d82610, ftLastAccessTime.dwLowDateTime=0x6e274200, ftLastAccessTime.dwHighDateTime=0x1d8262d, ftLastWriteTime.dwLowDateTime=0x6034436d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x93c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="sxWMOh.mkv.ampkcz", cAlternateFileName="SXWMOH~1.AMP")) returned 1 [0203.410] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xace2b8b0, ftCreationTime.dwHighDateTime=0x1d82166, ftLastAccessTime.dwLowDateTime=0xe534fe60, ftLastAccessTime.dwHighDateTime=0x1d8254b, ftLastWriteTime.dwLowDateTime=0x60a3d145, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x86a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="t8p41K1nPNZvX.m4a.ampkcz", cAlternateFileName="T8P41K~1.AMP")) returned 1 [0203.410] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e00acc0, ftCreationTime.dwHighDateTime=0x1d81f60, ftLastAccessTime.dwLowDateTime=0x3fcaf4c0, ftLastAccessTime.dwHighDateTime=0x1d828ca, ftLastWriteTime.dwLowDateTime=0x610604fa, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x214b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="tSEGMvCPcMx.jpg.ampkcz", cAlternateFileName="TSEGMV~1.AMP")) returned 1 [0203.410] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x650c8f10, ftCreationTime.dwHighDateTime=0x1d81c21, ftLastAccessTime.dwLowDateTime=0xd62974d0, ftLastAccessTime.dwHighDateTime=0x1d81c42, ftLastWriteTime.dwLowDateTime=0x617e4bed, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd4b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="y2H9O8xlmETgCAbycT.png.ampkcz", cAlternateFileName="Y2H9O8~1.AMP")) returned 1 [0203.410] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2e23fe0, ftCreationTime.dwHighDateTime=0x1d82a28, ftLastAccessTime.dwLowDateTime=0xcf668310, ftLastAccessTime.dwHighDateTime=0x1d82a28, ftLastWriteTime.dwLowDateTime=0x61c1010e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1cf74, dwReserved0=0x0, dwReserved1=0x0, cFileName="ys5FVy3YwYbsg.m4a.ampkcz", cAlternateFileName="YS5FVY~1.AMP")) returned 1 [0203.410] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4dd50a0, ftCreationTime.dwHighDateTime=0x1d8247d, ftLastAccessTime.dwLowDateTime=0x7316e100, ftLastAccessTime.dwHighDateTime=0x1d82545, ftLastWriteTime.dwLowDateTime=0x7316e100, ftLastWriteTime.dwHighDateTime=0x1d82545, nFileSizeHigh=0x0, nFileSizeLow=0x116db, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ze-VEOovGiNCD_-X5js.ots", cAlternateFileName="ZE-VEO~1.OTS")) returned 1 [0203.411] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4140020, ftCreationTime.dwHighDateTime=0x1d81ca9, ftLastAccessTime.dwLowDateTime=0x88bbbd30, ftLastAccessTime.dwHighDateTime=0x1d820c9, ftLastWriteTime.dwLowDateTime=0x61fcddbe, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a1e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zr1fJuAtmLuvrKkw.gif.ampkcz", cAlternateFileName="ZR1FJU~1.AMP")) returned 1 [0203.411] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0203.411] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0203.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0203.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0203.418] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0203.418] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop", lpFilePart=0x0) returned 0x1d [0203.418] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\", lpFilePart=0x0) returned 0x1e [0203.418] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x61fd6f19, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x61fd6f19, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687cd0 [0203.419] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x61fd6f19, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x61fd6f19, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.419] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3a22e910, ftCreationTime.dwHighDateTime=0x1d81bfa, ftLastAccessTime.dwLowDateTime=0xea63790, ftLastAccessTime.dwHighDateTime=0x1d82818, ftLastWriteTime.dwLowDateTime=0x5a10affd, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xb560, dwReserved0=0x0, dwReserved1=0x0, cFileName="2tiKE.m4a.ampkcz", cAlternateFileName="2TIKEM~1.AMP")) returned 1 [0203.419] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd86a9360, ftCreationTime.dwHighDateTime=0x1d82362, ftLastAccessTime.dwLowDateTime=0xcc3c5400, ftLastAccessTime.dwHighDateTime=0x1d826ed, ftLastWriteTime.dwLowDateTime=0x5a97fab2, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x18d34, dwReserved0=0x0, dwReserved1=0x0, cFileName="505vm9.swf.ampkcz", cAlternateFileName="505VM9~1.AMP")) returned 1 [0203.419] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5be420, ftCreationTime.dwHighDateTime=0x1d8230f, ftLastAccessTime.dwLowDateTime=0xd6ceea20, ftLastAccessTime.dwHighDateTime=0x1d82857, ftLastWriteTime.dwLowDateTime=0x5ae68886, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1f088, dwReserved0=0x0, dwReserved1=0x0, cFileName="9ABjQ1b3wA2cIKcd.flv.ampkcz", cAlternateFileName="9ABJQ1~1.AMP")) returned 1 [0203.420] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb91e780, ftCreationTime.dwHighDateTime=0x1d858f1, ftLastAccessTime.dwLowDateTime=0xeb91e780, ftLastAccessTime.dwHighDateTime=0x1d858f1, ftLastWriteTime.dwLowDateTime=0x263f5400, ftLastWriteTime.dwHighDateTime=0x1d858e1, nFileSizeHigh=0x0, nFileSizeLow=0x6800, dwReserved0=0x0, dwReserved1=0x0, cFileName="a7f09cfde433f3d47fc96502bf2b623ae5e7626da85d0a0130dcd19d1679af9b.exe", cAlternateFileName="A7F09C~1.EXE")) returned 1 [0203.420] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83be2040, ftCreationTime.dwHighDateTime=0x1d8285b, ftLastAccessTime.dwLowDateTime=0xc2b25400, ftLastAccessTime.dwHighDateTime=0x1d82893, ftLastWriteTime.dwLowDateTime=0x5b269fe7, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xb7a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bh_dyqBOzR8.swf.ampkcz", cAlternateFileName="BH_DYQ~1.AMP")) returned 1 [0203.420] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfba64860, ftCreationTime.dwHighDateTime=0x1d81b97, ftLastAccessTime.dwLowDateTime=0x7c2644a0, ftLastAccessTime.dwHighDateTime=0x1d81f7f, ftLastWriteTime.dwLowDateTime=0x5b8c0217, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8808, dwReserved0=0x0, dwReserved1=0x0, cFileName="BiqZhzQpPpNFiiegsAS.mkv.ampkcz", cAlternateFileName="BIQZHZ~1.AMP")) returned 1 [0203.420] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91746cd0, ftCreationTime.dwHighDateTime=0x1d828ce, ftLastAccessTime.dwLowDateTime=0x6710feb0, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6710feb0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bjr3u", cAlternateFileName="")) returned 1 [0203.420] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd308590, ftCreationTime.dwHighDateTime=0x1d81fef, ftLastAccessTime.dwLowDateTime=0xb961b180, ftLastAccessTime.dwHighDateTime=0x1d8256d, ftLastWriteTime.dwLowDateTime=0x5bd54292, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8634, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cp L8O_LsjVMCQa-GI.gif.ampkcz", cAlternateFileName="CPL8O_~1.AMP")) returned 1 [0203.420] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5c0a3b58, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x248, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0203.421] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e06dc30, ftCreationTime.dwHighDateTime=0x1d821ae, ftLastAccessTime.dwLowDateTime=0x2ae6cd40, ftLastAccessTime.dwHighDateTime=0x1d826b3, ftLastWriteTime.dwLowDateTime=0x5c77c155, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1f534, dwReserved0=0x0, dwReserved1=0x0, cFileName="ICzw-hYXI.bmp.ampkcz", cAlternateFileName="ICZW-H~1.AMP")) returned 1 [0203.421] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf54d8940, ftCreationTime.dwHighDateTime=0x1d820ad, ftLastAccessTime.dwLowDateTime=0xd9ca63a0, ftLastAccessTime.dwHighDateTime=0x1d824e5, ftLastWriteTime.dwLowDateTime=0x5cd5790f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8674, dwReserved0=0x0, dwReserved1=0x0, cFileName="iEg5ajMoeBZC.mp4.ampkcz", cAlternateFileName="IEG5AJ~1.AMP")) returned 1 [0203.421] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdc458100, ftCreationTime.dwHighDateTime=0x1d81a09, ftLastAccessTime.dwLowDateTime=0x5aa65240, ftLastAccessTime.dwHighDateTime=0x1d8286f, ftLastWriteTime.dwLowDateTime=0x5d41266b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x19d34, dwReserved0=0x0, dwReserved1=0x0, cFileName="jkAT8Q.rtf.ampkcz", cAlternateFileName="JKAT8Q~1.AMP")) returned 1 [0203.421] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5cab9260, ftCreationTime.dwHighDateTime=0x1d81e4e, ftLastAccessTime.dwLowDateTime=0x2ae8bbf0, ftLastAccessTime.dwHighDateTime=0x1d828ca, ftLastWriteTime.dwLowDateTime=0x5d9feb3f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x9ba0, dwReserved0=0x0, dwReserved1=0x0, cFileName="k-2kcKE.mkv.ampkcz", cAlternateFileName="K-2KCK~1.AMP")) returned 1 [0203.421] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ad53b00, ftCreationTime.dwHighDateTime=0x1d8282e, ftLastAccessTime.dwLowDateTime=0x17573b10, ftLastAccessTime.dwHighDateTime=0x1d82943, ftLastWriteTime.dwLowDateTime=0x5e0fa9db, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1dea0, dwReserved0=0x0, dwReserved1=0x0, cFileName="KvJg7fTjd.ppt.ampkcz", cAlternateFileName="KVJG7F~1.AMP")) returned 1 [0203.421] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb434b270, ftCreationTime.dwHighDateTime=0x1d825f4, ftLastAccessTime.dwLowDateTime=0x87f2f760, ftLastAccessTime.dwHighDateTime=0x1d829bb, ftLastWriteTime.dwLowDateTime=0x5e751aa6, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1df08, dwReserved0=0x0, dwReserved1=0x0, cFileName="mS0Pc.m4a.ampkcz", cAlternateFileName="MS0PCM~1.AMP")) returned 1 [0203.422] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xceb94b00, ftCreationTime.dwHighDateTime=0x1d82244, ftLastAccessTime.dwLowDateTime=0xa09154c0, ftLastAccessTime.dwHighDateTime=0x1d827c1, ftLastWriteTime.dwLowDateTime=0x5ee59db6, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x7774, dwReserved0=0x0, dwReserved1=0x0, cFileName="NdRfu9tUbI.wav.ampkcz", cAlternateFileName="NDRFU9~1.AMP")) returned 1 [0203.422] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa3f8fc10, ftCreationTime.dwHighDateTime=0x1d820b6, ftLastAccessTime.dwLowDateTime=0xfd4c06c0, ftLastAccessTime.dwHighDateTime=0x1d82798, ftLastWriteTime.dwLowDateTime=0x5f43ef64, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x15808, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pdz8n1 UI6B5ybck59.mp3.ampkcz", cAlternateFileName="PDZ8N1~1.AMP")) returned 1 [0203.422] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc76fa210, ftCreationTime.dwHighDateTime=0x1d81c6b, ftLastAccessTime.dwLowDateTime=0x71903d50, ftLastAccessTime.dwHighDateTime=0x1d81cbb, ftLastWriteTime.dwLowDateTime=0x5f8940ed, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x12eb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="R4ZOtCCfPyPi.png.ampkcz", cAlternateFileName="R4ZOTC~1.AMP")) returned 1 [0203.422] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a156260, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x5a156260, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x5a165cc6, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0203.422] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa27af970, ftCreationTime.dwHighDateTime=0x1d82178, ftLastAccessTime.dwLowDateTime=0x8ba88920, ftLastAccessTime.dwHighDateTime=0x1d8296a, ftLastWriteTime.dwLowDateTime=0x5fc2c9d5, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1aa74, dwReserved0=0x0, dwReserved1=0x0, cFileName="SfNsa8YB.avi.ampkcz", cAlternateFileName="SFNSA8~1.AMP")) returned 1 [0203.422] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fe8e730, ftCreationTime.dwHighDateTime=0x1d82610, ftLastAccessTime.dwLowDateTime=0x6e274200, ftLastAccessTime.dwHighDateTime=0x1d8262d, ftLastWriteTime.dwLowDateTime=0x6034436d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x93c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="sxWMOh.mkv.ampkcz", cAlternateFileName="SXWMOH~1.AMP")) returned 1 [0203.423] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xace2b8b0, ftCreationTime.dwHighDateTime=0x1d82166, ftLastAccessTime.dwLowDateTime=0xe534fe60, ftLastAccessTime.dwHighDateTime=0x1d8254b, ftLastWriteTime.dwLowDateTime=0x60a3d145, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x86a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="t8p41K1nPNZvX.m4a.ampkcz", cAlternateFileName="T8P41K~1.AMP")) returned 1 [0203.423] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e00acc0, ftCreationTime.dwHighDateTime=0x1d81f60, ftLastAccessTime.dwLowDateTime=0x3fcaf4c0, ftLastAccessTime.dwHighDateTime=0x1d828ca, ftLastWriteTime.dwLowDateTime=0x610604fa, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x214b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="tSEGMvCPcMx.jpg.ampkcz", cAlternateFileName="TSEGMV~1.AMP")) returned 1 [0203.423] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x650c8f10, ftCreationTime.dwHighDateTime=0x1d81c21, ftLastAccessTime.dwLowDateTime=0xd62974d0, ftLastAccessTime.dwHighDateTime=0x1d81c42, ftLastWriteTime.dwLowDateTime=0x617e4bed, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd4b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="y2H9O8xlmETgCAbycT.png.ampkcz", cAlternateFileName="Y2H9O8~1.AMP")) returned 1 [0203.423] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2e23fe0, ftCreationTime.dwHighDateTime=0x1d82a28, ftLastAccessTime.dwLowDateTime=0xcf668310, ftLastAccessTime.dwHighDateTime=0x1d82a28, ftLastWriteTime.dwLowDateTime=0x61c1010e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1cf74, dwReserved0=0x0, dwReserved1=0x0, cFileName="ys5FVy3YwYbsg.m4a.ampkcz", cAlternateFileName="YS5FVY~1.AMP")) returned 1 [0203.423] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4dd50a0, ftCreationTime.dwHighDateTime=0x1d8247d, ftLastAccessTime.dwLowDateTime=0x7316e100, ftLastAccessTime.dwHighDateTime=0x1d82545, ftLastWriteTime.dwLowDateTime=0x7316e100, ftLastWriteTime.dwHighDateTime=0x1d82545, nFileSizeHigh=0x0, nFileSizeLow=0x116db, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ze-VEOovGiNCD_-X5js.ots", cAlternateFileName="ZE-VEO~1.OTS")) returned 1 [0203.423] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4140020, ftCreationTime.dwHighDateTime=0x1d81ca9, ftLastAccessTime.dwLowDateTime=0x88bbbd30, ftLastAccessTime.dwHighDateTime=0x1d820c9, ftLastWriteTime.dwLowDateTime=0x61fcddbe, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a1e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zr1fJuAtmLuvrKkw.gif.ampkcz", cAlternateFileName="ZR1FJU~1.AMP")) returned 1 [0203.424] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4140020, ftCreationTime.dwHighDateTime=0x1d81ca9, ftLastAccessTime.dwLowDateTime=0x88bbbd30, ftLastAccessTime.dwHighDateTime=0x1d820c9, ftLastWriteTime.dwLowDateTime=0x61fcddbe, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a1e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zr1fJuAtmLuvrKkw.gif.ampkcz", cAlternateFileName="ZR1FJU~1.AMP")) returned 0 [0203.424] FindClose (in: hFindFile=0x687cd0 | out: hFindFile=0x687cd0) returned 1 [0203.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0203.424] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0203.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0203.424] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u", lpFilePart=0x0) returned 0x23 [0203.424] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\", lpFilePart=0x0) returned 0x24 [0203.424] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91746cd0, ftCreationTime.dwHighDateTime=0x1d828ce, ftLastAccessTime.dwLowDateTime=0x6710feb0, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6710feb0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0203.424] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91746cd0, ftCreationTime.dwHighDateTime=0x1d828ce, ftLastAccessTime.dwLowDateTime=0x6710feb0, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6710feb0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.425] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d0ed080, ftCreationTime.dwHighDateTime=0x1d8262f, ftLastAccessTime.dwLowDateTime=0x57392270, ftLastAccessTime.dwHighDateTime=0x1d826c3, ftLastWriteTime.dwLowDateTime=0x624de466, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x12248, dwReserved0=0x0, dwReserved1=0x0, cFileName="2HtL-q.csv.ampkcz", cAlternateFileName="2HTL-Q~1.AMP")) returned 1 [0203.425] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x454e2e00, ftCreationTime.dwHighDateTime=0x1d81af9, ftLastAccessTime.dwLowDateTime=0x59375bc0, ftLastAccessTime.dwHighDateTime=0x1d82347, ftLastWriteTime.dwLowDateTime=0x62a8631f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="7Bsy4NSMiVQmfv8k.m4a.ampkcz", cAlternateFileName="7BSY4N~1.AMP")) returned 1 [0203.425] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde052540, ftCreationTime.dwHighDateTime=0x1d825e4, ftLastAccessTime.dwLowDateTime=0x6d621250, ftLastAccessTime.dwHighDateTime=0x1d82853, ftLastWriteTime.dwLowDateTime=0x62f732be, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x4634, dwReserved0=0x0, dwReserved1=0x0, cFileName="8LljmtPnMSEYSYG.csv.ampkcz", cAlternateFileName="8LLJMT~1.AMP")) returned 1 [0203.425] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c230220, ftCreationTime.dwHighDateTime=0x1d81ce7, ftLastAccessTime.dwLowDateTime=0xd569ebb0, ftLastAccessTime.dwHighDateTime=0x1d8202f, ftLastWriteTime.dwLowDateTime=0x633b504b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x170c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="8Vi4 VdapZ6YLX5Sp.flv.ampkcz", cAlternateFileName="8VI4VD~1.AMP")) returned 1 [0203.425] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb4c88e0, ftCreationTime.dwHighDateTime=0x1d829c4, ftLastAccessTime.dwLowDateTime=0xc7ac84b0, ftLastAccessTime.dwHighDateTime=0x1d829f8, ftLastWriteTime.dwLowDateTime=0x639d94bb, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x11988, dwReserved0=0x0, dwReserved1=0x0, cFileName="BKUVLc.bmp.ampkcz", cAlternateFileName="BKUVLC~1.AMP")) returned 1 [0203.425] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf992f60, ftCreationTime.dwHighDateTime=0x1d81df3, ftLastAccessTime.dwLowDateTime=0x23f58620, ftLastAccessTime.dwHighDateTime=0x1d8229e, ftLastWriteTime.dwLowDateTime=0x63d2a8f3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x15d88, dwReserved0=0x0, dwReserved1=0x0, cFileName="bz0WFA-cPHK_6RXp.m4a.ampkcz", cAlternateFileName="BZ0WFA~1.AMP")) returned 1 [0203.426] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefad3610, ftCreationTime.dwHighDateTime=0x1d826b2, ftLastAccessTime.dwLowDateTime=0x86ecf760, ftLastAccessTime.dwHighDateTime=0x1d8286e, ftLastWriteTime.dwLowDateTime=0x642bddf8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd9e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ggv8WxB.gif.ampkcz", cAlternateFileName="GGV8WX~1.AMP")) returned 1 [0203.426] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d72fbe0, ftCreationTime.dwHighDateTime=0x1d823de, ftLastAccessTime.dwLowDateTime=0x677989e0, ftLastAccessTime.dwHighDateTime=0x1d82605, ftLastWriteTime.dwLowDateTime=0x647de7ee, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x5108, dwReserved0=0x0, dwReserved1=0x0, cFileName="JHyJ2FcVg5iar.mp3.ampkcz", cAlternateFileName="JHYJ2F~1.AMP")) returned 1 [0203.426] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71191240, ftCreationTime.dwHighDateTime=0x1d81d4f, ftLastAccessTime.dwLowDateTime=0xa3f402c0, ftLastAccessTime.dwHighDateTime=0x1d82587, ftLastWriteTime.dwLowDateTime=0x64d295a4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2348, dwReserved0=0x0, dwReserved1=0x0, cFileName="mB4Ez1kKY5Cs.mp3.ampkcz", cAlternateFileName="MB4EZ1~1.AMP")) returned 1 [0203.426] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51b8e290, ftCreationTime.dwHighDateTime=0x1d822d1, ftLastAccessTime.dwLowDateTime=0x9cb3d000, ftLastAccessTime.dwHighDateTime=0x1d8232d, ftLastWriteTime.dwLowDateTime=0x65173735, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x7248, dwReserved0=0x0, dwReserved1=0x0, cFileName="mFs5gB9Z3Uguw495HmEZ.jpg.ampkcz", cAlternateFileName="MFS5GB~1.AMP")) returned 1 [0203.426] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6256224f, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x6256224f, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x62575ace, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0203.426] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9befbf0, ftCreationTime.dwHighDateTime=0x1d81cfd, ftLastAccessTime.dwLowDateTime=0x87f76dc0, ftLastAccessTime.dwHighDateTime=0x1d82756, ftLastWriteTime.dwLowDateTime=0x65736b6e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x18fa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RPzmf9DjF1.pptx.ampkcz", cAlternateFileName="RPZMF9~1.AMP")) returned 1 [0203.427] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a169430, ftCreationTime.dwHighDateTime=0x1d828ca, ftLastAccessTime.dwLowDateTime=0x5fd5e050, ftLastAccessTime.dwHighDateTime=0x1d8290f, ftLastWriteTime.dwLowDateTime=0x65bf65c8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x101f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="SjWyWkMIArJ.docx.ampkcz", cAlternateFileName="SJWYWK~1.AMP")) returned 1 [0203.427] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9650, ftCreationTime.dwHighDateTime=0x1d81a02, ftLastAccessTime.dwLowDateTime=0x56f29500, ftLastAccessTime.dwHighDateTime=0x1d8247d, ftLastWriteTime.dwLowDateTime=0x660c8754, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a060, dwReserved0=0x0, dwReserved1=0x0, cFileName="VADyx2_L0xN.flv.ampkcz", cAlternateFileName="VADYX2~1.AMP")) returned 1 [0203.427] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ee1500, ftCreationTime.dwHighDateTime=0x1d8225e, ftLastAccessTime.dwLowDateTime=0x25426d90, ftLastAccessTime.dwHighDateTime=0x1d829a6, ftLastWriteTime.dwLowDateTime=0x66732100, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x20960, dwReserved0=0x0, dwReserved1=0x0, cFileName="vXhGV8MRaVScOkV5f5.ods.ampkcz", cAlternateFileName="VXHGV8~1.AMP")) returned 1 [0203.427] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd36485d0, ftCreationTime.dwHighDateTime=0x1d82671, ftLastAccessTime.dwLowDateTime=0x5e9bed80, ftLastAccessTime.dwHighDateTime=0x1d8280e, ftLastWriteTime.dwLowDateTime=0x66b1fb0d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x49a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WTyYMq00n.m4a.ampkcz", cAlternateFileName="WTYYMQ~1.AMP")) returned 1 [0203.427] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d025c90, ftCreationTime.dwHighDateTime=0x1d820a6, ftLastAccessTime.dwLowDateTime=0xf2464730, ftLastAccessTime.dwHighDateTime=0x1d82172, ftLastWriteTime.dwLowDateTime=0x670fe283, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x920, dwReserved0=0x0, dwReserved1=0x0, cFileName="Y_Ku-Plvvx.png.ampkcz", cAlternateFileName="Y_KU-P~1.AMP")) returned 1 [0203.427] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0203.428] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0203.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0203.428] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0203.436] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0203.437] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u", lpFilePart=0x0) returned 0x23 [0203.437] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\", lpFilePart=0x0) returned 0x24 [0203.437] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Desktop\\Bjr3u\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91746cd0, ftCreationTime.dwHighDateTime=0x1d828ce, ftLastAccessTime.dwLowDateTime=0x6710feb0, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6710feb0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0203.437] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91746cd0, ftCreationTime.dwHighDateTime=0x1d828ce, ftLastAccessTime.dwLowDateTime=0x6710feb0, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6710feb0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.437] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5d0ed080, ftCreationTime.dwHighDateTime=0x1d8262f, ftLastAccessTime.dwLowDateTime=0x57392270, ftLastAccessTime.dwHighDateTime=0x1d826c3, ftLastWriteTime.dwLowDateTime=0x624de466, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x12248, dwReserved0=0x0, dwReserved1=0x0, cFileName="2HtL-q.csv.ampkcz", cAlternateFileName="2HTL-Q~1.AMP")) returned 1 [0203.438] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x454e2e00, ftCreationTime.dwHighDateTime=0x1d81af9, ftLastAccessTime.dwLowDateTime=0x59375bc0, ftLastAccessTime.dwHighDateTime=0x1d82347, ftLastWriteTime.dwLowDateTime=0x62a8631f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="7Bsy4NSMiVQmfv8k.m4a.ampkcz", cAlternateFileName="7BSY4N~1.AMP")) returned 1 [0203.438] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xde052540, ftCreationTime.dwHighDateTime=0x1d825e4, ftLastAccessTime.dwLowDateTime=0x6d621250, ftLastAccessTime.dwHighDateTime=0x1d82853, ftLastWriteTime.dwLowDateTime=0x62f732be, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x4634, dwReserved0=0x0, dwReserved1=0x0, cFileName="8LljmtPnMSEYSYG.csv.ampkcz", cAlternateFileName="8LLJMT~1.AMP")) returned 1 [0203.438] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c230220, ftCreationTime.dwHighDateTime=0x1d81ce7, ftLastAccessTime.dwLowDateTime=0xd569ebb0, ftLastAccessTime.dwHighDateTime=0x1d8202f, ftLastWriteTime.dwLowDateTime=0x633b504b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x170c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="8Vi4 VdapZ6YLX5Sp.flv.ampkcz", cAlternateFileName="8VI4VD~1.AMP")) returned 1 [0203.438] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xeb4c88e0, ftCreationTime.dwHighDateTime=0x1d829c4, ftLastAccessTime.dwLowDateTime=0xc7ac84b0, ftLastAccessTime.dwHighDateTime=0x1d829f8, ftLastWriteTime.dwLowDateTime=0x639d94bb, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x11988, dwReserved0=0x0, dwReserved1=0x0, cFileName="BKUVLc.bmp.ampkcz", cAlternateFileName="BKUVLC~1.AMP")) returned 1 [0203.438] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf992f60, ftCreationTime.dwHighDateTime=0x1d81df3, ftLastAccessTime.dwLowDateTime=0x23f58620, ftLastAccessTime.dwHighDateTime=0x1d8229e, ftLastWriteTime.dwLowDateTime=0x63d2a8f3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x15d88, dwReserved0=0x0, dwReserved1=0x0, cFileName="bz0WFA-cPHK_6RXp.m4a.ampkcz", cAlternateFileName="BZ0WFA~1.AMP")) returned 1 [0203.438] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefad3610, ftCreationTime.dwHighDateTime=0x1d826b2, ftLastAccessTime.dwLowDateTime=0x86ecf760, ftLastAccessTime.dwHighDateTime=0x1d8286e, ftLastWriteTime.dwLowDateTime=0x642bddf8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd9e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ggv8WxB.gif.ampkcz", cAlternateFileName="GGV8WX~1.AMP")) returned 1 [0203.439] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d72fbe0, ftCreationTime.dwHighDateTime=0x1d823de, ftLastAccessTime.dwLowDateTime=0x677989e0, ftLastAccessTime.dwHighDateTime=0x1d82605, ftLastWriteTime.dwLowDateTime=0x647de7ee, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x5108, dwReserved0=0x0, dwReserved1=0x0, cFileName="JHyJ2FcVg5iar.mp3.ampkcz", cAlternateFileName="JHYJ2F~1.AMP")) returned 1 [0203.439] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71191240, ftCreationTime.dwHighDateTime=0x1d81d4f, ftLastAccessTime.dwLowDateTime=0xa3f402c0, ftLastAccessTime.dwHighDateTime=0x1d82587, ftLastWriteTime.dwLowDateTime=0x64d295a4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2348, dwReserved0=0x0, dwReserved1=0x0, cFileName="mB4Ez1kKY5Cs.mp3.ampkcz", cAlternateFileName="MB4EZ1~1.AMP")) returned 1 [0203.439] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51b8e290, ftCreationTime.dwHighDateTime=0x1d822d1, ftLastAccessTime.dwLowDateTime=0x9cb3d000, ftLastAccessTime.dwHighDateTime=0x1d8232d, ftLastWriteTime.dwLowDateTime=0x65173735, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x7248, dwReserved0=0x0, dwReserved1=0x0, cFileName="mFs5gB9Z3Uguw495HmEZ.jpg.ampkcz", cAlternateFileName="MFS5GB~1.AMP")) returned 1 [0203.439] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6256224f, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x6256224f, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x62575ace, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0203.439] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9befbf0, ftCreationTime.dwHighDateTime=0x1d81cfd, ftLastAccessTime.dwLowDateTime=0x87f76dc0, ftLastAccessTime.dwHighDateTime=0x1d82756, ftLastWriteTime.dwLowDateTime=0x65736b6e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x18fa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RPzmf9DjF1.pptx.ampkcz", cAlternateFileName="RPZMF9~1.AMP")) returned 1 [0203.440] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a169430, ftCreationTime.dwHighDateTime=0x1d828ca, ftLastAccessTime.dwLowDateTime=0x5fd5e050, ftLastAccessTime.dwHighDateTime=0x1d8290f, ftLastWriteTime.dwLowDateTime=0x65bf65c8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x101f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="SjWyWkMIArJ.docx.ampkcz", cAlternateFileName="SJWYWK~1.AMP")) returned 1 [0203.440] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x104a9650, ftCreationTime.dwHighDateTime=0x1d81a02, ftLastAccessTime.dwLowDateTime=0x56f29500, ftLastAccessTime.dwHighDateTime=0x1d8247d, ftLastWriteTime.dwLowDateTime=0x660c8754, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a060, dwReserved0=0x0, dwReserved1=0x0, cFileName="VADyx2_L0xN.flv.ampkcz", cAlternateFileName="VADYX2~1.AMP")) returned 1 [0203.440] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1ee1500, ftCreationTime.dwHighDateTime=0x1d8225e, ftLastAccessTime.dwLowDateTime=0x25426d90, ftLastAccessTime.dwHighDateTime=0x1d829a6, ftLastWriteTime.dwLowDateTime=0x66732100, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x20960, dwReserved0=0x0, dwReserved1=0x0, cFileName="vXhGV8MRaVScOkV5f5.ods.ampkcz", cAlternateFileName="VXHGV8~1.AMP")) returned 1 [0203.440] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd36485d0, ftCreationTime.dwHighDateTime=0x1d82671, ftLastAccessTime.dwLowDateTime=0x5e9bed80, ftLastAccessTime.dwHighDateTime=0x1d8280e, ftLastWriteTime.dwLowDateTime=0x66b1fb0d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x49a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WTyYMq00n.m4a.ampkcz", cAlternateFileName="WTYYMQ~1.AMP")) returned 1 [0203.440] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d025c90, ftCreationTime.dwHighDateTime=0x1d820a6, ftLastAccessTime.dwLowDateTime=0xf2464730, ftLastAccessTime.dwHighDateTime=0x1d82172, ftLastWriteTime.dwLowDateTime=0x670fe283, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x920, dwReserved0=0x0, dwReserved1=0x0, cFileName="Y_Ku-Plvvx.png.ampkcz", cAlternateFileName="Y_KU-P~1.AMP")) returned 1 [0203.440] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4d025c90, ftCreationTime.dwHighDateTime=0x1d820a6, ftLastAccessTime.dwLowDateTime=0xf2464730, ftLastAccessTime.dwHighDateTime=0x1d82172, ftLastWriteTime.dwLowDateTime=0x670fe283, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x920, dwReserved0=0x0, dwReserved1=0x0, cFileName="Y_Ku-Plvvx.png.ampkcz", cAlternateFileName="Y_KU-P~1.AMP")) returned 0 [0203.441] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0203.441] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0203.441] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0203.441] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0203.441] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0203.441] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\", lpFilePart=0x0) returned 0x20 [0203.441] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xf28da837, ftLastAccessTime.dwHighDateTime=0x1d82a28, ftLastWriteTime.dwLowDateTime=0xf28da837, ftLastWriteTime.dwHighDateTime=0x1d82a28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0203.441] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xf28da837, ftLastAccessTime.dwHighDateTime=0x1d82a28, ftLastWriteTime.dwLowDateTime=0xf28da837, ftLastWriteTime.dwHighDateTime=0x1d82a28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0203.442] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb58ded50, ftCreationTime.dwHighDateTime=0x1d7ce72, ftLastAccessTime.dwLowDateTime=0x1ff66f00, ftLastAccessTime.dwHighDateTime=0x1d80866, ftLastWriteTime.dwLowDateTime=0x1ff66f00, ftLastWriteTime.dwHighDateTime=0x1d80866, nFileSizeHigh=0x0, nFileSizeLow=0xf6ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="8-58vgRqyz gS.pptx", cAlternateFileName="8-58VG~1.PPT")) returned 1 [0203.442] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1276ac00, ftCreationTime.dwHighDateTime=0x1d81a2c, ftLastAccessTime.dwLowDateTime=0xda7459a0, ftLastAccessTime.dwHighDateTime=0x1d81bad, ftLastWriteTime.dwLowDateTime=0xda7459a0, ftLastWriteTime.dwHighDateTime=0x1d81bad, nFileSizeHigh=0x0, nFileSizeLow=0x2309, dwReserved0=0x0, dwReserved1=0x0, cFileName="AEfN7e6MhjMF2F11JEs.xls", cAlternateFileName="AEFN7E~1.XLS")) returned 1 [0203.442] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a089c50, ftCreationTime.dwHighDateTime=0x1d82917, ftLastAccessTime.dwLowDateTime=0xee886880, ftLastAccessTime.dwHighDateTime=0x1d8294c, ftLastWriteTime.dwLowDateTime=0xee886880, ftLastWriteTime.dwHighDateTime=0x1d8294c, nFileSizeHigh=0x0, nFileSizeLow=0x9421, dwReserved0=0x0, dwReserved1=0x0, cFileName="AJOZtXvu7QfT.odt", cAlternateFileName="AJOZTX~1.ODT")) returned 1 [0203.442] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83951500, ftCreationTime.dwHighDateTime=0x1d7cc04, ftLastAccessTime.dwLowDateTime=0xecd570a0, ftLastAccessTime.dwHighDateTime=0x1d7d1d1, ftLastWriteTime.dwLowDateTime=0xecd570a0, ftLastWriteTime.dwHighDateTime=0x1d7d1d1, nFileSizeHigh=0x0, nFileSizeLow=0xf2b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="BAJe.docx", cAlternateFileName="BAJE~1.DOC")) returned 1 [0203.442] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43649a85, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43649a85, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x4372e947, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0203.442] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb47e6250, ftCreationTime.dwHighDateTime=0x1d7c0ee, ftLastAccessTime.dwLowDateTime=0x5ca90e0, ftLastAccessTime.dwHighDateTime=0x1d8074c, ftLastWriteTime.dwLowDateTime=0x5ca90e0, ftLastWriteTime.dwHighDateTime=0x1d8074c, nFileSizeHigh=0x0, nFileSizeLow=0x3565, dwReserved0=0x0, dwReserved1=0x0, cFileName="EgNVA.pptx", cAlternateFileName="EGNVA~1.PPT")) returned 1 [0203.443] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2be59690, ftCreationTime.dwHighDateTime=0x1d80f70, ftLastAccessTime.dwLowDateTime=0x3acac80, ftLastAccessTime.dwHighDateTime=0x1d81bdd, ftLastWriteTime.dwLowDateTime=0x3acac80, ftLastWriteTime.dwHighDateTime=0x1d81bdd, nFileSizeHigh=0x0, nFileSizeLow=0x442f, dwReserved0=0x0, dwReserved1=0x0, cFileName="foayjE.pptx", cAlternateFileName="FOAYJE~1.PPT")) returned 1 [0203.443] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3fd54830, ftCreationTime.dwHighDateTime=0x1d8297e, ftLastAccessTime.dwLowDateTime=0xe4fa8e10, ftLastAccessTime.dwHighDateTime=0x1d829d8, ftLastWriteTime.dwLowDateTime=0xe4fa8e10, ftLastWriteTime.dwHighDateTime=0x1d829d8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="F_8pl8t", cAlternateFileName="")) returned 1 [0203.443] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57c7dd60, ftCreationTime.dwHighDateTime=0x1d7b492, ftLastAccessTime.dwLowDateTime=0xd69d7e90, ftLastAccessTime.dwHighDateTime=0x1d7f63e, ftLastWriteTime.dwLowDateTime=0xd69d7e90, ftLastWriteTime.dwHighDateTime=0x1d7f63e, nFileSizeHigh=0x0, nFileSizeLow=0x9f83, dwReserved0=0x0, dwReserved1=0x0, cFileName="iOVreLoxPhj7stpatiPe.docx", cAlternateFileName="IOVREL~1.DOC")) returned 1 [0203.443] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa336b3a0, ftCreationTime.dwHighDateTime=0x1d81aba, ftLastAccessTime.dwLowDateTime=0x23674590, ftLastAccessTime.dwHighDateTime=0x1d81f8d, ftLastWriteTime.dwLowDateTime=0x23674590, ftLastWriteTime.dwHighDateTime=0x1d81f8d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JN3akvSGJi", cAlternateFileName="JN3AKV~1")) returned 1 [0203.443] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c3f18b0, ftCreationTime.dwHighDateTime=0x1d8123e, ftLastAccessTime.dwLowDateTime=0xb9633830, ftLastAccessTime.dwHighDateTime=0x1d8298b, ftLastWriteTime.dwLowDateTime=0xb9633830, ftLastWriteTime.dwHighDateTime=0x1d8298b, nFileSizeHigh=0x0, nFileSizeLow=0x135e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Juhec_87-J -LcDPj7R.xlsx", cAlternateFileName="JUHEC_~1.XLS")) returned 1 [0203.443] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31695300, ftCreationTime.dwHighDateTime=0x1d82815, ftLastAccessTime.dwLowDateTime=0xd3dfd3f0, ftLastAccessTime.dwHighDateTime=0x1d8286c, ftLastWriteTime.dwLowDateTime=0xd3dfd3f0, ftLastWriteTime.dwHighDateTime=0x1d8286c, nFileSizeHigh=0x0, nFileSizeLow=0x143a7, dwReserved0=0x0, dwReserved1=0x0, cFileName="LYfQAN97cU.doc", cAlternateFileName="LYFQAN~1.DOC")) returned 1 [0203.443] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0203.444] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0203.444] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0203.444] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47e1ead0, ftCreationTime.dwHighDateTime=0x1d81991, ftLastAccessTime.dwLowDateTime=0xb9950100, ftLastAccessTime.dwHighDateTime=0x1d81c6e, ftLastWriteTime.dwLowDateTime=0xb9950100, ftLastWriteTime.dwHighDateTime=0x1d81c6e, nFileSizeHigh=0x0, nFileSizeLow=0x6757, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="nh_ayDk4U dJuq.pptx", cAlternateFileName="NH_AYD~1.PPT")) returned 1 [0203.444] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadae67b0, ftCreationTime.dwHighDateTime=0x1d7b91c, ftLastAccessTime.dwLowDateTime=0x10973380, ftLastAccessTime.dwHighDateTime=0x1d8089a, ftLastWriteTime.dwLowDateTime=0x10973380, ftLastWriteTime.dwHighDateTime=0x1d8089a, nFileSizeHigh=0x0, nFileSizeLow=0x168f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="NOUPcFxdi9.xlsx", cAlternateFileName="NOUPCF~1.XLS")) returned 1 [0203.444] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1edd9d0, ftCreationTime.dwHighDateTime=0x1d8249a, ftLastAccessTime.dwLowDateTime=0x4f745570, ftLastAccessTime.dwHighDateTime=0x1d82892, ftLastWriteTime.dwLowDateTime=0x4f745570, ftLastWriteTime.dwHighDateTime=0x1d82892, nFileSizeHigh=0x0, nFileSizeLow=0xf51d, dwReserved0=0x0, dwReserved1=0x0, cFileName="NyHQqR6F02G_ox.pptx", cAlternateFileName="NYHQQR~1.PPT")) returned 1 [0203.444] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63954f0d, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x65ef9a5c, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x65ef9a5c, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0203.445] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b3802f0, ftCreationTime.dwHighDateTime=0x1d82433, ftLastAccessTime.dwLowDateTime=0x28c19b80, ftLastAccessTime.dwHighDateTime=0x1d829a1, ftLastWriteTime.dwLowDateTime=0x28c19b80, ftLastWriteTime.dwHighDateTime=0x1d829a1, nFileSizeHigh=0x0, nFileSizeLow=0x14405, dwReserved0=0x0, dwReserved1=0x0, cFileName="qn--Dnwch0FHbbgzTTO.doc", cAlternateFileName="QN--DN~1.DOC")) returned 1 [0203.445] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x748b5080, ftCreationTime.dwHighDateTime=0x1d79da9, ftLastAccessTime.dwLowDateTime=0x5548a770, ftLastAccessTime.dwHighDateTime=0x1d7ee78, ftLastWriteTime.dwLowDateTime=0x5548a770, ftLastWriteTime.dwHighDateTime=0x1d7ee78, nFileSizeHigh=0x0, nFileSizeLow=0x911c, dwReserved0=0x0, dwReserved1=0x0, cFileName="reOIkC.xlsx", cAlternateFileName="REOIKC~1.XLS")) returned 1 [0203.446] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59dd7be0, ftCreationTime.dwHighDateTime=0x1d81ba9, ftLastAccessTime.dwLowDateTime=0x2f380b30, ftLastAccessTime.dwHighDateTime=0x1d81e3d, ftLastWriteTime.dwLowDateTime=0x2f380b30, ftLastWriteTime.dwHighDateTime=0x1d81e3d, nFileSizeHigh=0x0, nFileSizeLow=0xd068, dwReserved0=0x0, dwReserved1=0x0, cFileName="sBn Uk0ytdM055VR.doc", cAlternateFileName="SBNUK0~1.DOC")) returned 1 [0203.446] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd3be1c0, ftCreationTime.dwHighDateTime=0x1d7bb8a, ftLastAccessTime.dwLowDateTime=0xc5949aa0, ftLastAccessTime.dwHighDateTime=0x1d80ef0, ftLastWriteTime.dwLowDateTime=0xc5949aa0, ftLastWriteTime.dwHighDateTime=0x1d80ef0, nFileSizeHigh=0x0, nFileSizeLow=0x1324c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sxq8yYPsbOADIX.xlsx", cAlternateFileName="SXQ8YY~1.XLS")) returned 1 [0203.447] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5384f70, ftCreationTime.dwHighDateTime=0x1d7ff70, ftLastAccessTime.dwLowDateTime=0xa2cea0b0, ftLastAccessTime.dwHighDateTime=0x1d82386, ftLastWriteTime.dwLowDateTime=0xa2cea0b0, ftLastWriteTime.dwHighDateTime=0x1d82386, nFileSizeHigh=0x0, nFileSizeLow=0x17b0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="uDnFB3fA14uy4UENlcK.docx", cAlternateFileName="UDNFB3~1.DOC")) returned 1 [0203.447] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70e3db50, ftCreationTime.dwHighDateTime=0x1d8038e, ftLastAccessTime.dwLowDateTime=0xcff1e390, ftLastAccessTime.dwHighDateTime=0x1d817e7, ftLastWriteTime.dwLowDateTime=0xcff1e390, ftLastWriteTime.dwHighDateTime=0x1d817e7, nFileSizeHigh=0x0, nFileSizeLow=0x14bec, dwReserved0=0x0, dwReserved1=0x0, cFileName="vy87ulZFy.docx", cAlternateFileName="VY87UL~1.DOC")) returned 1 [0203.447] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d86f40, ftCreationTime.dwHighDateTime=0x1d7b646, ftLastAccessTime.dwLowDateTime=0x612c2490, ftLastAccessTime.dwHighDateTime=0x1d7bf2f, ftLastWriteTime.dwLowDateTime=0x612c2490, ftLastWriteTime.dwHighDateTime=0x1d7bf2f, nFileSizeHigh=0x0, nFileSizeLow=0x96a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="YdjNmFIdm.xlsx", cAlternateFileName="YDJNMF~1.XLS")) returned 1 [0203.447] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc5c4bc10, ftCreationTime.dwHighDateTime=0x1d81b09, ftLastAccessTime.dwLowDateTime=0xb37cd960, ftLastAccessTime.dwHighDateTime=0x1d8278f, ftLastWriteTime.dwLowDateTime=0xb37cd960, ftLastWriteTime.dwHighDateTime=0x1d8278f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Yvp 2zOqN8", cAlternateFileName="YVP2ZO~1")) returned 1 [0203.447] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca69d880, ftCreationTime.dwHighDateTime=0x1d811a5, ftLastAccessTime.dwLowDateTime=0x93600b00, ftLastAccessTime.dwHighDateTime=0x1d81558, ftLastWriteTime.dwLowDateTime=0x93600b00, ftLastWriteTime.dwHighDateTime=0x1d81558, nFileSizeHigh=0x0, nFileSizeLow=0x1085e, dwReserved0=0x0, dwReserved1=0x0, cFileName="YyiJJhqdwi8qn.docx", cAlternateFileName="YYIJJH~1.DOC")) returned 1 [0203.447] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0203.447] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0203.448] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0203.448] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0203.448] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx", lpFilePart=0x0) returned 0x32 [0203.448] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx", lpFilePart=0x0) returned 0x32 [0203.448] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx", dwFileAttributes=0x80) returned 1 [0203.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0203.448] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\8-58vgrqyz gs.pptx"), fInfoLevelId=0x0, lpFileInformation=0x25dc7d8 | out: lpFileInformation=0x25dc7d8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xb58ded50, ftCreationTime.dwHighDateTime=0x1d7ce72, ftLastAccessTime.dwLowDateTime=0x1ff66f00, ftLastAccessTime.dwHighDateTime=0x1d80866, ftLastWriteTime.dwLowDateTime=0x1ff66f00, ftLastWriteTime.dwHighDateTime=0x1d80866, nFileSizeHigh=0x0, nFileSizeLow=0xf6ca)) returned 1 [0203.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0203.449] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx", lpFilePart=0x0) returned 0x32 [0203.449] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0203.449] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\8-58vgrqyz gs.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0203.449] GetFileType (hFile=0x1f4) returned 0x1 [0203.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0203.449] GetFileType (hFile=0x1f4) returned 0x1 [0203.449] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0xf6ca [0203.449] ReadFile (in: hFile=0x1f4, lpBuffer=0x25dcc68, nNumberOfBytesToRead=0xf6ca, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25dcc68*, lpNumberOfBytesRead=0x14edd8*=0xf6ca, lpOverlapped=0x0) returned 1 [0203.451] CloseHandle (hObject=0x1f4) returned 1 [0203.795] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx", lpFilePart=0x0) returned 0x32 [0203.795] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0203.795] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\8-58vgrqyz gs.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0203.797] GetFileType (hFile=0x1f4) returned 0x1 [0203.797] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0203.797] GetFileType (hFile=0x1f4) returned 0x1 [0203.797] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.805] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.805] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.806] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.806] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.806] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.807] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.807] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.807] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.808] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.808] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.808] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.809] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.809] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.809] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.810] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.810] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.810] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.811] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.811] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0203.811] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693c30*, nNumberOfBytesToWrite=0x9e0, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2693c30*, lpNumberOfBytesWritten=0x14ec98*=0x9e0, lpOverlapped=0x0) returned 1 [0203.811] CloseHandle (hObject=0x1f4) returned 1 [0203.815] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx", lpFilePart=0x0) returned 0x32 [0203.815] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx.ampkcz", lpFilePart=0x0) returned 0x39 [0203.815] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0203.815] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\8-58vgrqyz gs.pptx"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb58ded50, ftCreationTime.dwHighDateTime=0x1d7ce72, ftLastAccessTime.dwLowDateTime=0x1ff66f00, ftLastAccessTime.dwHighDateTime=0x1d80866, ftLastWriteTime.dwLowDateTime=0x67e254da, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x149e0)) returned 1 [0203.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0203.815] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\8-58vgrqyz gs.pptx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\8-58vgRqyz gS.pptx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\8-58vgrqyz gs.pptx.ampkcz")) returned 1 [0203.816] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\readme.txt", lpFilePart=0x0) returned 0x2a [0203.816] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0203.816] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0203.816] GetFileType (hFile=0x1f4) returned 0x1 [0203.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0203.817] GetFileType (hFile=0x1f4) returned 0x1 [0203.818] WriteFile (in: hFile=0x1f4, lpBuffer=0x2696e38*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ed48, lpOverlapped=0x0 | out: lpBuffer=0x2696e38*, lpNumberOfBytesWritten=0x14ed48*=0x6c6, lpOverlapped=0x0) returned 1 [0203.819] CloseHandle (hObject=0x1f4) returned 1 [0203.819] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls", lpFilePart=0x0) returned 0x37 [0203.819] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls", lpFilePart=0x0) returned 0x37 [0203.819] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls", dwFileAttributes=0x80) returned 1 [0203.819] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0203.819] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\aefn7e6mhjmf2f11jes.xls"), fInfoLevelId=0x0, lpFileInformation=0x26987e0 | out: lpFileInformation=0x26987e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1276ac00, ftCreationTime.dwHighDateTime=0x1d81a2c, ftLastAccessTime.dwLowDateTime=0xda7459a0, ftLastAccessTime.dwHighDateTime=0x1d81bad, ftLastWriteTime.dwLowDateTime=0xda7459a0, ftLastWriteTime.dwHighDateTime=0x1d81bad, nFileSizeHigh=0x0, nFileSizeLow=0x2309)) returned 1 [0203.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0203.820] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls", lpFilePart=0x0) returned 0x37 [0203.820] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0203.820] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\aefn7e6mhjmf2f11jes.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0203.820] GetFileType (hFile=0x1f4) returned 0x1 [0203.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0203.820] GetFileType (hFile=0x1f4) returned 0x1 [0203.820] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x2309 [0203.820] ReadFile (in: hFile=0x1f4, lpBuffer=0x2698c98, nNumberOfBytesToRead=0x2309, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2698c98*, lpNumberOfBytesRead=0x14edd8*=0x2309, lpOverlapped=0x0) returned 1 [0203.821] CloseHandle (hObject=0x1f4) returned 1 [0204.119] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls", lpFilePart=0x0) returned 0x37 [0204.119] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0204.119] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\aefn7e6mhjmf2f11jes.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0204.120] GetFileType (hFile=0x1f4) returned 0x1 [0204.120] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0204.120] GetFileType (hFile=0x1f4) returned 0x1 [0204.120] WriteFile (in: hFile=0x1f4, lpBuffer=0x272b058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x272b058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.121] WriteFile (in: hFile=0x1f4, lpBuffer=0x272b058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x272b058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.122] WriteFile (in: hFile=0x1f4, lpBuffer=0x272b058*, nNumberOfBytesToWrite=0xf88, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x272b058*, lpNumberOfBytesWritten=0x14ec98*=0xf88, lpOverlapped=0x0) returned 1 [0204.122] CloseHandle (hObject=0x1f4) returned 1 [0204.123] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls", lpFilePart=0x0) returned 0x37 [0204.124] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls.ampkcz", lpFilePart=0x0) returned 0x3e [0204.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0204.124] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\aefn7e6mhjmf2f11jes.xls"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1276ac00, ftCreationTime.dwHighDateTime=0x1d81a2c, ftLastAccessTime.dwLowDateTime=0xda7459a0, ftLastAccessTime.dwHighDateTime=0x1d81bad, ftLastWriteTime.dwLowDateTime=0x68117323, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2f88)) returned 1 [0204.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0204.124] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\aefn7e6mhjmf2f11jes.xls"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AEfN7e6MhjMF2F11JEs.xls.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\aefn7e6mhjmf2f11jes.xls.ampkcz")) returned 1 [0204.125] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt", lpFilePart=0x0) returned 0x30 [0204.125] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt", lpFilePart=0x0) returned 0x30 [0204.125] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt", dwFileAttributes=0x80) returned 1 [0204.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0204.125] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ajoztxvu7qft.odt"), fInfoLevelId=0x0, lpFileInformation=0x272c4e8 | out: lpFileInformation=0x272c4e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5a089c50, ftCreationTime.dwHighDateTime=0x1d82917, ftLastAccessTime.dwLowDateTime=0xee886880, ftLastAccessTime.dwHighDateTime=0x1d8294c, ftLastWriteTime.dwLowDateTime=0xee886880, ftLastWriteTime.dwHighDateTime=0x1d8294c, nFileSizeHigh=0x0, nFileSizeLow=0x9421)) returned 1 [0204.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0204.125] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt", lpFilePart=0x0) returned 0x30 [0204.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0204.125] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ajoztxvu7qft.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0204.126] GetFileType (hFile=0x1f4) returned 0x1 [0204.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0204.126] GetFileType (hFile=0x1f4) returned 0x1 [0204.126] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x9421 [0204.126] ReadFile (in: hFile=0x1f4, lpBuffer=0x272c978, nNumberOfBytesToRead=0x9421, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x272c978*, lpNumberOfBytesRead=0x14edd8*=0x9421, lpOverlapped=0x0) returned 1 [0204.127] CloseHandle (hObject=0x1f4) returned 1 [0204.457] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt", lpFilePart=0x0) returned 0x30 [0204.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0204.457] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ajoztxvu7qft.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0204.459] GetFileType (hFile=0x1f4) returned 0x1 [0204.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0204.459] GetFileType (hFile=0x1f4) returned 0x1 [0204.459] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e80b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25e80b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.460] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e80b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25e80b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.461] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e80b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25e80b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.461] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e80b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25e80b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.461] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e80b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25e80b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.462] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e80b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25e80b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.462] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e80b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25e80b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.462] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e80b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25e80b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.463] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e80b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25e80b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.463] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e80b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25e80b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.463] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e80b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25e80b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.464] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e80b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25e80b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.464] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e80b0*, nNumberOfBytesToWrite=0x660, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25e80b0*, lpNumberOfBytesWritten=0x14ec98*=0x660, lpOverlapped=0x0) returned 1 [0204.464] CloseHandle (hObject=0x1f4) returned 1 [0204.468] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt", lpFilePart=0x0) returned 0x30 [0204.469] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt.ampkcz", lpFilePart=0x0) returned 0x37 [0204.469] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0204.469] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ajoztxvu7qft.odt"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a089c50, ftCreationTime.dwHighDateTime=0x1d82917, ftLastAccessTime.dwLowDateTime=0xee886880, ftLastAccessTime.dwHighDateTime=0x1d8294c, ftLastWriteTime.dwLowDateTime=0x684616f2, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc660)) returned 1 [0204.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0204.469] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ajoztxvu7qft.odt"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\AJOZtXvu7QfT.odt.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ajoztxvu7qft.odt.ampkcz")) returned 1 [0204.470] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx", lpFilePart=0x0) returned 0x29 [0204.470] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx", lpFilePart=0x0) returned 0x29 [0204.470] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx", dwFileAttributes=0x80) returned 1 [0204.470] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0204.470] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\baje.docx"), fInfoLevelId=0x0, lpFileInformation=0x25e9440 | out: lpFileInformation=0x25e9440*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x83951500, ftCreationTime.dwHighDateTime=0x1d7cc04, ftLastAccessTime.dwLowDateTime=0xecd570a0, ftLastAccessTime.dwHighDateTime=0x1d7d1d1, ftLastWriteTime.dwLowDateTime=0xecd570a0, ftLastWriteTime.dwHighDateTime=0x1d7d1d1, nFileSizeHigh=0x0, nFileSizeLow=0xf2b4)) returned 1 [0204.470] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0204.470] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx", lpFilePart=0x0) returned 0x29 [0204.471] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0204.471] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\baje.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0204.471] GetFileType (hFile=0x1f4) returned 0x1 [0204.471] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0204.471] GetFileType (hFile=0x1f4) returned 0x1 [0204.471] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0xf2b4 [0204.471] ReadFile (in: hFile=0x1f4, lpBuffer=0x25e9880, nNumberOfBytesToRead=0xf2b4, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25e9880*, lpNumberOfBytesRead=0x14edd8*=0xf2b4, lpOverlapped=0x0) returned 1 [0204.472] CloseHandle (hObject=0x1f4) returned 1 [0204.798] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx", lpFilePart=0x0) returned 0x29 [0204.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0204.798] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\baje.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0204.803] GetFileType (hFile=0x1f4) returned 0x1 [0204.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0204.803] GetFileType (hFile=0x1f4) returned 0x1 [0204.804] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.805] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.805] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.805] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.806] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.806] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.806] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.807] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.807] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.807] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.808] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.808] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.808] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.809] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.809] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.809] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.810] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.810] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.810] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.811] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0204.811] WriteFile (in: hFile=0x1f4, lpBuffer=0x2540918*, nNumberOfBytesToWrite=0x474, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2540918*, lpNumberOfBytesWritten=0x14ec98*=0x474, lpOverlapped=0x0) returned 1 [0204.811] CloseHandle (hObject=0x1f4) returned 1 [0204.814] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx", lpFilePart=0x0) returned 0x29 [0204.814] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx.ampkcz", lpFilePart=0x0) returned 0x30 [0204.814] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0204.814] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\baje.docx"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83951500, ftCreationTime.dwHighDateTime=0x1d7cc04, ftLastAccessTime.dwLowDateTime=0xecd570a0, ftLastAccessTime.dwHighDateTime=0x1d7d1d1, ftLastWriteTime.dwLowDateTime=0x687acbac, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x14474)) returned 1 [0204.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0204.814] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\baje.docx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\BAJe.docx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\baje.docx.ampkcz")) returned 1 [0204.817] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini", lpFilePart=0x0) returned 0x2b [0204.817] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini", lpFilePart=0x0) returned 0x2b [0204.817] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini", dwFileAttributes=0x80) returned 1 [0204.817] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0204.817] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x2542ac0 | out: lpFileInformation=0x2542ac0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x43649a85, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43649a85, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x4372e947, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x192)) returned 1 [0204.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0204.818] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini", lpFilePart=0x0) returned 0x2b [0204.818] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0204.818] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0204.818] GetFileType (hFile=0x1f4) returned 0x1 [0204.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0204.818] GetFileType (hFile=0x1f4) returned 0x1 [0204.818] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x192 [0204.818] ReadFile (in: hFile=0x1f4, lpBuffer=0x25430b0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25430b0*, lpNumberOfBytesRead=0x14edd8*=0x192, lpOverlapped=0x0) returned 1 [0204.818] CloseHandle (hObject=0x1f4) returned 1 [0205.109] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini", lpFilePart=0x0) returned 0x2b [0205.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0205.109] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0205.110] GetFileType (hFile=0x1f4) returned 0x1 [0205.110] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0205.110] GetFileType (hFile=0x1f4) returned 0x1 [0205.110] WriteFile (in: hFile=0x1f4, lpBuffer=0x25be7b8*, nNumberOfBytesToWrite=0x2f4, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25be7b8*, lpNumberOfBytesWritten=0x14ec98*=0x2f4, lpOverlapped=0x0) returned 1 [0205.112] CloseHandle (hObject=0x1f4) returned 1 [0205.113] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini", lpFilePart=0x0) returned 0x2b [0205.113] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini.ampkcz", lpFilePart=0x0) returned 0x32 [0205.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0205.113] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43649a85, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43649a85, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x68a870c9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2f4)) returned 1 [0205.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0205.113] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\desktop.ini"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\desktop.ini.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\desktop.ini.ampkcz")) returned 1 [0205.114] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx", lpFilePart=0x0) returned 0x2a [0205.114] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx", lpFilePart=0x0) returned 0x2a [0205.114] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx", dwFileAttributes=0x80) returned 1 [0205.115] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0205.115] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\egnva.pptx"), fInfoLevelId=0x0, lpFileInformation=0x25bfbc8 | out: lpFileInformation=0x25bfbc8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xb47e6250, ftCreationTime.dwHighDateTime=0x1d7c0ee, ftLastAccessTime.dwLowDateTime=0x5ca90e0, ftLastAccessTime.dwHighDateTime=0x1d8074c, ftLastWriteTime.dwLowDateTime=0x5ca90e0, ftLastWriteTime.dwHighDateTime=0x1d8074c, nFileSizeHigh=0x0, nFileSizeLow=0x3565)) returned 1 [0205.115] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0205.115] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx", lpFilePart=0x0) returned 0x2a [0205.115] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0205.115] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\egnva.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0205.115] GetFileType (hFile=0x1f4) returned 0x1 [0205.115] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0205.115] GetFileType (hFile=0x1f4) returned 0x1 [0205.115] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x3565 [0205.115] ReadFile (in: hFile=0x1f4, lpBuffer=0x25c0008, nNumberOfBytesToRead=0x3565, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25c0008*, lpNumberOfBytesRead=0x14edd8*=0x3565, lpOverlapped=0x0) returned 1 [0205.116] CloseHandle (hObject=0x1f4) returned 1 [0205.402] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx", lpFilePart=0x0) returned 0x2a [0205.402] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0205.403] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\egnva.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0205.404] GetFileType (hFile=0x1f4) returned 0x1 [0205.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0205.404] GetFileType (hFile=0x1f4) returned 0x1 [0205.404] WriteFile (in: hFile=0x1f4, lpBuffer=0x265f3d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265f3d8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0205.405] WriteFile (in: hFile=0x1f4, lpBuffer=0x265f3d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265f3d8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0205.406] WriteFile (in: hFile=0x1f4, lpBuffer=0x265f3d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265f3d8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0205.406] WriteFile (in: hFile=0x1f4, lpBuffer=0x265f3d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265f3d8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0205.406] WriteFile (in: hFile=0x1f4, lpBuffer=0x265f3d8*, nNumberOfBytesToWrite=0x808, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x265f3d8*, lpNumberOfBytesWritten=0x14ec98*=0x808, lpOverlapped=0x0) returned 1 [0205.407] CloseHandle (hObject=0x1f4) returned 1 [0205.409] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx", lpFilePart=0x0) returned 0x2a [0205.409] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx.ampkcz", lpFilePart=0x0) returned 0x31 [0205.409] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0205.409] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\egnva.pptx"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb47e6250, ftCreationTime.dwHighDateTime=0x1d7c0ee, ftLastAccessTime.dwLowDateTime=0x5ca90e0, ftLastAccessTime.dwHighDateTime=0x1d8074c, ftLastWriteTime.dwLowDateTime=0x68d591e3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x4808)) returned 1 [0205.409] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0205.409] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\egnva.pptx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\EgNVA.pptx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\egnva.pptx.ampkcz")) returned 1 [0205.410] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx", lpFilePart=0x0) returned 0x2b [0205.410] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx", lpFilePart=0x0) returned 0x2b [0205.410] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx", dwFileAttributes=0x80) returned 1 [0205.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0205.410] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\foayje.pptx"), fInfoLevelId=0x0, lpFileInformation=0x26607e8 | out: lpFileInformation=0x26607e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2be59690, ftCreationTime.dwHighDateTime=0x1d80f70, ftLastAccessTime.dwLowDateTime=0x3acac80, ftLastAccessTime.dwHighDateTime=0x1d81bdd, ftLastWriteTime.dwLowDateTime=0x3acac80, ftLastWriteTime.dwHighDateTime=0x1d81bdd, nFileSizeHigh=0x0, nFileSizeLow=0x442f)) returned 1 [0205.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0205.411] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx", lpFilePart=0x0) returned 0x2b [0205.411] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0205.411] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\foayje.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0205.411] GetFileType (hFile=0x1f4) returned 0x1 [0205.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0205.411] GetFileType (hFile=0x1f4) returned 0x1 [0205.411] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x442f [0205.411] ReadFile (in: hFile=0x1f4, lpBuffer=0x2660c28, nNumberOfBytesToRead=0x442f, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2660c28*, lpNumberOfBytesRead=0x14edd8*=0x442f, lpOverlapped=0x0) returned 1 [0205.412] CloseHandle (hObject=0x1f4) returned 1 [0205.673] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx", lpFilePart=0x0) returned 0x2b [0205.674] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0205.674] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\foayje.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0205.675] GetFileType (hFile=0x1f4) returned 0x1 [0205.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0205.675] GetFileType (hFile=0x1f4) returned 0x1 [0205.675] WriteFile (in: hFile=0x1f4, lpBuffer=0x270a728*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x270a728*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0205.676] WriteFile (in: hFile=0x1f4, lpBuffer=0x270a728*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x270a728*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0205.677] WriteFile (in: hFile=0x1f4, lpBuffer=0x270a728*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x270a728*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0205.677] WriteFile (in: hFile=0x1f4, lpBuffer=0x270a728*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x270a728*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0205.677] WriteFile (in: hFile=0x1f4, lpBuffer=0x270a728*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x270a728*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0205.678] WriteFile (in: hFile=0x1f4, lpBuffer=0x270a728*, nNumberOfBytesToWrite=0xbb4, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x270a728*, lpNumberOfBytesWritten=0x14ec98*=0xbb4, lpOverlapped=0x0) returned 1 [0205.678] CloseHandle (hObject=0x1f4) returned 1 [0205.680] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx", lpFilePart=0x0) returned 0x2b [0205.680] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx.ampkcz", lpFilePart=0x0) returned 0x32 [0205.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0205.680] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\foayje.pptx"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2be59690, ftCreationTime.dwHighDateTime=0x1d80f70, ftLastAccessTime.dwLowDateTime=0x3acac80, ftLastAccessTime.dwHighDateTime=0x1d81bdd, ftLastWriteTime.dwLowDateTime=0x68fefbed, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x5bb4)) returned 1 [0205.681] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0205.681] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\foayje.pptx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\foayjE.pptx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\foayje.pptx.ampkcz")) returned 1 [0205.682] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx", lpFilePart=0x0) returned 0x39 [0205.682] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx", lpFilePart=0x0) returned 0x39 [0205.682] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx", dwFileAttributes=0x80) returned 1 [0205.684] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0205.685] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\iovreloxphj7stpatipe.docx"), fInfoLevelId=0x0, lpFileInformation=0x270bab8 | out: lpFileInformation=0x270bab8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x57c7dd60, ftCreationTime.dwHighDateTime=0x1d7b492, ftLastAccessTime.dwLowDateTime=0xd69d7e90, ftLastAccessTime.dwHighDateTime=0x1d7f63e, ftLastWriteTime.dwLowDateTime=0xd69d7e90, ftLastWriteTime.dwHighDateTime=0x1d7f63e, nFileSizeHigh=0x0, nFileSizeLow=0x9f83)) returned 1 [0205.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0205.685] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx", lpFilePart=0x0) returned 0x39 [0205.685] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0205.685] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\iovreloxphj7stpatipe.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0205.720] GetFileType (hFile=0x1f4) returned 0x1 [0205.720] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0205.720] GetFileType (hFile=0x1f4) returned 0x1 [0205.720] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x9f83 [0205.720] ReadFile (in: hFile=0x1f4, lpBuffer=0x270bf98, nNumberOfBytesToRead=0x9f83, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x270bf98*, lpNumberOfBytesRead=0x14edd8*=0x9f83, lpOverlapped=0x0) returned 1 [0205.721] CloseHandle (hObject=0x1f4) returned 1 [0206.026] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx", lpFilePart=0x0) returned 0x39 [0206.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0206.026] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\iovreloxphj7stpatipe.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0206.027] GetFileType (hFile=0x1f4) returned 0x1 [0206.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0206.028] GetFileType (hFile=0x1f4) returned 0x1 [0206.028] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb7a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25cb7a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.029] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb7a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25cb7a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.030] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb7a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25cb7a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.030] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb7a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25cb7a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.030] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb7a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25cb7a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.031] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb7a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25cb7a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.031] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb7a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25cb7a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.031] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb7a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25cb7a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.032] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb7a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25cb7a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.032] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb7a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25cb7a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.032] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb7a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25cb7a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.033] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb7a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25cb7a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.033] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb7a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25cb7a8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.033] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb7a8*, nNumberOfBytesToWrite=0x588, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25cb7a8*, lpNumberOfBytesWritten=0x14ec98*=0x588, lpOverlapped=0x0) returned 1 [0206.034] CloseHandle (hObject=0x1f4) returned 1 [0206.037] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx", lpFilePart=0x0) returned 0x39 [0206.037] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx.ampkcz", lpFilePart=0x0) returned 0x40 [0206.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0206.037] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\iovreloxphj7stpatipe.docx"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57c7dd60, ftCreationTime.dwHighDateTime=0x1d7b492, ftLastAccessTime.dwLowDateTime=0xd69d7e90, ftLastAccessTime.dwHighDateTime=0x1d7f63e, ftLastWriteTime.dwLowDateTime=0x69356958, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd588)) returned 1 [0206.037] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0206.037] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\iovreloxphj7stpatipe.docx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\iOVreLoxPhj7stpatiPe.docx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\iovreloxphj7stpatipe.docx.ampkcz")) returned 1 [0206.038] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx", lpFilePart=0x0) returned 0x38 [0206.038] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx", lpFilePart=0x0) returned 0x38 [0206.038] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx", dwFileAttributes=0x80) returned 1 [0206.039] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0206.039] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\juhec_87-j -lcdpj7r.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x25ccbe8 | out: lpFileInformation=0x25ccbe8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x3c3f18b0, ftCreationTime.dwHighDateTime=0x1d8123e, ftLastAccessTime.dwLowDateTime=0xb9633830, ftLastAccessTime.dwHighDateTime=0x1d8298b, ftLastWriteTime.dwLowDateTime=0xb9633830, ftLastWriteTime.dwHighDateTime=0x1d8298b, nFileSizeHigh=0x0, nFileSizeLow=0x135e4)) returned 1 [0206.039] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0206.039] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx", lpFilePart=0x0) returned 0x38 [0206.039] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0206.039] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\juhec_87-j -lcdpj7r.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0206.039] GetFileType (hFile=0x1f4) returned 0x1 [0206.039] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0206.039] GetFileType (hFile=0x1f4) returned 0x1 [0206.039] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x135e4 [0206.039] ReadFile (in: hFile=0x1f4, lpBuffer=0x25cd0c8, nNumberOfBytesToRead=0x135e4, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25cd0c8*, lpNumberOfBytesRead=0x14edd8*=0x135e4, lpOverlapped=0x0) returned 1 [0206.041] CloseHandle (hObject=0x1f4) returned 1 [0206.371] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx", lpFilePart=0x0) returned 0x38 [0206.371] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0206.371] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\juhec_87-j -lcdpj7r.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0206.373] GetFileType (hFile=0x1f4) returned 0x1 [0206.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0206.373] GetFileType (hFile=0x1f4) returned 0x1 [0206.373] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.374] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.375] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.375] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.376] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.376] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.376] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.377] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.377] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.377] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.378] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.378] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.378] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.378] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.379] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.379] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.379] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.380] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.380] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.380] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.381] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.381] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.381] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.382] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.382] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.382] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693d30*, nNumberOfBytesToWrite=0xe08, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2693d30*, lpNumberOfBytesWritten=0x14ec98*=0xe08, lpOverlapped=0x0) returned 1 [0206.383] CloseHandle (hObject=0x1f4) returned 1 [0206.387] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx", lpFilePart=0x0) returned 0x38 [0206.387] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx.ampkcz", lpFilePart=0x0) returned 0x3f [0206.387] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0206.387] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\juhec_87-j -lcdpj7r.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c3f18b0, ftCreationTime.dwHighDateTime=0x1d8123e, ftLastAccessTime.dwLowDateTime=0xb9633830, ftLastAccessTime.dwHighDateTime=0x1d8298b, ftLastWriteTime.dwLowDateTime=0x696ac896, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x19e08)) returned 1 [0206.387] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0206.387] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\juhec_87-j -lcdpj7r.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Juhec_87-J -LcDPj7R.xlsx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\juhec_87-j -lcdpj7r.xlsx.ampkcz")) returned 1 [0206.388] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc", lpFilePart=0x0) returned 0x2e [0206.388] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc", lpFilePart=0x0) returned 0x2e [0206.388] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc", dwFileAttributes=0x80) returned 1 [0206.388] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0206.388] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\lyfqan97cu.doc"), fInfoLevelId=0x0, lpFileInformation=0x26950d0 | out: lpFileInformation=0x26950d0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x31695300, ftCreationTime.dwHighDateTime=0x1d82815, ftLastAccessTime.dwLowDateTime=0xd3dfd3f0, ftLastAccessTime.dwHighDateTime=0x1d8286c, ftLastWriteTime.dwLowDateTime=0xd3dfd3f0, ftLastWriteTime.dwHighDateTime=0x1d8286c, nFileSizeHigh=0x0, nFileSizeLow=0x143a7)) returned 1 [0206.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0206.389] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc", lpFilePart=0x0) returned 0x2e [0206.389] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0206.389] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\lyfqan97cu.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0206.389] GetFileType (hFile=0x1f4) returned 0x1 [0206.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0206.389] GetFileType (hFile=0x1f4) returned 0x1 [0206.389] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x143a7 [0206.389] ReadFile (in: hFile=0x1f4, lpBuffer=0x2695538, nNumberOfBytesToRead=0x143a7, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2695538*, lpNumberOfBytesRead=0x14edd8*=0x143a7, lpOverlapped=0x0) returned 1 [0206.390] CloseHandle (hObject=0x1f4) returned 1 [0206.708] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc", lpFilePart=0x0) returned 0x2e [0206.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0206.708] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\lyfqan97cu.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0206.710] GetFileType (hFile=0x1f4) returned 0x1 [0206.710] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0206.710] GetFileType (hFile=0x1f4) returned 0x1 [0206.710] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.711] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.711] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.712] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.712] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.713] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.713] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.713] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.714] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.714] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.715] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.715] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.715] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.715] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.716] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.716] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.716] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.717] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.717] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.717] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.718] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.718] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.718] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.719] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.719] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.719] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0206.720] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecb8, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ecb8*=0x1000, lpOverlapped=0x0) returned 1 [0206.720] WriteFile (in: hFile=0x1f4, lpBuffer=0x2564278*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2564278*, lpNumberOfBytesWritten=0x14ec98*=0x60, lpOverlapped=0x0) returned 1 [0206.720] CloseHandle (hObject=0x1f4) returned 1 [0206.724] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc", lpFilePart=0x0) returned 0x2e [0206.724] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc.ampkcz", lpFilePart=0x0) returned 0x35 [0206.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0206.725] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\lyfqan97cu.doc"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31695300, ftCreationTime.dwHighDateTime=0x1d82815, ftLastAccessTime.dwLowDateTime=0xd3dfd3f0, ftLastAccessTime.dwHighDateTime=0x1d8286c, ftLastWriteTime.dwLowDateTime=0x699e4d7b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1b060)) returned 1 [0206.725] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0206.725] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\lyfqan97cu.doc"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\LYfQAN97cU.doc.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\lyfqan97cu.doc.ampkcz")) returned 1 [0206.726] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx", lpFilePart=0x0) returned 0x33 [0206.726] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx", lpFilePart=0x0) returned 0x33 [0206.726] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx", dwFileAttributes=0x80) returned 1 [0206.726] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0206.726] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nh_aydk4u djuq.pptx"), fInfoLevelId=0x0, lpFileInformation=0x25656b0 | out: lpFileInformation=0x25656b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x47e1ead0, ftCreationTime.dwHighDateTime=0x1d81991, ftLastAccessTime.dwLowDateTime=0xb9950100, ftLastAccessTime.dwHighDateTime=0x1d81c6e, ftLastWriteTime.dwLowDateTime=0xb9950100, ftLastWriteTime.dwHighDateTime=0x1d81c6e, nFileSizeHigh=0x0, nFileSizeLow=0x6757)) returned 1 [0206.726] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0206.726] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx", lpFilePart=0x0) returned 0x33 [0206.726] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0206.726] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nh_aydk4u djuq.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0206.727] GetFileType (hFile=0x1f4) returned 0x1 [0206.727] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0206.727] GetFileType (hFile=0x1f4) returned 0x1 [0206.727] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x6757 [0206.727] ReadFile (in: hFile=0x1f4, lpBuffer=0x2565b40, nNumberOfBytesToRead=0x6757, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2565b40*, lpNumberOfBytesRead=0x14edd8*=0x6757, lpOverlapped=0x0) returned 1 [0206.728] CloseHandle (hObject=0x1f4) returned 1 [0207.054] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx", lpFilePart=0x0) returned 0x33 [0207.054] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0207.054] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nh_aydk4u djuq.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0207.055] GetFileType (hFile=0x1f4) returned 0x1 [0207.055] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0207.055] GetFileType (hFile=0x1f4) returned 0x1 [0207.056] WriteFile (in: hFile=0x1f4, lpBuffer=0x2628530*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2628530*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.057] WriteFile (in: hFile=0x1f4, lpBuffer=0x2628530*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2628530*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.057] WriteFile (in: hFile=0x1f4, lpBuffer=0x2628530*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2628530*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.058] WriteFile (in: hFile=0x1f4, lpBuffer=0x2628530*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2628530*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.058] WriteFile (in: hFile=0x1f4, lpBuffer=0x2628530*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2628530*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.058] WriteFile (in: hFile=0x1f4, lpBuffer=0x2628530*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2628530*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.059] WriteFile (in: hFile=0x1f4, lpBuffer=0x2628530*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2628530*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.059] WriteFile (in: hFile=0x1f4, lpBuffer=0x2628530*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2628530*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.059] WriteFile (in: hFile=0x1f4, lpBuffer=0x2628530*, nNumberOfBytesToWrite=0xaa0, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2628530*, lpNumberOfBytesWritten=0x14ec98*=0xaa0, lpOverlapped=0x0) returned 1 [0207.059] CloseHandle (hObject=0x1f4) returned 1 [0207.062] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx", lpFilePart=0x0) returned 0x33 [0207.062] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx.ampkcz", lpFilePart=0x0) returned 0x3a [0207.062] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0207.062] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nh_aydk4u djuq.pptx"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47e1ead0, ftCreationTime.dwHighDateTime=0x1d81991, ftLastAccessTime.dwLowDateTime=0xb9950100, ftLastAccessTime.dwHighDateTime=0x1d81c6e, ftLastWriteTime.dwLowDateTime=0x69d1c2d4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8aa0)) returned 1 [0207.062] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0207.062] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nh_aydk4u djuq.pptx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\nh_ayDk4U dJuq.pptx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nh_aydk4u djuq.pptx.ampkcz")) returned 1 [0207.063] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx", lpFilePart=0x0) returned 0x2f [0207.063] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx", lpFilePart=0x0) returned 0x2f [0207.063] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx", dwFileAttributes=0x80) returned 1 [0207.063] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0207.063] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\noupcfxdi9.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x2629928 | out: lpFileInformation=0x2629928*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xadae67b0, ftCreationTime.dwHighDateTime=0x1d7b91c, ftLastAccessTime.dwLowDateTime=0x10973380, ftLastAccessTime.dwHighDateTime=0x1d8089a, ftLastWriteTime.dwLowDateTime=0x10973380, ftLastWriteTime.dwHighDateTime=0x1d8089a, nFileSizeHigh=0x0, nFileSizeLow=0x168f7)) returned 1 [0207.063] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0207.064] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx", lpFilePart=0x0) returned 0x2f [0207.064] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0207.064] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\noupcfxdi9.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0207.064] GetFileType (hFile=0x1f4) returned 0x1 [0207.064] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0207.064] GetFileType (hFile=0x1f4) returned 0x1 [0207.064] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x168f7 [0207.064] ReadFile (in: hFile=0x1f4, lpBuffer=0x126f1840, nNumberOfBytesToRead=0x168f7, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x126f1840*, lpNumberOfBytesRead=0x14edd8*=0x168f7, lpOverlapped=0x0) returned 1 [0207.076] CloseHandle (hObject=0x1f4) returned 1 [0207.425] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx", lpFilePart=0x0) returned 0x2f [0207.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0207.425] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\noupcfxdi9.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0207.426] GetFileType (hFile=0x1f4) returned 0x1 [0207.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0207.426] GetFileType (hFile=0x1f4) returned 0x1 [0207.427] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.428] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.428] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.428] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.429] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.429] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.430] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.430] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.430] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.431] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.431] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.431] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.432] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.432] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.433] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.433] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.433] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.434] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.434] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.434] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.435] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.435] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.435] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.436] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.436] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.436] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.437] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.437] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.437] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.438] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecb8, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ecb8*=0x1000, lpOverlapped=0x0) returned 1 [0207.438] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a31d0*, nNumberOfBytesToWrite=0x220, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26a31d0*, lpNumberOfBytesWritten=0x14ec98*=0x220, lpOverlapped=0x0) returned 1 [0207.438] CloseHandle (hObject=0x1f4) returned 1 [0207.442] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx", lpFilePart=0x0) returned 0x2f [0207.442] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx.ampkcz", lpFilePart=0x0) returned 0x36 [0207.442] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0207.442] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\noupcfxdi9.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadae67b0, ftCreationTime.dwHighDateTime=0x1d7b91c, ftLastAccessTime.dwLowDateTime=0x10973380, ftLastAccessTime.dwHighDateTime=0x1d8089a, ftLastWriteTime.dwLowDateTime=0x6a0bd12a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1e220)) returned 1 [0207.442] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0207.442] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\noupcfxdi9.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NOUPcFxdi9.xlsx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\noupcfxdi9.xlsx.ampkcz")) returned 1 [0207.443] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx", lpFilePart=0x0) returned 0x33 [0207.443] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx", lpFilePart=0x0) returned 0x33 [0207.444] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx", dwFileAttributes=0x80) returned 1 [0207.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0207.444] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nyhqqr6f02g_ox.pptx"), fInfoLevelId=0x0, lpFileInformation=0x26a4608 | out: lpFileInformation=0x26a4608*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf1edd9d0, ftCreationTime.dwHighDateTime=0x1d8249a, ftLastAccessTime.dwLowDateTime=0x4f745570, ftLastAccessTime.dwHighDateTime=0x1d82892, ftLastWriteTime.dwLowDateTime=0x4f745570, ftLastWriteTime.dwHighDateTime=0x1d82892, nFileSizeHigh=0x0, nFileSizeLow=0xf51d)) returned 1 [0207.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0207.444] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx", lpFilePart=0x0) returned 0x33 [0207.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0207.444] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nyhqqr6f02g_ox.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0207.445] GetFileType (hFile=0x1f4) returned 0x1 [0207.445] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0207.445] GetFileType (hFile=0x1f4) returned 0x1 [0207.445] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0xf51d [0207.445] ReadFile (in: hFile=0x1f4, lpBuffer=0x26a4a98, nNumberOfBytesToRead=0xf51d, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x26a4a98*, lpNumberOfBytesRead=0x14edd8*=0xf51d, lpOverlapped=0x0) returned 1 [0207.446] CloseHandle (hObject=0x1f4) returned 1 [0207.761] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx", lpFilePart=0x0) returned 0x33 [0207.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0207.761] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nyhqqr6f02g_ox.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0207.762] GetFileType (hFile=0x1f4) returned 0x1 [0207.762] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0207.762] GetFileType (hFile=0x1f4) returned 0x1 [0207.763] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.764] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.764] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.764] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.765] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.765] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.765] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.766] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.766] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.766] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.767] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.767] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.767] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.768] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.768] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.769] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.769] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.769] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.770] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.770] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0207.770] WriteFile (in: hFile=0x1f4, lpBuffer=0x2520118*, nNumberOfBytesToWrite=0x7a0, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2520118*, lpNumberOfBytesWritten=0x14ec98*=0x7a0, lpOverlapped=0x0) returned 1 [0207.770] CloseHandle (hObject=0x1f4) returned 1 [0207.774] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx", lpFilePart=0x0) returned 0x33 [0207.774] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx.ampkcz", lpFilePart=0x0) returned 0x3a [0207.774] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0207.774] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nyhqqr6f02g_ox.pptx"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1edd9d0, ftCreationTime.dwHighDateTime=0x1d8249a, ftLastAccessTime.dwLowDateTime=0x4f745570, ftLastAccessTime.dwHighDateTime=0x1d82892, ftLastWriteTime.dwLowDateTime=0x6a3e74c8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x147a0)) returned 1 [0207.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0207.774] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nyhqqr6f02g_ox.pptx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\NyHQqR6F02G_ox.pptx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\nyhqqr6f02g_ox.pptx.ampkcz")) returned 1 [0207.775] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc", lpFilePart=0x0) returned 0x37 [0207.775] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc", lpFilePart=0x0) returned 0x37 [0207.775] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc", dwFileAttributes=0x80) returned 1 [0207.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0207.775] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\qn--dnwch0fhbbgztto.doc"), fInfoLevelId=0x0, lpFileInformation=0x25214a8 | out: lpFileInformation=0x25214a8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7b3802f0, ftCreationTime.dwHighDateTime=0x1d82433, ftLastAccessTime.dwLowDateTime=0x28c19b80, ftLastAccessTime.dwHighDateTime=0x1d829a1, ftLastWriteTime.dwLowDateTime=0x28c19b80, ftLastWriteTime.dwHighDateTime=0x1d829a1, nFileSizeHigh=0x0, nFileSizeLow=0x14405)) returned 1 [0207.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0207.776] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc", lpFilePart=0x0) returned 0x37 [0207.776] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0207.776] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\qn--dnwch0fhbbgztto.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0207.776] GetFileType (hFile=0x1f4) returned 0x1 [0207.776] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0207.776] GetFileType (hFile=0x1f4) returned 0x1 [0207.776] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x14405 [0207.776] ReadFile (in: hFile=0x1f4, lpBuffer=0x2521960, nNumberOfBytesToRead=0x14405, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2521960*, lpNumberOfBytesRead=0x14edd8*=0x14405, lpOverlapped=0x0) returned 1 [0207.777] CloseHandle (hObject=0x1f4) returned 1 [0208.143] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc", lpFilePart=0x0) returned 0x37 [0208.143] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0208.143] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\qn--dnwch0fhbbgztto.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0208.145] GetFileType (hFile=0x1f4) returned 0x1 [0208.145] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0208.145] GetFileType (hFile=0x1f4) returned 0x1 [0208.145] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.146] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.147] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.147] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.147] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.147] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.148] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.148] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.148] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.149] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.149] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.149] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.150] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.150] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.151] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.151] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.151] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.152] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.152] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.152] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.154] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.155] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.155] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.155] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.155] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.156] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.156] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecb8, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ecb8*=0x1000, lpOverlapped=0x0) returned 1 [0208.156] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ebe38*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25ebe38*, lpNumberOfBytesWritten=0x14ec98*=0xe0, lpOverlapped=0x0) returned 1 [0208.156] CloseHandle (hObject=0x1f4) returned 1 [0208.160] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc", lpFilePart=0x0) returned 0x37 [0208.160] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc.ampkcz", lpFilePart=0x0) returned 0x3e [0208.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0208.160] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\qn--dnwch0fhbbgztto.doc"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b3802f0, ftCreationTime.dwHighDateTime=0x1d82433, ftLastAccessTime.dwLowDateTime=0x28c19b80, ftLastAccessTime.dwHighDateTime=0x1d829a1, ftLastWriteTime.dwLowDateTime=0x6a795e7f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1b0e0)) returned 1 [0208.160] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0208.160] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\qn--dnwch0fhbbgztto.doc"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\qn--Dnwch0FHbbgzTTO.doc.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\qn--dnwch0fhbbgztto.doc.ampkcz")) returned 1 [0208.161] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx", lpFilePart=0x0) returned 0x2b [0208.161] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx", lpFilePart=0x0) returned 0x2b [0208.161] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx", dwFileAttributes=0x80) returned 1 [0208.162] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0208.162] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\reoikc.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x25ed240 | out: lpFileInformation=0x25ed240*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x748b5080, ftCreationTime.dwHighDateTime=0x1d79da9, ftLastAccessTime.dwLowDateTime=0x5548a770, ftLastAccessTime.dwHighDateTime=0x1d7ee78, ftLastWriteTime.dwLowDateTime=0x5548a770, ftLastWriteTime.dwHighDateTime=0x1d7ee78, nFileSizeHigh=0x0, nFileSizeLow=0x911c)) returned 1 [0208.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0208.162] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx", lpFilePart=0x0) returned 0x2b [0208.162] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0208.162] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\reoikc.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0208.162] GetFileType (hFile=0x1f4) returned 0x1 [0208.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0208.162] GetFileType (hFile=0x1f4) returned 0x1 [0208.162] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x911c [0208.163] ReadFile (in: hFile=0x1f4, lpBuffer=0x25ed680, nNumberOfBytesToRead=0x911c, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25ed680*, lpNumberOfBytesRead=0x14edd8*=0x911c, lpOverlapped=0x0) returned 1 [0208.164] CloseHandle (hObject=0x1f4) returned 1 [0208.494] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx", lpFilePart=0x0) returned 0x2b [0208.494] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0208.494] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\reoikc.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0208.503] GetFileType (hFile=0x1f4) returned 0x1 [0208.503] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0208.503] GetFileType (hFile=0x1f4) returned 0x1 [0208.504] WriteFile (in: hFile=0x1f4, lpBuffer=0x269d1a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269d1a0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.505] WriteFile (in: hFile=0x1f4, lpBuffer=0x269d1a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269d1a0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.505] WriteFile (in: hFile=0x1f4, lpBuffer=0x269d1a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269d1a0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.506] WriteFile (in: hFile=0x1f4, lpBuffer=0x269d1a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269d1a0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.506] WriteFile (in: hFile=0x1f4, lpBuffer=0x269d1a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269d1a0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.506] WriteFile (in: hFile=0x1f4, lpBuffer=0x269d1a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269d1a0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.507] WriteFile (in: hFile=0x1f4, lpBuffer=0x269d1a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269d1a0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.507] WriteFile (in: hFile=0x1f4, lpBuffer=0x269d1a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269d1a0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.507] WriteFile (in: hFile=0x1f4, lpBuffer=0x269d1a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269d1a0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.508] WriteFile (in: hFile=0x1f4, lpBuffer=0x269d1a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269d1a0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.508] WriteFile (in: hFile=0x1f4, lpBuffer=0x269d1a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269d1a0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.508] WriteFile (in: hFile=0x1f4, lpBuffer=0x269d1a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecb8, lpOverlapped=0x0 | out: lpBuffer=0x269d1a0*, lpNumberOfBytesWritten=0x14ecb8*=0x1000, lpOverlapped=0x0) returned 1 [0208.508] WriteFile (in: hFile=0x1f4, lpBuffer=0x269d1a0*, nNumberOfBytesToWrite=0x248, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x269d1a0*, lpNumberOfBytesWritten=0x14ec98*=0x248, lpOverlapped=0x0) returned 1 [0208.509] CloseHandle (hObject=0x1f4) returned 1 [0208.511] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx", lpFilePart=0x0) returned 0x2b [0208.511] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx.ampkcz", lpFilePart=0x0) returned 0x32 [0208.511] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0208.511] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\reoikc.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x748b5080, ftCreationTime.dwHighDateTime=0x1d79da9, ftLastAccessTime.dwLowDateTime=0x5548a770, ftLastAccessTime.dwHighDateTime=0x1d7ee78, ftLastWriteTime.dwLowDateTime=0x6aaef458, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc248)) returned 1 [0208.511] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0208.512] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\reoikc.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\reOIkC.xlsx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\reoikc.xlsx.ampkcz")) returned 1 [0208.512] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc", lpFilePart=0x0) returned 0x34 [0208.512] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc", lpFilePart=0x0) returned 0x34 [0208.512] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc", dwFileAttributes=0x80) returned 1 [0208.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0208.513] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\sbn uk0ytdm055vr.doc"), fInfoLevelId=0x0, lpFileInformation=0x269e500 | out: lpFileInformation=0x269e500*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x59dd7be0, ftCreationTime.dwHighDateTime=0x1d81ba9, ftLastAccessTime.dwLowDateTime=0x2f380b30, ftLastAccessTime.dwHighDateTime=0x1d81e3d, ftLastWriteTime.dwLowDateTime=0x2f380b30, ftLastWriteTime.dwHighDateTime=0x1d81e3d, nFileSizeHigh=0x0, nFileSizeLow=0xd068)) returned 1 [0208.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0208.513] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc", lpFilePart=0x0) returned 0x34 [0208.513] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0208.513] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\sbn uk0ytdm055vr.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0208.513] GetFileType (hFile=0x1f4) returned 0x1 [0208.513] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0208.514] GetFileType (hFile=0x1f4) returned 0x1 [0208.514] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0xd068 [0208.514] ReadFile (in: hFile=0x1f4, lpBuffer=0x269e9b8, nNumberOfBytesToRead=0xd068, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x269e9b8*, lpNumberOfBytesRead=0x14edd8*=0xd068, lpOverlapped=0x0) returned 1 [0208.515] CloseHandle (hObject=0x1f4) returned 1 [0208.847] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc", lpFilePart=0x0) returned 0x34 [0208.847] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0208.847] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\sbn uk0ytdm055vr.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0208.848] GetFileType (hFile=0x1f4) returned 0x1 [0208.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0208.848] GetFileType (hFile=0x1f4) returned 0x1 [0208.848] WriteFile (in: hFile=0x1f4, lpBuffer=0x25596c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25596c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.850] WriteFile (in: hFile=0x1f4, lpBuffer=0x25596c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25596c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.850] WriteFile (in: hFile=0x1f4, lpBuffer=0x25596c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25596c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.850] WriteFile (in: hFile=0x1f4, lpBuffer=0x25596c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25596c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.851] WriteFile (in: hFile=0x1f4, lpBuffer=0x25596c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25596c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.851] WriteFile (in: hFile=0x1f4, lpBuffer=0x25596c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25596c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.851] WriteFile (in: hFile=0x1f4, lpBuffer=0x25596c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25596c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.851] WriteFile (in: hFile=0x1f4, lpBuffer=0x25596c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25596c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.852] WriteFile (in: hFile=0x1f4, lpBuffer=0x25596c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25596c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.852] WriteFile (in: hFile=0x1f4, lpBuffer=0x25596c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25596c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.852] WriteFile (in: hFile=0x1f4, lpBuffer=0x25596c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25596c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.853] WriteFile (in: hFile=0x1f4, lpBuffer=0x25596c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25596c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.854] WriteFile (in: hFile=0x1f4, lpBuffer=0x25596c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25596c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.855] WriteFile (in: hFile=0x1f4, lpBuffer=0x25596c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25596c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.855] WriteFile (in: hFile=0x1f4, lpBuffer=0x25596c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25596c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.856] WriteFile (in: hFile=0x1f4, lpBuffer=0x25596c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25596c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.856] WriteFile (in: hFile=0x1f4, lpBuffer=0x25596c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25596c8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0208.856] WriteFile (in: hFile=0x1f4, lpBuffer=0x25596c8*, nNumberOfBytesToWrite=0x6b4, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25596c8*, lpNumberOfBytesWritten=0x14ec98*=0x6b4, lpOverlapped=0x0) returned 1 [0208.856] CloseHandle (hObject=0x1f4) returned 1 [0208.859] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc", lpFilePart=0x0) returned 0x34 [0208.860] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc.ampkcz", lpFilePart=0x0) returned 0x3b [0208.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0208.860] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\sbn uk0ytdm055vr.doc"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59dd7be0, ftCreationTime.dwHighDateTime=0x1d81ba9, ftLastAccessTime.dwLowDateTime=0x2f380b30, ftLastAccessTime.dwHighDateTime=0x1d81e3d, ftLastWriteTime.dwLowDateTime=0x6ae41a7a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x116b4)) returned 1 [0208.860] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0208.860] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\sbn uk0ytdm055vr.doc"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\sBn Uk0ytdM055VR.doc.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\sbn uk0ytdm055vr.doc.ampkcz")) returned 1 [0208.861] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx", lpFilePart=0x0) returned 0x33 [0208.861] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx", lpFilePart=0x0) returned 0x33 [0208.861] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx", dwFileAttributes=0x80) returned 1 [0208.861] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0208.861] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\sxq8yypsboadix.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x255aad0 | out: lpFileInformation=0x255aad0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xfd3be1c0, ftCreationTime.dwHighDateTime=0x1d7bb8a, ftLastAccessTime.dwLowDateTime=0xc5949aa0, ftLastAccessTime.dwHighDateTime=0x1d80ef0, ftLastWriteTime.dwLowDateTime=0xc5949aa0, ftLastWriteTime.dwHighDateTime=0x1d80ef0, nFileSizeHigh=0x0, nFileSizeLow=0x1324c)) returned 1 [0208.861] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0208.861] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx", lpFilePart=0x0) returned 0x33 [0208.861] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0208.861] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\sxq8yypsboadix.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0208.862] GetFileType (hFile=0x1f4) returned 0x1 [0208.862] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0208.862] GetFileType (hFile=0x1f4) returned 0x1 [0208.862] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x1324c [0208.862] ReadFile (in: hFile=0x1f4, lpBuffer=0x255af60, nNumberOfBytesToRead=0x1324c, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x255af60*, lpNumberOfBytesRead=0x14edd8*=0x1324c, lpOverlapped=0x0) returned 1 [0208.863] CloseHandle (hObject=0x1f4) returned 1 [0209.159] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx", lpFilePart=0x0) returned 0x33 [0209.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0209.159] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\sxq8yypsboadix.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0209.161] GetFileType (hFile=0x1f4) returned 0x1 [0209.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0209.161] GetFileType (hFile=0x1f4) returned 0x1 [0209.161] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.162] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.163] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.163] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.163] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.164] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.164] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.164] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.165] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.165] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.165] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.166] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.166] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.167] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.167] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.167] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.167] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.168] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.168] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.168] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.169] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.169] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.169] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.170] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.170] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.170] WriteFile (in: hFile=0x1f4, lpBuffer=0x2620d28*, nNumberOfBytesToWrite=0x934, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2620d28*, lpNumberOfBytesWritten=0x14ec98*=0x934, lpOverlapped=0x0) returned 1 [0209.170] CloseHandle (hObject=0x1f4) returned 1 [0209.175] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx", lpFilePart=0x0) returned 0x33 [0209.175] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx.ampkcz", lpFilePart=0x0) returned 0x3a [0209.175] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0209.175] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\sxq8yypsboadix.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd3be1c0, ftCreationTime.dwHighDateTime=0x1d7bb8a, ftLastAccessTime.dwLowDateTime=0xc5949aa0, ftLastAccessTime.dwHighDateTime=0x1d80ef0, ftLastWriteTime.dwLowDateTime=0x6b144059, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x19934)) returned 1 [0209.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0209.175] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\sxq8yypsboadix.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Sxq8yYPsbOADIX.xlsx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\sxq8yypsboadix.xlsx.ampkcz")) returned 1 [0209.176] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx", lpFilePart=0x0) returned 0x38 [0209.176] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx", lpFilePart=0x0) returned 0x38 [0209.177] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx", dwFileAttributes=0x80) returned 1 [0209.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0209.177] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\udnfb3fa14uy4uenlck.docx"), fInfoLevelId=0x0, lpFileInformation=0x26220e8 | out: lpFileInformation=0x26220e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xa5384f70, ftCreationTime.dwHighDateTime=0x1d7ff70, ftLastAccessTime.dwLowDateTime=0xa2cea0b0, ftLastAccessTime.dwHighDateTime=0x1d82386, ftLastWriteTime.dwLowDateTime=0xa2cea0b0, ftLastWriteTime.dwHighDateTime=0x1d82386, nFileSizeHigh=0x0, nFileSizeLow=0x17b0c)) returned 1 [0209.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0209.177] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx", lpFilePart=0x0) returned 0x38 [0209.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0209.177] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\udnfb3fa14uy4uenlck.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0209.177] GetFileType (hFile=0x1f4) returned 0x1 [0209.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0209.177] GetFileType (hFile=0x1f4) returned 0x1 [0209.177] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x17b0c [0209.177] ReadFile (in: hFile=0x1f4, lpBuffer=0x12704750, nNumberOfBytesToRead=0x17b0c, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x12704750*, lpNumberOfBytesRead=0x14edd8*=0x17b0c, lpOverlapped=0x0) returned 1 [0209.179] CloseHandle (hObject=0x1f4) returned 1 [0209.559] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx", lpFilePart=0x0) returned 0x38 [0209.559] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0209.559] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\udnfb3fa14uy4uenlck.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0209.561] GetFileType (hFile=0x1f4) returned 0x1 [0209.561] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0209.561] GetFileType (hFile=0x1f4) returned 0x1 [0209.561] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.562] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.563] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.563] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.564] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.564] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.564] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.565] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.565] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.565] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.565] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.566] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.566] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.566] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.567] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.567] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.567] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.568] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.568] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.568] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.569] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.569] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.569] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.569] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.570] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.570] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.570] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.571] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.571] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.571] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.571] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.572] WriteFile (in: hFile=0x1f4, lpBuffer=0x269ba30*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x269ba30*, lpNumberOfBytesWritten=0x14ec98*=0xa34, lpOverlapped=0x0) returned 1 [0209.572] CloseHandle (hObject=0x1f4) returned 1 [0209.576] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx", lpFilePart=0x0) returned 0x38 [0209.576] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx.ampkcz", lpFilePart=0x0) returned 0x3f [0209.576] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0209.576] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\udnfb3fa14uy4uenlck.docx"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5384f70, ftCreationTime.dwHighDateTime=0x1d7ff70, ftLastAccessTime.dwLowDateTime=0xa2cea0b0, ftLastAccessTime.dwHighDateTime=0x1d82386, ftLastWriteTime.dwLowDateTime=0x6b517339, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1fa34)) returned 1 [0209.576] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0209.577] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\udnfb3fa14uy4uenlck.docx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\uDnFB3fA14uy4UENlcK.docx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\udnfb3fa14uy4uenlck.docx.ampkcz")) returned 1 [0209.577] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx", lpFilePart=0x0) returned 0x2e [0209.577] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx", lpFilePart=0x0) returned 0x2e [0209.578] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx", dwFileAttributes=0x80) returned 1 [0209.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0209.578] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vy87ulzfy.docx"), fInfoLevelId=0x0, lpFileInformation=0x269cdf8 | out: lpFileInformation=0x269cdf8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x70e3db50, ftCreationTime.dwHighDateTime=0x1d8038e, ftLastAccessTime.dwLowDateTime=0xcff1e390, ftLastAccessTime.dwHighDateTime=0x1d817e7, ftLastWriteTime.dwLowDateTime=0xcff1e390, ftLastWriteTime.dwHighDateTime=0x1d817e7, nFileSizeHigh=0x0, nFileSizeLow=0x14bec)) returned 1 [0209.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0209.578] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx", lpFilePart=0x0) returned 0x2e [0209.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0209.578] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vy87ulzfy.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0209.578] GetFileType (hFile=0x1f4) returned 0x1 [0209.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0209.578] GetFileType (hFile=0x1f4) returned 0x1 [0209.578] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x14bec [0209.579] ReadFile (in: hFile=0x1f4, lpBuffer=0x269d260, nNumberOfBytesToRead=0x14bec, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x269d260*, lpNumberOfBytesRead=0x14edd8*=0x14bec, lpOverlapped=0x0) returned 1 [0209.580] CloseHandle (hObject=0x1f4) returned 1 [0209.880] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx", lpFilePart=0x0) returned 0x2e [0209.880] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0209.880] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vy87ulzfy.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0209.882] GetFileType (hFile=0x1f4) returned 0x1 [0209.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0209.882] GetFileType (hFile=0x1f4) returned 0x1 [0209.882] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.883] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.884] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.886] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.886] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.886] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.887] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.887] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.887] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.887] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.888] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.888] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.888] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.889] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.889] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.889] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.890] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.890] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.890] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.891] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.891] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.891] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.891] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.892] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.892] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.892] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.893] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0209.893] WriteFile (in: hFile=0x1f4, lpBuffer=0x2544520*, nNumberOfBytesToWrite=0xb60, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2544520*, lpNumberOfBytesWritten=0x14ec98*=0xb60, lpOverlapped=0x0) returned 1 [0209.893] CloseHandle (hObject=0x1f4) returned 1 [0209.896] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx", lpFilePart=0x0) returned 0x2e [0209.896] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx.ampkcz", lpFilePart=0x0) returned 0x35 [0209.896] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0209.896] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vy87ulzfy.docx"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70e3db50, ftCreationTime.dwHighDateTime=0x1d8038e, ftLastAccessTime.dwLowDateTime=0xcff1e390, ftLastAccessTime.dwHighDateTime=0x1d817e7, ftLastWriteTime.dwLowDateTime=0x6b819044, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1bb60)) returned 1 [0209.896] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0209.896] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vy87ulzfy.docx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\vy87ulZFy.docx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\vy87ulzfy.docx.ampkcz")) returned 1 [0209.897] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx", lpFilePart=0x0) returned 0x2e [0209.897] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx", lpFilePart=0x0) returned 0x2e [0209.897] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx", dwFileAttributes=0x80) returned 1 [0209.897] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0209.898] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ydjnmfidm.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x2545900 | out: lpFileInformation=0x2545900*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe2d86f40, ftCreationTime.dwHighDateTime=0x1d7b646, ftLastAccessTime.dwLowDateTime=0x612c2490, ftLastAccessTime.dwHighDateTime=0x1d7bf2f, ftLastWriteTime.dwLowDateTime=0x612c2490, ftLastWriteTime.dwHighDateTime=0x1d7bf2f, nFileSizeHigh=0x0, nFileSizeLow=0x96a5)) returned 1 [0209.898] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0209.898] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx", lpFilePart=0x0) returned 0x2e [0209.898] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0209.899] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ydjnmfidm.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0209.899] GetFileType (hFile=0x1f4) returned 0x1 [0209.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0209.899] GetFileType (hFile=0x1f4) returned 0x1 [0209.899] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x96a5 [0209.900] ReadFile (in: hFile=0x1f4, lpBuffer=0x2545d68, nNumberOfBytesToRead=0x96a5, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2545d68*, lpNumberOfBytesRead=0x14edd8*=0x96a5, lpOverlapped=0x0) returned 1 [0209.901] CloseHandle (hObject=0x1f4) returned 1 [0210.196] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx", lpFilePart=0x0) returned 0x2e [0210.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0210.196] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ydjnmfidm.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0210.197] GetFileType (hFile=0x1f4) returned 0x1 [0210.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0210.197] GetFileType (hFile=0x1f4) returned 0x1 [0210.198] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f79f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f79f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.199] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f79f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f79f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.199] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f79f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f79f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.199] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f79f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f79f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.200] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f79f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f79f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.200] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f79f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f79f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.201] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f79f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f79f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.201] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f79f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f79f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.201] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f79f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f79f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.201] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f79f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f79f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.202] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f79f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f79f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.202] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f79f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f79f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.202] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f79f8*, nNumberOfBytesToWrite=0x9b4, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25f79f8*, lpNumberOfBytesWritten=0x14ec98*=0x9b4, lpOverlapped=0x0) returned 1 [0210.203] CloseHandle (hObject=0x1f4) returned 1 [0210.205] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx", lpFilePart=0x0) returned 0x2e [0210.205] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx.ampkcz", lpFilePart=0x0) returned 0x35 [0210.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0210.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ydjnmfidm.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d86f40, ftCreationTime.dwHighDateTime=0x1d7b646, ftLastAccessTime.dwLowDateTime=0x612c2490, ftLastAccessTime.dwHighDateTime=0x1d7bf2f, ftLastWriteTime.dwLowDateTime=0x6bb166fe, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc9b4)) returned 1 [0210.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0210.205] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ydjnmfidm.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YdjNmFIdm.xlsx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\ydjnmfidm.xlsx.ampkcz")) returned 1 [0210.206] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx", lpFilePart=0x0) returned 0x32 [0210.206] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx", lpFilePart=0x0) returned 0x32 [0210.206] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx", dwFileAttributes=0x80) returned 1 [0210.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0210.219] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yyijjhqdwi8qn.docx"), fInfoLevelId=0x0, lpFileInformation=0x25f8d90 | out: lpFileInformation=0x25f8d90*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xca69d880, ftCreationTime.dwHighDateTime=0x1d811a5, ftLastAccessTime.dwLowDateTime=0x93600b00, ftLastAccessTime.dwHighDateTime=0x1d81558, ftLastWriteTime.dwLowDateTime=0x93600b00, ftLastWriteTime.dwHighDateTime=0x1d81558, nFileSizeHigh=0x0, nFileSizeLow=0x1085e)) returned 1 [0210.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0210.219] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx", lpFilePart=0x0) returned 0x32 [0210.219] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0210.219] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yyijjhqdwi8qn.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0210.219] GetFileType (hFile=0x1f4) returned 0x1 [0210.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0210.219] GetFileType (hFile=0x1f4) returned 0x1 [0210.219] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x1085e [0210.219] ReadFile (in: hFile=0x1f4, lpBuffer=0x25f9220, nNumberOfBytesToRead=0x1085e, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25f9220*, lpNumberOfBytesRead=0x14edd8*=0x1085e, lpOverlapped=0x0) returned 1 [0210.220] CloseHandle (hObject=0x1f4) returned 1 [0210.571] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx", lpFilePart=0x0) returned 0x32 [0210.571] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0210.571] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yyijjhqdwi8qn.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0210.573] GetFileType (hFile=0x1f4) returned 0x1 [0210.573] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0210.573] GetFileType (hFile=0x1f4) returned 0x1 [0210.573] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.574] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.575] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.575] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.575] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.576] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.576] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.576] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.577] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.577] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.577] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.578] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.578] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.579] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.579] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.579] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.579] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.580] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.580] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.580] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.581] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0210.581] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecb8, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ecb8*=0x1000, lpOverlapped=0x0) returned 1 [0210.581] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b4828*, nNumberOfBytesToWrite=0x148, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26b4828*, lpNumberOfBytesWritten=0x14ec98*=0x148, lpOverlapped=0x0) returned 1 [0210.582] CloseHandle (hObject=0x1f4) returned 1 [0210.585] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx", lpFilePart=0x0) returned 0x32 [0210.585] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx.ampkcz", lpFilePart=0x0) returned 0x39 [0210.585] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0210.585] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yyijjhqdwi8qn.docx"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca69d880, ftCreationTime.dwHighDateTime=0x1d811a5, ftLastAccessTime.dwLowDateTime=0x93600b00, ftLastAccessTime.dwHighDateTime=0x1d81558, ftLastWriteTime.dwLowDateTime=0x6beb69db, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x16148)) returned 1 [0210.585] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0210.585] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yyijjhqdwi8qn.docx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\YyiJJhqdwi8qn.docx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yyijjhqdwi8qn.docx.ampkcz")) returned 1 [0210.586] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0210.586] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents", lpFilePart=0x0) returned 0x1f [0210.586] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\", lpFilePart=0x0) returned 0x20 [0210.586] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x6beb77de, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6beb77de, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0210.587] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x6beb77de, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6beb77de, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.587] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb58ded50, ftCreationTime.dwHighDateTime=0x1d7ce72, ftLastAccessTime.dwLowDateTime=0x1ff66f00, ftLastAccessTime.dwHighDateTime=0x1d80866, ftLastWriteTime.dwLowDateTime=0x67e254da, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x149e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8-58vgRqyz gS.pptx.ampkcz", cAlternateFileName="8-58VG~1.AMP")) returned 1 [0210.587] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1276ac00, ftCreationTime.dwHighDateTime=0x1d81a2c, ftLastAccessTime.dwLowDateTime=0xda7459a0, ftLastAccessTime.dwHighDateTime=0x1d81bad, ftLastWriteTime.dwLowDateTime=0x68117323, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2f88, dwReserved0=0x0, dwReserved1=0x0, cFileName="AEfN7e6MhjMF2F11JEs.xls.ampkcz", cAlternateFileName="AEFN7E~1.AMP")) returned 1 [0210.587] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a089c50, ftCreationTime.dwHighDateTime=0x1d82917, ftLastAccessTime.dwLowDateTime=0xee886880, ftLastAccessTime.dwHighDateTime=0x1d8294c, ftLastWriteTime.dwLowDateTime=0x684616f2, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc660, dwReserved0=0x0, dwReserved1=0x0, cFileName="AJOZtXvu7QfT.odt.ampkcz", cAlternateFileName="AJOZTX~1.AMP")) returned 1 [0210.588] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83951500, ftCreationTime.dwHighDateTime=0x1d7cc04, ftLastAccessTime.dwLowDateTime=0xecd570a0, ftLastAccessTime.dwHighDateTime=0x1d7d1d1, ftLastWriteTime.dwLowDateTime=0x687acbac, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x14474, dwReserved0=0x0, dwReserved1=0x0, cFileName="BAJe.docx.ampkcz", cAlternateFileName="BAJEDO~1.AMP")) returned 1 [0210.588] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43649a85, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43649a85, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x68a870c9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0210.588] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb47e6250, ftCreationTime.dwHighDateTime=0x1d7c0ee, ftLastAccessTime.dwLowDateTime=0x5ca90e0, ftLastAccessTime.dwHighDateTime=0x1d8074c, ftLastWriteTime.dwLowDateTime=0x68d591e3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x4808, dwReserved0=0x0, dwReserved1=0x0, cFileName="EgNVA.pptx.ampkcz", cAlternateFileName="EGNVAP~1.AMP")) returned 1 [0210.588] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2be59690, ftCreationTime.dwHighDateTime=0x1d80f70, ftLastAccessTime.dwLowDateTime=0x3acac80, ftLastAccessTime.dwHighDateTime=0x1d81bdd, ftLastWriteTime.dwLowDateTime=0x68fefbed, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x5bb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="foayjE.pptx.ampkcz", cAlternateFileName="FOAYJE~1.AMP")) returned 1 [0210.588] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3fd54830, ftCreationTime.dwHighDateTime=0x1d8297e, ftLastAccessTime.dwLowDateTime=0xe4fa8e10, ftLastAccessTime.dwHighDateTime=0x1d829d8, ftLastWriteTime.dwLowDateTime=0xe4fa8e10, ftLastWriteTime.dwHighDateTime=0x1d829d8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="F_8pl8t", cAlternateFileName="")) returned 1 [0210.589] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57c7dd60, ftCreationTime.dwHighDateTime=0x1d7b492, ftLastAccessTime.dwLowDateTime=0xd69d7e90, ftLastAccessTime.dwHighDateTime=0x1d7f63e, ftLastWriteTime.dwLowDateTime=0x69356958, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd588, dwReserved0=0x0, dwReserved1=0x0, cFileName="iOVreLoxPhj7stpatiPe.docx.ampkcz", cAlternateFileName="IOVREL~1.AMP")) returned 1 [0210.589] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa336b3a0, ftCreationTime.dwHighDateTime=0x1d81aba, ftLastAccessTime.dwLowDateTime=0x23674590, ftLastAccessTime.dwHighDateTime=0x1d81f8d, ftLastWriteTime.dwLowDateTime=0x23674590, ftLastWriteTime.dwHighDateTime=0x1d81f8d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="JN3akvSGJi", cAlternateFileName="JN3AKV~1")) returned 1 [0210.589] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3c3f18b0, ftCreationTime.dwHighDateTime=0x1d8123e, ftLastAccessTime.dwLowDateTime=0xb9633830, ftLastAccessTime.dwHighDateTime=0x1d8298b, ftLastWriteTime.dwLowDateTime=0x696ac896, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x19e08, dwReserved0=0x0, dwReserved1=0x0, cFileName="Juhec_87-J -LcDPj7R.xlsx.ampkcz", cAlternateFileName="JUHEC_~1.AMP")) returned 1 [0210.589] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31695300, ftCreationTime.dwHighDateTime=0x1d82815, ftLastAccessTime.dwLowDateTime=0xd3dfd3f0, ftLastAccessTime.dwHighDateTime=0x1d8286c, ftLastWriteTime.dwLowDateTime=0x699e4d7b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1b060, dwReserved0=0x0, dwReserved1=0x0, cFileName="LYfQAN97cU.doc.ampkcz", cAlternateFileName="LYFQAN~1.AMP")) returned 1 [0210.589] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0210.589] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d374e80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d374e80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d374e80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0210.589] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3d39b021, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d39b021, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x3d39b021, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0210.590] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47e1ead0, ftCreationTime.dwHighDateTime=0x1d81991, ftLastAccessTime.dwLowDateTime=0xb9950100, ftLastAccessTime.dwHighDateTime=0x1d81c6e, ftLastWriteTime.dwLowDateTime=0x69d1c2d4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8aa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="nh_ayDk4U dJuq.pptx.ampkcz", cAlternateFileName="NH_AYD~1.AMP")) returned 1 [0210.590] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadae67b0, ftCreationTime.dwHighDateTime=0x1d7b91c, ftLastAccessTime.dwLowDateTime=0x10973380, ftLastAccessTime.dwHighDateTime=0x1d8089a, ftLastWriteTime.dwLowDateTime=0x6a0bd12a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1e220, dwReserved0=0x0, dwReserved1=0x0, cFileName="NOUPcFxdi9.xlsx.ampkcz", cAlternateFileName="NOUPCF~1.AMP")) returned 1 [0210.590] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1edd9d0, ftCreationTime.dwHighDateTime=0x1d8249a, ftLastAccessTime.dwLowDateTime=0x4f745570, ftLastAccessTime.dwHighDateTime=0x1d82892, ftLastWriteTime.dwLowDateTime=0x6a3e74c8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x147a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NyHQqR6F02G_ox.pptx.ampkcz", cAlternateFileName="NYHQQR~1.AMP")) returned 1 [0210.590] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63954f0d, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x65ef9a5c, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x65ef9a5c, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0210.590] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b3802f0, ftCreationTime.dwHighDateTime=0x1d82433, ftLastAccessTime.dwLowDateTime=0x28c19b80, ftLastAccessTime.dwHighDateTime=0x1d829a1, ftLastWriteTime.dwLowDateTime=0x6a795e7f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1b0e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="qn--Dnwch0FHbbgzTTO.doc.ampkcz", cAlternateFileName="QN--DN~1.AMP")) returned 1 [0210.591] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67e29482, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x67e29482, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x67e2f5e4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0210.591] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x748b5080, ftCreationTime.dwHighDateTime=0x1d79da9, ftLastAccessTime.dwLowDateTime=0x5548a770, ftLastAccessTime.dwHighDateTime=0x1d7ee78, ftLastWriteTime.dwLowDateTime=0x6aaef458, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc248, dwReserved0=0x0, dwReserved1=0x0, cFileName="reOIkC.xlsx.ampkcz", cAlternateFileName="REOIKC~1.AMP")) returned 1 [0210.591] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x59dd7be0, ftCreationTime.dwHighDateTime=0x1d81ba9, ftLastAccessTime.dwLowDateTime=0x2f380b30, ftLastAccessTime.dwHighDateTime=0x1d81e3d, ftLastWriteTime.dwLowDateTime=0x6ae41a7a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x116b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="sBn Uk0ytdM055VR.doc.ampkcz", cAlternateFileName="SBNUK0~1.AMP")) returned 1 [0210.591] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfd3be1c0, ftCreationTime.dwHighDateTime=0x1d7bb8a, ftLastAccessTime.dwLowDateTime=0xc5949aa0, ftLastAccessTime.dwHighDateTime=0x1d80ef0, ftLastWriteTime.dwLowDateTime=0x6b144059, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x19934, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sxq8yYPsbOADIX.xlsx.ampkcz", cAlternateFileName="SXQ8YY~1.AMP")) returned 1 [0210.591] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5384f70, ftCreationTime.dwHighDateTime=0x1d7ff70, ftLastAccessTime.dwLowDateTime=0xa2cea0b0, ftLastAccessTime.dwHighDateTime=0x1d82386, ftLastWriteTime.dwLowDateTime=0x6b517339, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1fa34, dwReserved0=0x0, dwReserved1=0x0, cFileName="uDnFB3fA14uy4UENlcK.docx.ampkcz", cAlternateFileName="UDNFB3~1.AMP")) returned 1 [0210.591] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70e3db50, ftCreationTime.dwHighDateTime=0x1d8038e, ftLastAccessTime.dwLowDateTime=0xcff1e390, ftLastAccessTime.dwHighDateTime=0x1d817e7, ftLastWriteTime.dwLowDateTime=0x6b819044, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1bb60, dwReserved0=0x0, dwReserved1=0x0, cFileName="vy87ulZFy.docx.ampkcz", cAlternateFileName="VY87UL~1.AMP")) returned 1 [0210.592] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe2d86f40, ftCreationTime.dwHighDateTime=0x1d7b646, ftLastAccessTime.dwLowDateTime=0x612c2490, ftLastAccessTime.dwHighDateTime=0x1d7bf2f, ftLastWriteTime.dwLowDateTime=0x6bb166fe, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc9b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="YdjNmFIdm.xlsx.ampkcz", cAlternateFileName="YDJNMF~1.AMP")) returned 1 [0210.592] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc5c4bc10, ftCreationTime.dwHighDateTime=0x1d81b09, ftLastAccessTime.dwLowDateTime=0xb37cd960, ftLastAccessTime.dwHighDateTime=0x1d8278f, ftLastWriteTime.dwLowDateTime=0xb37cd960, ftLastWriteTime.dwHighDateTime=0x1d8278f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Yvp 2zOqN8", cAlternateFileName="YVP2ZO~1")) returned 1 [0210.592] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca69d880, ftCreationTime.dwHighDateTime=0x1d811a5, ftLastAccessTime.dwLowDateTime=0x93600b00, ftLastAccessTime.dwHighDateTime=0x1d81558, ftLastWriteTime.dwLowDateTime=0x6beb69db, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x16148, dwReserved0=0x0, dwReserved1=0x0, cFileName="YyiJJhqdwi8qn.docx.ampkcz", cAlternateFileName="YYIJJH~1.AMP")) returned 1 [0210.592] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xca69d880, ftCreationTime.dwHighDateTime=0x1d811a5, ftLastAccessTime.dwLowDateTime=0x93600b00, ftLastAccessTime.dwHighDateTime=0x1d81558, ftLastWriteTime.dwLowDateTime=0x6beb69db, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x16148, dwReserved0=0x0, dwReserved1=0x0, cFileName="YyiJJhqdwi8qn.docx.ampkcz", cAlternateFileName="YYIJJH~1.AMP")) returned 0 [0210.592] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0210.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0210.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0210.593] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0210.593] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t", lpFilePart=0x0) returned 0x27 [0210.593] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\", lpFilePart=0x0) returned 0x28 [0210.593] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3fd54830, ftCreationTime.dwHighDateTime=0x1d8297e, ftLastAccessTime.dwLowDateTime=0xe4fa8e10, ftLastAccessTime.dwHighDateTime=0x1d829d8, ftLastWriteTime.dwLowDateTime=0xe4fa8e10, ftLastWriteTime.dwHighDateTime=0x1d829d8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b90 [0210.593] FindNextFileW (in: hFindFile=0x687b90, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3fd54830, ftCreationTime.dwHighDateTime=0x1d8297e, ftLastAccessTime.dwLowDateTime=0xe4fa8e10, ftLastAccessTime.dwHighDateTime=0x1d829d8, ftLastWriteTime.dwLowDateTime=0xe4fa8e10, ftLastWriteTime.dwHighDateTime=0x1d829d8, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0210.593] FindNextFileW (in: hFindFile=0x687b90, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb21c2180, ftCreationTime.dwHighDateTime=0x1d81a55, ftLastAccessTime.dwLowDateTime=0x81b50d80, ftLastAccessTime.dwHighDateTime=0x1d82992, ftLastWriteTime.dwLowDateTime=0x81b50d80, ftLastWriteTime.dwHighDateTime=0x1d82992, nFileSizeHigh=0x0, nFileSizeLow=0x13f05, dwReserved0=0x0, dwReserved1=0x0, cFileName="5EZ7tX.ods", cAlternateFileName="")) returned 1 [0210.593] FindNextFileW (in: hFindFile=0x687b90, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38218fb0, ftCreationTime.dwHighDateTime=0x1d81b8a, ftLastAccessTime.dwLowDateTime=0x82c066d0, ftLastAccessTime.dwHighDateTime=0x1d8245f, ftLastWriteTime.dwLowDateTime=0x82c066d0, ftLastWriteTime.dwHighDateTime=0x1d8245f, nFileSizeHigh=0x0, nFileSizeLow=0xac9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="o0S4MtYXa7.odp", cAlternateFileName="O0S4MT~1.ODP")) returned 1 [0210.593] FindNextFileW (in: hFindFile=0x687b90, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x276f2770, ftCreationTime.dwHighDateTime=0x1d822e9, ftLastAccessTime.dwLowDateTime=0x7dc8be50, ftLastAccessTime.dwHighDateTime=0x1d82975, ftLastWriteTime.dwLowDateTime=0x7dc8be50, ftLastWriteTime.dwHighDateTime=0x1d82975, nFileSizeHigh=0x0, nFileSizeLow=0x1ee7, dwReserved0=0x0, dwReserved1=0x0, cFileName="qQxnuP1.rtf", cAlternateFileName="")) returned 1 [0210.594] FindNextFileW (in: hFindFile=0x687b90, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xede8c820, ftCreationTime.dwHighDateTime=0x1d82712, ftLastAccessTime.dwLowDateTime=0x6bca6bb0, ftLastAccessTime.dwHighDateTime=0x1d827ed, ftLastWriteTime.dwLowDateTime=0x6bca6bb0, ftLastWriteTime.dwHighDateTime=0x1d827ed, nFileSizeHigh=0x0, nFileSizeLow=0x92d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="uvz3Z3AyRuC12.xlsx", cAlternateFileName="UVZ3Z3~1.XLS")) returned 1 [0210.594] FindNextFileW (in: hFindFile=0x687b90, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0210.594] FindClose (in: hFindFile=0x687b90 | out: hFindFile=0x687b90) returned 1 [0210.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0210.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0210.596] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods", lpFilePart=0x0) returned 0x32 [0210.596] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods", lpFilePart=0x0) returned 0x32 [0210.596] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods", dwFileAttributes=0x80) returned 1 [0210.597] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0210.597] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\5ez7tx.ods"), fInfoLevelId=0x0, lpFileInformation=0x26bba40 | out: lpFileInformation=0x26bba40*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xb21c2180, ftCreationTime.dwHighDateTime=0x1d81a55, ftLastAccessTime.dwLowDateTime=0x81b50d80, ftLastAccessTime.dwHighDateTime=0x1d82992, ftLastWriteTime.dwLowDateTime=0x81b50d80, ftLastWriteTime.dwHighDateTime=0x1d82992, nFileSizeHigh=0x0, nFileSizeLow=0x13f05)) returned 1 [0210.597] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0210.597] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods", lpFilePart=0x0) returned 0x32 [0210.597] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0210.597] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\5ez7tx.ods"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0210.597] GetFileType (hFile=0x1f4) returned 0x1 [0210.597] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0210.599] GetFileType (hFile=0x1f4) returned 0x1 [0210.599] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x13f05 [0210.599] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bbeb0, nNumberOfBytesToRead=0x13f05, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x26bbeb0*, lpNumberOfBytesRead=0x14ed68*=0x13f05, lpOverlapped=0x0) returned 1 [0210.600] CloseHandle (hObject=0x1f4) returned 1 [0210.941] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods", lpFilePart=0x0) returned 0x32 [0210.942] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0210.942] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\5ez7tx.ods"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0210.944] GetFileType (hFile=0x1f4) returned 0x1 [0210.944] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0210.944] GetFileType (hFile=0x1f4) returned 0x1 [0210.944] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.947] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.948] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.948] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.949] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.949] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.949] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.950] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.950] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.950] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.951] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.951] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.951] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.952] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.952] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.952] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.953] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.953] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.954] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.954] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.954] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.955] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.955] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.955] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.956] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.956] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0210.956] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597c20*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2597c20*, lpNumberOfBytesWritten=0x14ec28*=0xa34, lpOverlapped=0x0) returned 1 [0210.956] CloseHandle (hObject=0x1f4) returned 1 [0210.960] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods", lpFilePart=0x0) returned 0x32 [0210.960] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods.ampkcz", lpFilePart=0x0) returned 0x39 [0210.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0210.960] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\5ez7tx.ods"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb21c2180, ftCreationTime.dwHighDateTime=0x1d81a55, ftLastAccessTime.dwLowDateTime=0x81b50d80, ftLastAccessTime.dwHighDateTime=0x1d82992, ftLastWriteTime.dwLowDateTime=0x6c2494a8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1aa34)) returned 1 [0210.960] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0210.960] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\5ez7tx.ods"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\5EZ7tX.ods.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\5ez7tx.ods.ampkcz")) returned 1 [0210.961] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\readme.txt", lpFilePart=0x0) returned 0x32 [0210.961] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0210.961] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0210.961] GetFileType (hFile=0x1f4) returned 0x1 [0210.961] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0210.961] GetFileType (hFile=0x1f4) returned 0x1 [0210.962] WriteFile (in: hFile=0x1f4, lpBuffer=0x259ae48*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x259ae48*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0210.963] CloseHandle (hObject=0x1f4) returned 1 [0210.967] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp", lpFilePart=0x0) returned 0x36 [0210.968] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp", lpFilePart=0x0) returned 0x36 [0210.968] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp", dwFileAttributes=0x80) returned 1 [0210.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0210.968] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\o0s4mtyxa7.odp"), fInfoLevelId=0x0, lpFileInformation=0x259e568 | out: lpFileInformation=0x259e568*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x38218fb0, ftCreationTime.dwHighDateTime=0x1d81b8a, ftLastAccessTime.dwLowDateTime=0x82c066d0, ftLastAccessTime.dwHighDateTime=0x1d8245f, ftLastWriteTime.dwLowDateTime=0x82c066d0, ftLastWriteTime.dwHighDateTime=0x1d8245f, nFileSizeHigh=0x0, nFileSizeLow=0xac9a)) returned 1 [0210.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0210.968] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp", lpFilePart=0x0) returned 0x36 [0210.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0210.968] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\o0s4mtyxa7.odp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0210.968] GetFileType (hFile=0x1f4) returned 0x1 [0210.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0210.968] GetFileType (hFile=0x1f4) returned 0x1 [0210.968] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xac9a [0210.969] ReadFile (in: hFile=0x1f4, lpBuffer=0x259ea00, nNumberOfBytesToRead=0xac9a, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x259ea00*, lpNumberOfBytesRead=0x14ed68*=0xac9a, lpOverlapped=0x0) returned 1 [0210.970] CloseHandle (hObject=0x1f4) returned 1 [0211.287] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp", lpFilePart=0x0) returned 0x36 [0211.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0211.287] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\o0s4mtyxa7.odp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0211.288] GetFileType (hFile=0x1f4) returned 0x1 [0211.288] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0211.288] GetFileType (hFile=0x1f4) returned 0x1 [0211.289] WriteFile (in: hFile=0x1f4, lpBuffer=0x2643108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2643108*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.290] WriteFile (in: hFile=0x1f4, lpBuffer=0x2643108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2643108*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.290] WriteFile (in: hFile=0x1f4, lpBuffer=0x2643108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2643108*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.290] WriteFile (in: hFile=0x1f4, lpBuffer=0x2643108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2643108*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.291] WriteFile (in: hFile=0x1f4, lpBuffer=0x2643108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2643108*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.291] WriteFile (in: hFile=0x1f4, lpBuffer=0x2643108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2643108*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.291] WriteFile (in: hFile=0x1f4, lpBuffer=0x2643108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2643108*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.292] WriteFile (in: hFile=0x1f4, lpBuffer=0x2643108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2643108*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.292] WriteFile (in: hFile=0x1f4, lpBuffer=0x2643108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2643108*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.292] WriteFile (in: hFile=0x1f4, lpBuffer=0x2643108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2643108*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.293] WriteFile (in: hFile=0x1f4, lpBuffer=0x2643108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2643108*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.293] WriteFile (in: hFile=0x1f4, lpBuffer=0x2643108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2643108*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.293] WriteFile (in: hFile=0x1f4, lpBuffer=0x2643108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2643108*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.294] WriteFile (in: hFile=0x1f4, lpBuffer=0x2643108*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2643108*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.294] WriteFile (in: hFile=0x1f4, lpBuffer=0x2643108*, nNumberOfBytesToWrite=0x6f4, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2643108*, lpNumberOfBytesWritten=0x14ec28*=0x6f4, lpOverlapped=0x0) returned 1 [0211.294] CloseHandle (hObject=0x1f4) returned 1 [0211.297] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp", lpFilePart=0x0) returned 0x36 [0211.297] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp.ampkcz", lpFilePart=0x0) returned 0x3d [0211.298] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0211.298] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\o0s4mtyxa7.odp"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38218fb0, ftCreationTime.dwHighDateTime=0x1d81b8a, ftLastAccessTime.dwLowDateTime=0x82c066d0, ftLastAccessTime.dwHighDateTime=0x1d8245f, ftLastWriteTime.dwLowDateTime=0x6c5818a8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xe6f4)) returned 1 [0211.298] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0211.298] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\o0s4mtyxa7.odp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\o0S4MtYXa7.odp.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\o0s4mtyxa7.odp.ampkcz")) returned 1 [0211.299] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf", lpFilePart=0x0) returned 0x33 [0211.299] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf", lpFilePart=0x0) returned 0x33 [0211.300] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf", dwFileAttributes=0x80) returned 1 [0211.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0211.300] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\qqxnup1.rtf"), fInfoLevelId=0x0, lpFileInformation=0x2644a10 | out: lpFileInformation=0x2644a10*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x276f2770, ftCreationTime.dwHighDateTime=0x1d822e9, ftLastAccessTime.dwLowDateTime=0x7dc8be50, ftLastAccessTime.dwHighDateTime=0x1d82975, ftLastWriteTime.dwLowDateTime=0x7dc8be50, ftLastWriteTime.dwHighDateTime=0x1d82975, nFileSizeHigh=0x0, nFileSizeLow=0x1ee7)) returned 1 [0211.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0211.300] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf", lpFilePart=0x0) returned 0x33 [0211.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0211.300] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\qqxnup1.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0211.300] GetFileType (hFile=0x1f4) returned 0x1 [0211.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0211.300] GetFileType (hFile=0x1f4) returned 0x1 [0211.300] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x1ee7 [0211.301] ReadFile (in: hFile=0x1f4, lpBuffer=0x2644e80, nNumberOfBytesToRead=0x1ee7, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2644e80*, lpNumberOfBytesRead=0x14ed68*=0x1ee7, lpOverlapped=0x0) returned 1 [0211.302] CloseHandle (hObject=0x1f4) returned 1 [0211.615] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf", lpFilePart=0x0) returned 0x33 [0211.615] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0211.615] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\qqxnup1.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0211.617] GetFileType (hFile=0x1f4) returned 0x1 [0211.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0211.617] GetFileType (hFile=0x1f4) returned 0x1 [0211.618] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d4360*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d4360*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.619] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d4360*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d4360*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.619] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d4360*, nNumberOfBytesToWrite=0xa08, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26d4360*, lpNumberOfBytesWritten=0x14ec28*=0xa08, lpOverlapped=0x0) returned 1 [0211.619] CloseHandle (hObject=0x1f4) returned 1 [0211.622] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf", lpFilePart=0x0) returned 0x33 [0211.622] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf.ampkcz", lpFilePart=0x0) returned 0x3a [0211.622] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0211.622] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\qqxnup1.rtf"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x276f2770, ftCreationTime.dwHighDateTime=0x1d822e9, ftLastAccessTime.dwLowDateTime=0x7dc8be50, ftLastAccessTime.dwHighDateTime=0x1d82975, ftLastWriteTime.dwLowDateTime=0x6c8981b7, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2a08)) returned 1 [0211.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0211.622] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\qqxnup1.rtf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\qQxnuP1.rtf.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\qqxnup1.rtf.ampkcz")) returned 1 [0211.658] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx", lpFilePart=0x0) returned 0x3a [0211.658] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx", lpFilePart=0x0) returned 0x3a [0211.658] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx", dwFileAttributes=0x80) returned 1 [0211.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0211.659] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\uvz3z3ayruc12.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x26d5760 | out: lpFileInformation=0x26d5760*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xede8c820, ftCreationTime.dwHighDateTime=0x1d82712, ftLastAccessTime.dwLowDateTime=0x6bca6bb0, ftLastAccessTime.dwHighDateTime=0x1d827ed, ftLastWriteTime.dwLowDateTime=0x6bca6bb0, ftLastWriteTime.dwHighDateTime=0x1d827ed, nFileSizeHigh=0x0, nFileSizeLow=0x92d4)) returned 1 [0211.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0211.659] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx", lpFilePart=0x0) returned 0x3a [0211.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0211.659] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\uvz3z3ayruc12.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0211.659] GetFileType (hFile=0x1f4) returned 0x1 [0211.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0211.659] GetFileType (hFile=0x1f4) returned 0x1 [0211.659] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x92d4 [0211.659] ReadFile (in: hFile=0x1f4, lpBuffer=0x26d5c20, nNumberOfBytesToRead=0x92d4, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x26d5c20*, lpNumberOfBytesRead=0x14ed68*=0x92d4, lpOverlapped=0x0) returned 1 [0211.661] CloseHandle (hObject=0x1f4) returned 1 [0211.934] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx", lpFilePart=0x0) returned 0x3a [0211.934] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0211.934] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\uvz3z3ayruc12.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0211.936] GetFileType (hFile=0x1f4) returned 0x1 [0211.936] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0211.936] GetFileType (hFile=0x1f4) returned 0x1 [0211.936] WriteFile (in: hFile=0x1f4, lpBuffer=0x25909d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25909d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.939] WriteFile (in: hFile=0x1f4, lpBuffer=0x25909d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25909d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.939] WriteFile (in: hFile=0x1f4, lpBuffer=0x25909d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25909d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.940] WriteFile (in: hFile=0x1f4, lpBuffer=0x25909d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25909d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.940] WriteFile (in: hFile=0x1f4, lpBuffer=0x25909d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25909d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.940] WriteFile (in: hFile=0x1f4, lpBuffer=0x25909d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25909d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.941] WriteFile (in: hFile=0x1f4, lpBuffer=0x25909d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25909d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.941] WriteFile (in: hFile=0x1f4, lpBuffer=0x25909d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25909d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.941] WriteFile (in: hFile=0x1f4, lpBuffer=0x25909d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25909d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.942] WriteFile (in: hFile=0x1f4, lpBuffer=0x25909d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25909d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.942] WriteFile (in: hFile=0x1f4, lpBuffer=0x25909d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25909d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.942] WriteFile (in: hFile=0x1f4, lpBuffer=0x25909d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25909d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0211.942] WriteFile (in: hFile=0x1f4, lpBuffer=0x25909d0*, nNumberOfBytesToWrite=0x4a0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25909d0*, lpNumberOfBytesWritten=0x14ec28*=0x4a0, lpOverlapped=0x0) returned 1 [0211.943] CloseHandle (hObject=0x1f4) returned 1 [0211.945] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx", lpFilePart=0x0) returned 0x3a [0211.945] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx.ampkcz", lpFilePart=0x0) returned 0x41 [0211.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0211.945] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\uvz3z3ayruc12.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xede8c820, ftCreationTime.dwHighDateTime=0x1d82712, ftLastAccessTime.dwLowDateTime=0x6bca6bb0, ftLastAccessTime.dwHighDateTime=0x1d827ed, ftLastWriteTime.dwLowDateTime=0x6cbaf3bc, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc4a0)) returned 1 [0211.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0211.946] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\uvz3z3ayruc12.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\uvz3Z3AyRuC12.xlsx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\f_8pl8t\\uvz3z3ayruc12.xlsx.ampkcz")) returned 1 [0211.946] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0211.946] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t", lpFilePart=0x0) returned 0x27 [0211.946] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\", lpFilePart=0x0) returned 0x28 [0211.947] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\F_8pl8t\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3fd54830, ftCreationTime.dwHighDateTime=0x1d8297e, ftLastAccessTime.dwLowDateTime=0x6cbb034e, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6cbb034e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0211.947] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3fd54830, ftCreationTime.dwHighDateTime=0x1d8297e, ftLastAccessTime.dwLowDateTime=0x6cbb034e, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6cbb034e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.947] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb21c2180, ftCreationTime.dwHighDateTime=0x1d81a55, ftLastAccessTime.dwLowDateTime=0x81b50d80, ftLastAccessTime.dwHighDateTime=0x1d82992, ftLastWriteTime.dwLowDateTime=0x6c2494a8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1aa34, dwReserved0=0x0, dwReserved1=0x0, cFileName="5EZ7tX.ods.ampkcz", cAlternateFileName="5EZ7TX~1.AMP")) returned 1 [0211.947] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38218fb0, ftCreationTime.dwHighDateTime=0x1d81b8a, ftLastAccessTime.dwLowDateTime=0x82c066d0, ftLastAccessTime.dwHighDateTime=0x1d8245f, ftLastWriteTime.dwLowDateTime=0x6c5818a8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xe6f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="o0S4MtYXa7.odp.ampkcz", cAlternateFileName="O0S4MT~1.AMP")) returned 1 [0211.948] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x276f2770, ftCreationTime.dwHighDateTime=0x1d822e9, ftLastAccessTime.dwLowDateTime=0x7dc8be50, ftLastAccessTime.dwHighDateTime=0x1d82975, ftLastWriteTime.dwLowDateTime=0x6c8981b7, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2a08, dwReserved0=0x0, dwReserved1=0x0, cFileName="qQxnuP1.rtf.ampkcz", cAlternateFileName="QQXNUP~1.AMP")) returned 1 [0211.948] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c24c245, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x6c24c245, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6c252353, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0211.948] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xede8c820, ftCreationTime.dwHighDateTime=0x1d82712, ftLastAccessTime.dwLowDateTime=0x6bca6bb0, ftLastAccessTime.dwHighDateTime=0x1d827ed, ftLastWriteTime.dwLowDateTime=0x6cbaf3bc, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc4a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uvz3Z3AyRuC12.xlsx.ampkcz", cAlternateFileName="UVZ3Z3~1.AMP")) returned 1 [0211.948] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xede8c820, ftCreationTime.dwHighDateTime=0x1d82712, ftLastAccessTime.dwLowDateTime=0x6bca6bb0, ftLastAccessTime.dwHighDateTime=0x1d827ed, ftLastWriteTime.dwLowDateTime=0x6cbaf3bc, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc4a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="uvz3Z3AyRuC12.xlsx.ampkcz", cAlternateFileName="UVZ3Z3~1.AMP")) returned 0 [0211.948] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0211.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0211.949] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0211.949] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0211.949] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi", lpFilePart=0x0) returned 0x2a [0211.949] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\", lpFilePart=0x0) returned 0x2b [0211.949] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa336b3a0, ftCreationTime.dwHighDateTime=0x1d81aba, ftLastAccessTime.dwLowDateTime=0x23674590, ftLastAccessTime.dwHighDateTime=0x1d81f8d, ftLastWriteTime.dwLowDateTime=0x23674590, ftLastWriteTime.dwHighDateTime=0x1d81f8d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0211.949] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa336b3a0, ftCreationTime.dwHighDateTime=0x1d81aba, ftLastAccessTime.dwLowDateTime=0x23674590, ftLastAccessTime.dwHighDateTime=0x1d81f8d, ftLastWriteTime.dwLowDateTime=0x23674590, ftLastWriteTime.dwHighDateTime=0x1d81f8d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0211.949] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc93de210, ftCreationTime.dwHighDateTime=0x1d82471, ftLastAccessTime.dwLowDateTime=0x453467f0, ftLastAccessTime.dwHighDateTime=0x1d82840, ftLastWriteTime.dwLowDateTime=0x453467f0, ftLastWriteTime.dwHighDateTime=0x1d82840, nFileSizeHigh=0x0, nFileSizeLow=0x185b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="-hnSJxj1Uj.xls", cAlternateFileName="-HNSJX~1.XLS")) returned 1 [0211.950] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x788cd690, ftCreationTime.dwHighDateTime=0x1d82427, ftLastAccessTime.dwLowDateTime=0x81a16610, ftLastAccessTime.dwHighDateTime=0x1d8267f, ftLastWriteTime.dwLowDateTime=0x81a16610, ftLastWriteTime.dwHighDateTime=0x1d8267f, nFileSizeHigh=0x0, nFileSizeLow=0xbed8, dwReserved0=0x0, dwReserved1=0x0, cFileName="0aqOojXPcy4.pptx", cAlternateFileName="0AQOOJ~1.PPT")) returned 1 [0211.950] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4de37400, ftCreationTime.dwHighDateTime=0x1d81fc5, ftLastAccessTime.dwLowDateTime=0xc88c35f0, ftLastAccessTime.dwHighDateTime=0x1d8225b, ftLastWriteTime.dwLowDateTime=0xc88c35f0, ftLastWriteTime.dwHighDateTime=0x1d8225b, nFileSizeHigh=0x0, nFileSizeLow=0xa127, dwReserved0=0x0, dwReserved1=0x0, cFileName="5JE02Kb.xls", cAlternateFileName="")) returned 1 [0211.950] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7eea290, ftCreationTime.dwHighDateTime=0x1d81d1a, ftLastAccessTime.dwLowDateTime=0x6b023b60, ftLastAccessTime.dwHighDateTime=0x1d8293a, ftLastWriteTime.dwLowDateTime=0x6b023b60, ftLastWriteTime.dwHighDateTime=0x1d8293a, nFileSizeHigh=0x0, nFileSizeLow=0x9cc3, dwReserved0=0x0, dwReserved1=0x0, cFileName="8G_KTv3fC9ZSX8qy.ods", cAlternateFileName="8G_KTV~1.ODS")) returned 1 [0211.950] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf80f4bc0, ftCreationTime.dwHighDateTime=0x1d81fc5, ftLastAccessTime.dwLowDateTime=0x3d142990, ftLastAccessTime.dwHighDateTime=0x1d82753, ftLastWriteTime.dwLowDateTime=0x3d142990, ftLastWriteTime.dwHighDateTime=0x1d82753, nFileSizeHigh=0x0, nFileSizeLow=0xb7f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="CFltAr.pdf", cAlternateFileName="")) returned 1 [0211.950] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x793e5c60, ftCreationTime.dwHighDateTime=0x1d81f7e, ftLastAccessTime.dwLowDateTime=0x37ac3fe0, ftLastAccessTime.dwHighDateTime=0x1d821f1, ftLastWriteTime.dwLowDateTime=0x37ac3fe0, ftLastWriteTime.dwHighDateTime=0x1d821f1, nFileSizeHigh=0x0, nFileSizeLow=0xc6a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="dv1BjUamcjV9b3.ods", cAlternateFileName="DV1BJU~1.ODS")) returned 1 [0211.950] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe7770e0, ftCreationTime.dwHighDateTime=0x1d81c33, ftLastAccessTime.dwLowDateTime=0x514b5780, ftLastAccessTime.dwHighDateTime=0x1d81d9e, ftLastWriteTime.dwLowDateTime=0x514b5780, ftLastWriteTime.dwHighDateTime=0x1d81d9e, nFileSizeHigh=0x0, nFileSizeLow=0x15bdd, dwReserved0=0x0, dwReserved1=0x0, cFileName="kDFn_YG XXw.xls", cAlternateFileName="KDFN_Y~1.XLS")) returned 1 [0211.951] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc23759c0, ftCreationTime.dwHighDateTime=0x1d82966, ftLastAccessTime.dwLowDateTime=0xd8145af0, ftLastAccessTime.dwHighDateTime=0x1d829e2, ftLastWriteTime.dwLowDateTime=0xd8145af0, ftLastWriteTime.dwHighDateTime=0x1d829e2, nFileSizeHigh=0x0, nFileSizeLow=0xc69b, dwReserved0=0x0, dwReserved1=0x0, cFileName="pKWEXKp.pps", cAlternateFileName="")) returned 1 [0211.951] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaffdf870, ftCreationTime.dwHighDateTime=0x1d82445, ftLastAccessTime.dwLowDateTime=0xb926c630, ftLastAccessTime.dwHighDateTime=0x1d8257f, ftLastWriteTime.dwLowDateTime=0xb926c630, ftLastWriteTime.dwHighDateTime=0x1d8257f, nFileSizeHigh=0x0, nFileSizeLow=0x9faa, dwReserved0=0x0, dwReserved1=0x0, cFileName="TyXrZ.docx", cAlternateFileName="TYXRZ~1.DOC")) returned 1 [0211.951] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6ce3090, ftCreationTime.dwHighDateTime=0x1d828d6, ftLastAccessTime.dwLowDateTime=0xd24f8490, ftLastAccessTime.dwHighDateTime=0x1d829ac, ftLastWriteTime.dwLowDateTime=0xd24f8490, ftLastWriteTime.dwHighDateTime=0x1d829ac, nFileSizeHigh=0x0, nFileSizeLow=0x14db7, dwReserved0=0x0, dwReserved1=0x0, cFileName="X 1zieQlirCN.ots", cAlternateFileName="X1ZIEQ~1.OTS")) returned 1 [0211.951] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef3bfc90, ftCreationTime.dwHighDateTime=0x1d81c10, ftLastAccessTime.dwLowDateTime=0xbb2b3c0, ftLastAccessTime.dwHighDateTime=0x1d81c28, ftLastWriteTime.dwLowDateTime=0xbb2b3c0, ftLastWriteTime.dwHighDateTime=0x1d81c28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="xqlp", cAlternateFileName="")) returned 1 [0211.951] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef3bfc90, ftCreationTime.dwHighDateTime=0x1d81c10, ftLastAccessTime.dwLowDateTime=0xbb2b3c0, ftLastAccessTime.dwHighDateTime=0x1d81c28, ftLastWriteTime.dwLowDateTime=0xbb2b3c0, ftLastWriteTime.dwHighDateTime=0x1d81c28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="xqlp", cAlternateFileName="")) returned 0 [0211.951] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0211.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0211.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0211.952] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls", lpFilePart=0x0) returned 0x39 [0211.952] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls", lpFilePart=0x0) returned 0x39 [0211.952] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls", dwFileAttributes=0x80) returned 1 [0211.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0211.952] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\-hnsjxj1uj.xls"), fInfoLevelId=0x0, lpFileInformation=0x25951c8 | out: lpFileInformation=0x25951c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc93de210, ftCreationTime.dwHighDateTime=0x1d82471, ftLastAccessTime.dwLowDateTime=0x453467f0, ftLastAccessTime.dwHighDateTime=0x1d82840, ftLastWriteTime.dwLowDateTime=0x453467f0, ftLastWriteTime.dwHighDateTime=0x1d82840, nFileSizeHigh=0x0, nFileSizeLow=0x185b5)) returned 1 [0211.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0211.952] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls", lpFilePart=0x0) returned 0x39 [0211.952] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0211.952] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\-hnsjxj1uj.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0211.953] GetFileType (hFile=0x1f4) returned 0x1 [0211.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0211.953] GetFileType (hFile=0x1f4) returned 0x1 [0211.953] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x185b5 [0211.953] ReadFile (in: hFile=0x1f4, lpBuffer=0x1276c0a8, nNumberOfBytesToRead=0x185b5, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x1276c0a8*, lpNumberOfBytesRead=0x14ed68*=0x185b5, lpOverlapped=0x0) returned 1 [0211.954] CloseHandle (hObject=0x1f4) returned 1 [0212.291] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls", lpFilePart=0x0) returned 0x39 [0212.291] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0212.291] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\-hnsjxj1uj.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0212.294] GetFileType (hFile=0x1f4) returned 0x1 [0212.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0212.294] GetFileType (hFile=0x1f4) returned 0x1 [0212.294] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.295] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.296] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.296] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.296] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.297] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.298] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.298] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.299] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.299] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.300] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.300] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.300] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.301] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.301] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.301] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.302] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.302] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.302] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.302] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.303] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.303] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.303] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.304] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.304] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.304] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.305] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.305] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.305] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.305] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.306] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.306] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.306] WriteFile (in: hFile=0x1f4, lpBuffer=0x251ff28*, nNumberOfBytesToWrite=0x874, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x251ff28*, lpNumberOfBytesWritten=0x14ec28*=0x874, lpOverlapped=0x0) returned 1 [0212.306] CloseHandle (hObject=0x1f4) returned 1 [0212.311] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls", lpFilePart=0x0) returned 0x39 [0212.311] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls.ampkcz", lpFilePart=0x0) returned 0x40 [0212.311] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0212.311] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\-hnsjxj1uj.xls"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc93de210, ftCreationTime.dwHighDateTime=0x1d82471, ftLastAccessTime.dwLowDateTime=0x453467f0, ftLastAccessTime.dwHighDateTime=0x1d82840, ftLastWriteTime.dwLowDateTime=0x6cf2b451, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x20874)) returned 1 [0212.311] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0212.311] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\-hnsjxj1uj.xls"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\-hnSJxj1Uj.xls.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\-hnsjxj1uj.xls.ampkcz")) returned 1 [0212.312] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\readme.txt", lpFilePart=0x0) returned 0x35 [0212.312] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0212.312] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0212.312] GetFileType (hFile=0x1f4) returned 0x1 [0212.312] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0212.313] GetFileType (hFile=0x1f4) returned 0x1 [0212.313] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523190*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x2523190*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0212.314] CloseHandle (hObject=0x1f4) returned 1 [0212.315] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx", lpFilePart=0x0) returned 0x3b [0212.315] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx", lpFilePart=0x0) returned 0x3b [0212.315] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx", dwFileAttributes=0x80) returned 1 [0212.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0212.315] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\0aqoojxpcy4.pptx"), fInfoLevelId=0x0, lpFileInformation=0x2524ba8 | out: lpFileInformation=0x2524ba8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x788cd690, ftCreationTime.dwHighDateTime=0x1d82427, ftLastAccessTime.dwLowDateTime=0x81a16610, ftLastAccessTime.dwHighDateTime=0x1d8267f, ftLastWriteTime.dwLowDateTime=0x81a16610, ftLastWriteTime.dwHighDateTime=0x1d8267f, nFileSizeHigh=0x0, nFileSizeLow=0xbed8)) returned 1 [0212.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0212.316] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx", lpFilePart=0x0) returned 0x3b [0212.316] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0212.316] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\0aqoojxpcy4.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0212.316] GetFileType (hFile=0x1f4) returned 0x1 [0212.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0212.316] GetFileType (hFile=0x1f4) returned 0x1 [0212.316] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xbed8 [0212.316] ReadFile (in: hFile=0x1f4, lpBuffer=0x2525068, nNumberOfBytesToRead=0xbed8, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2525068*, lpNumberOfBytesRead=0x14ed68*=0xbed8, lpOverlapped=0x0) returned 1 [0212.317] CloseHandle (hObject=0x1f4) returned 1 [0212.623] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx", lpFilePart=0x0) returned 0x3b [0212.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0212.623] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\0aqoojxpcy4.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0212.624] GetFileType (hFile=0x1f4) returned 0x1 [0212.625] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0212.625] GetFileType (hFile=0x1f4) returned 0x1 [0212.625] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ce078*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ce078*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.626] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ce078*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ce078*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.626] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ce078*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ce078*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.626] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ce078*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ce078*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.627] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ce078*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ce078*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.627] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ce078*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ce078*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.628] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ce078*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ce078*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.628] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ce078*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ce078*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.628] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ce078*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ce078*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.629] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ce078*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ce078*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.629] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ce078*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ce078*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.629] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ce078*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ce078*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.630] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ce078*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ce078*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.630] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ce078*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ce078*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.630] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ce078*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ce078*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.631] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ce078*, nNumberOfBytesToWrite=0xf48, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25ce078*, lpNumberOfBytesWritten=0x14ec28*=0xf48, lpOverlapped=0x0) returned 1 [0212.631] CloseHandle (hObject=0x1f4) returned 1 [0212.635] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx", lpFilePart=0x0) returned 0x3b [0212.635] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx.ampkcz", lpFilePart=0x0) returned 0x42 [0212.635] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0212.635] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\0aqoojxpcy4.pptx"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x788cd690, ftCreationTime.dwHighDateTime=0x1d82427, ftLastAccessTime.dwLowDateTime=0x81a16610, ftLastAccessTime.dwHighDateTime=0x1d8267f, ftLastWriteTime.dwLowDateTime=0x6d243ce3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xff48)) returned 1 [0212.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0212.636] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\0aqoojxpcy4.pptx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\0aqOojXPcy4.pptx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\0aqoojxpcy4.pptx.ampkcz")) returned 1 [0212.636] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls", lpFilePart=0x0) returned 0x36 [0212.636] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls", lpFilePart=0x0) returned 0x36 [0212.637] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls", dwFileAttributes=0x80) returned 1 [0212.637] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0212.637] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\5je02kb.xls"), fInfoLevelId=0x0, lpFileInformation=0x25cf470 | out: lpFileInformation=0x25cf470*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4de37400, ftCreationTime.dwHighDateTime=0x1d81fc5, ftLastAccessTime.dwLowDateTime=0xc88c35f0, ftLastAccessTime.dwHighDateTime=0x1d8225b, ftLastWriteTime.dwLowDateTime=0xc88c35f0, ftLastWriteTime.dwHighDateTime=0x1d8225b, nFileSizeHigh=0x0, nFileSizeLow=0xa127)) returned 1 [0212.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0212.637] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls", lpFilePart=0x0) returned 0x36 [0212.637] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0212.637] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\5je02kb.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0212.637] GetFileType (hFile=0x1f4) returned 0x1 [0212.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0212.638] GetFileType (hFile=0x1f4) returned 0x1 [0212.638] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xa127 [0212.638] ReadFile (in: hFile=0x1f4, lpBuffer=0x25cf8f8, nNumberOfBytesToRead=0xa127, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25cf8f8*, lpNumberOfBytesRead=0x14ed68*=0xa127, lpOverlapped=0x0) returned 1 [0212.639] CloseHandle (hObject=0x1f4) returned 1 [0212.970] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls", lpFilePart=0x0) returned 0x36 [0212.970] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0212.970] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\5je02kb.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0212.977] GetFileType (hFile=0x1f4) returned 0x1 [0212.977] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0212.977] GetFileType (hFile=0x1f4) returned 0x1 [0212.977] WriteFile (in: hFile=0x1f4, lpBuffer=0x2685490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2685490*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.979] WriteFile (in: hFile=0x1f4, lpBuffer=0x2685490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2685490*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.979] WriteFile (in: hFile=0x1f4, lpBuffer=0x2685490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2685490*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.979] WriteFile (in: hFile=0x1f4, lpBuffer=0x2685490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2685490*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.980] WriteFile (in: hFile=0x1f4, lpBuffer=0x2685490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2685490*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.980] WriteFile (in: hFile=0x1f4, lpBuffer=0x2685490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2685490*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.980] WriteFile (in: hFile=0x1f4, lpBuffer=0x2685490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2685490*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.981] WriteFile (in: hFile=0x1f4, lpBuffer=0x2685490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2685490*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.981] WriteFile (in: hFile=0x1f4, lpBuffer=0x2685490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2685490*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.981] WriteFile (in: hFile=0x1f4, lpBuffer=0x2685490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2685490*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.982] WriteFile (in: hFile=0x1f4, lpBuffer=0x2685490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2685490*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.982] WriteFile (in: hFile=0x1f4, lpBuffer=0x2685490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2685490*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.982] WriteFile (in: hFile=0x1f4, lpBuffer=0x2685490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2685490*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0212.983] WriteFile (in: hFile=0x1f4, lpBuffer=0x2685490*, nNumberOfBytesToWrite=0x7b4, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2685490*, lpNumberOfBytesWritten=0x14ec28*=0x7b4, lpOverlapped=0x0) returned 1 [0212.983] CloseHandle (hObject=0x1f4) returned 1 [0212.985] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls", lpFilePart=0x0) returned 0x36 [0212.985] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls.ampkcz", lpFilePart=0x0) returned 0x3d [0212.985] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0212.986] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\5je02kb.xls"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4de37400, ftCreationTime.dwHighDateTime=0x1d81fc5, ftLastAccessTime.dwLowDateTime=0xc88c35f0, ftLastAccessTime.dwHighDateTime=0x1d8225b, ftLastWriteTime.dwLowDateTime=0x6d596b0a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd7b4)) returned 1 [0212.986] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0212.986] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\5je02kb.xls"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\5JE02Kb.xls.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\5je02kb.xls.ampkcz")) returned 1 [0212.989] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods", lpFilePart=0x0) returned 0x3f [0212.989] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods", lpFilePart=0x0) returned 0x3f [0212.989] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods", dwFileAttributes=0x80) returned 1 [0212.989] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0212.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\8g_ktv3fc9zsx8qy.ods"), fInfoLevelId=0x0, lpFileInformation=0x2687850 | out: lpFileInformation=0x2687850*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc7eea290, ftCreationTime.dwHighDateTime=0x1d81d1a, ftLastAccessTime.dwLowDateTime=0x6b023b60, ftLastAccessTime.dwHighDateTime=0x1d8293a, ftLastWriteTime.dwLowDateTime=0x6b023b60, ftLastWriteTime.dwHighDateTime=0x1d8293a, nFileSizeHigh=0x0, nFileSizeLow=0x9cc3)) returned 1 [0212.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0212.990] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods", lpFilePart=0x0) returned 0x3f [0212.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0212.990] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\8g_ktv3fc9zsx8qy.ods"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0212.990] GetFileType (hFile=0x1f4) returned 0x1 [0212.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0212.990] GetFileType (hFile=0x1f4) returned 0x1 [0212.990] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x9cc3 [0212.990] ReadFile (in: hFile=0x1f4, lpBuffer=0x2687d38, nNumberOfBytesToRead=0x9cc3, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2687d38*, lpNumberOfBytesRead=0x14ed68*=0x9cc3, lpOverlapped=0x0) returned 1 [0212.991] CloseHandle (hObject=0x1f4) returned 1 [0213.329] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods", lpFilePart=0x0) returned 0x3f [0213.329] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0213.329] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\8g_ktv3fc9zsx8qy.ods"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0213.330] GetFileType (hFile=0x1f4) returned 0x1 [0213.331] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0213.331] GetFileType (hFile=0x1f4) returned 0x1 [0213.331] WriteFile (in: hFile=0x1f4, lpBuffer=0x253f620*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x253f620*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.332] WriteFile (in: hFile=0x1f4, lpBuffer=0x253f620*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x253f620*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.332] WriteFile (in: hFile=0x1f4, lpBuffer=0x253f620*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x253f620*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.333] WriteFile (in: hFile=0x1f4, lpBuffer=0x253f620*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x253f620*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.333] WriteFile (in: hFile=0x1f4, lpBuffer=0x253f620*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x253f620*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.333] WriteFile (in: hFile=0x1f4, lpBuffer=0x253f620*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x253f620*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.336] WriteFile (in: hFile=0x1f4, lpBuffer=0x253f620*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x253f620*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.337] WriteFile (in: hFile=0x1f4, lpBuffer=0x253f620*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x253f620*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.337] WriteFile (in: hFile=0x1f4, lpBuffer=0x253f620*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x253f620*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.337] WriteFile (in: hFile=0x1f4, lpBuffer=0x253f620*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x253f620*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.338] WriteFile (in: hFile=0x1f4, lpBuffer=0x253f620*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x253f620*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.338] WriteFile (in: hFile=0x1f4, lpBuffer=0x253f620*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x253f620*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.338] WriteFile (in: hFile=0x1f4, lpBuffer=0x253f620*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x253f620*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0213.338] WriteFile (in: hFile=0x1f4, lpBuffer=0x253f620*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x253f620*, lpNumberOfBytesWritten=0x14ec28*=0x1e0, lpOverlapped=0x0) returned 1 [0213.339] CloseHandle (hObject=0x1f4) returned 1 [0213.341] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods", lpFilePart=0x0) returned 0x3f [0213.341] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods.ampkcz", lpFilePart=0x0) returned 0x46 [0213.341] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0213.342] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\8g_ktv3fc9zsx8qy.ods"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7eea290, ftCreationTime.dwHighDateTime=0x1d81d1a, ftLastAccessTime.dwLowDateTime=0x6b023b60, ftLastAccessTime.dwHighDateTime=0x1d8293a, ftLastWriteTime.dwLowDateTime=0x6d8ffd89, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd1e0)) returned 1 [0213.342] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0213.342] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\8g_ktv3fc9zsx8qy.ods"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\8G_KTv3fC9ZSX8qy.ods.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\8g_ktv3fc9zsx8qy.ods.ampkcz")) returned 1 [0213.343] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf", lpFilePart=0x0) returned 0x35 [0213.343] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf", lpFilePart=0x0) returned 0x35 [0213.343] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf", dwFileAttributes=0x80) returned 1 [0213.344] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0213.344] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\cfltar.pdf"), fInfoLevelId=0x0, lpFileInformation=0x2540d78 | out: lpFileInformation=0x2540d78*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf80f4bc0, ftCreationTime.dwHighDateTime=0x1d81fc5, ftLastAccessTime.dwLowDateTime=0x3d142990, ftLastAccessTime.dwHighDateTime=0x1d82753, ftLastWriteTime.dwLowDateTime=0x3d142990, ftLastWriteTime.dwHighDateTime=0x1d82753, nFileSizeHigh=0x0, nFileSizeLow=0xb7f1)) returned 1 [0213.344] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0213.344] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf", lpFilePart=0x0) returned 0x35 [0213.344] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0213.344] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\cfltar.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0213.344] GetFileType (hFile=0x1f4) returned 0x1 [0213.344] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0213.344] GetFileType (hFile=0x1f4) returned 0x1 [0213.344] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xb7f1 [0213.344] ReadFile (in: hFile=0x1f4, lpBuffer=0x2541200, nNumberOfBytesToRead=0xb7f1, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2541200*, lpNumberOfBytesRead=0x14ed68*=0xb7f1, lpOverlapped=0x0) returned 1 [0213.347] CloseHandle (hObject=0x1f4) returned 1 [0213.647] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf", lpFilePart=0x0) returned 0x35 [0213.647] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0213.648] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\cfltar.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0213.649] GetFileType (hFile=0x1f4) returned 0x1 [0213.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0213.649] GetFileType (hFile=0x1f4) returned 0x1 [0213.649] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e8680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e8680*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.650] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e8680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e8680*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.651] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e8680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e8680*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.651] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e8680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e8680*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.651] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e8680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e8680*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.652] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e8680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e8680*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.652] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e8680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e8680*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.653] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e8680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e8680*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.653] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e8680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e8680*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.653] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e8680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e8680*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.654] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e8680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e8680*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.654] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e8680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e8680*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.654] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e8680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e8680*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.655] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e8680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e8680*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.655] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e8680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e8680*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.655] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e8680*, nNumberOfBytesToWrite=0x620, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25e8680*, lpNumberOfBytesWritten=0x14ec28*=0x620, lpOverlapped=0x0) returned 1 [0213.655] CloseHandle (hObject=0x1f4) returned 1 [0213.659] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf", lpFilePart=0x0) returned 0x35 [0213.659] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf.ampkcz", lpFilePart=0x0) returned 0x3c [0213.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0213.659] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\cfltar.pdf"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf80f4bc0, ftCreationTime.dwHighDateTime=0x1d81fc5, ftLastAccessTime.dwLowDateTime=0x3d142990, ftLastAccessTime.dwHighDateTime=0x1d82753, ftLastWriteTime.dwLowDateTime=0x6dc06165, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xf620)) returned 1 [0213.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0213.659] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\cfltar.pdf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\CFltAr.pdf.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\cfltar.pdf.ampkcz")) returned 1 [0213.662] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods", lpFilePart=0x0) returned 0x3d [0213.662] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods", lpFilePart=0x0) returned 0x3d [0213.662] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods", dwFileAttributes=0x80) returned 1 [0213.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0213.662] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\dv1bjuamcjv9b3.ods"), fInfoLevelId=0x0, lpFileInformation=0x25eaa38 | out: lpFileInformation=0x25eaa38*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x793e5c60, ftCreationTime.dwHighDateTime=0x1d81f7e, ftLastAccessTime.dwLowDateTime=0x37ac3fe0, ftLastAccessTime.dwHighDateTime=0x1d821f1, ftLastWriteTime.dwLowDateTime=0x37ac3fe0, ftLastWriteTime.dwHighDateTime=0x1d821f1, nFileSizeHigh=0x0, nFileSizeLow=0xc6a8)) returned 1 [0213.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0213.663] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods", lpFilePart=0x0) returned 0x3d [0213.663] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0213.663] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\dv1bjuamcjv9b3.ods"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0213.663] GetFileType (hFile=0x1f4) returned 0x1 [0213.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0213.663] GetFileType (hFile=0x1f4) returned 0x1 [0213.663] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xc6a8 [0213.663] ReadFile (in: hFile=0x1f4, lpBuffer=0x25eaf10, nNumberOfBytesToRead=0xc6a8, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25eaf10*, lpNumberOfBytesRead=0x14ed68*=0xc6a8, lpOverlapped=0x0) returned 1 [0213.664] CloseHandle (hObject=0x1f4) returned 1 [0213.967] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods", lpFilePart=0x0) returned 0x3d [0213.967] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0213.967] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\dv1bjuamcjv9b3.ods"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0213.969] GetFileType (hFile=0x1f4) returned 0x1 [0213.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0213.969] GetFileType (hFile=0x1f4) returned 0x1 [0213.969] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695e68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695e68*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.970] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695e68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695e68*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.971] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695e68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695e68*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.971] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695e68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695e68*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.971] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695e68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695e68*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.972] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695e68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695e68*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.972] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695e68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695e68*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.972] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695e68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695e68*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.973] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695e68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695e68*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.973] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695e68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695e68*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.974] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695e68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695e68*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.974] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695e68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695e68*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.974] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695e68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695e68*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.975] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695e68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695e68*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.975] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695e68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695e68*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.975] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695e68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695e68*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0213.976] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695e68*, nNumberOfBytesToWrite=0x9b4, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2695e68*, lpNumberOfBytesWritten=0x14ec28*=0x9b4, lpOverlapped=0x0) returned 1 [0213.976] CloseHandle (hObject=0x1f4) returned 1 [0213.980] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods", lpFilePart=0x0) returned 0x3d [0213.980] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods.ampkcz", lpFilePart=0x0) returned 0x44 [0213.980] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0213.980] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\dv1bjuamcjv9b3.ods"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x793e5c60, ftCreationTime.dwHighDateTime=0x1d81f7e, ftLastAccessTime.dwLowDateTime=0x37ac3fe0, ftLastAccessTime.dwHighDateTime=0x1d821f1, ftLastWriteTime.dwLowDateTime=0x6df16440, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x109b4)) returned 1 [0213.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0213.980] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\dv1bjuamcjv9b3.ods"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\dv1BjUamcjV9b3.ods.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\dv1bjuamcjv9b3.ods.ampkcz")) returned 1 [0213.981] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls", lpFilePart=0x0) returned 0x3a [0213.981] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls", lpFilePart=0x0) returned 0x3a [0213.982] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls", dwFileAttributes=0x80) returned 1 [0213.982] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0213.982] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\kdfn_yg xxw.xls"), fInfoLevelId=0x0, lpFileInformation=0x2697280 | out: lpFileInformation=0x2697280*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xfe7770e0, ftCreationTime.dwHighDateTime=0x1d81c33, ftLastAccessTime.dwLowDateTime=0x514b5780, ftLastAccessTime.dwHighDateTime=0x1d81d9e, ftLastWriteTime.dwLowDateTime=0x514b5780, ftLastWriteTime.dwHighDateTime=0x1d81d9e, nFileSizeHigh=0x0, nFileSizeLow=0x15bdd)) returned 1 [0213.982] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0213.982] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls", lpFilePart=0x0) returned 0x3a [0213.982] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0213.982] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\kdfn_yg xxw.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0213.983] GetFileType (hFile=0x1f4) returned 0x1 [0213.983] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0213.983] GetFileType (hFile=0x1f4) returned 0x1 [0213.983] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x15bdd [0213.983] ReadFile (in: hFile=0x1f4, lpBuffer=0x126dcbe8, nNumberOfBytesToRead=0x15bdd, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x126dcbe8*, lpNumberOfBytesRead=0x14ed68*=0x15bdd, lpOverlapped=0x0) returned 1 [0213.985] CloseHandle (hObject=0x1f4) returned 1 [0214.397] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls", lpFilePart=0x0) returned 0x3a [0214.397] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0214.397] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\kdfn_yg xxw.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0214.399] GetFileType (hFile=0x1f4) returned 0x1 [0214.399] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0214.399] GetFileType (hFile=0x1f4) returned 0x1 [0214.399] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.401] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.401] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.401] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.402] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.402] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.402] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.403] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.403] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.404] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.404] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.405] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.405] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.405] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.406] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.406] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.406] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.407] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.407] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.407] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.408] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.408] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.408] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.409] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.409] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.409] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.410] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.410] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.410] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0214.411] WriteFile (in: hFile=0x1f4, lpBuffer=0x2710b80*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2710b80*, lpNumberOfBytesWritten=0x14ec28*=0xa0, lpOverlapped=0x0) returned 1 [0214.411] CloseHandle (hObject=0x1f4) returned 1 [0214.415] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls", lpFilePart=0x0) returned 0x3a [0214.415] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls.ampkcz", lpFilePart=0x0) returned 0x41 [0214.415] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0214.415] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\kdfn_yg xxw.xls"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe7770e0, ftCreationTime.dwHighDateTime=0x1d81c33, ftLastAccessTime.dwLowDateTime=0x514b5780, ftLastAccessTime.dwHighDateTime=0x1d81d9e, ftLastWriteTime.dwLowDateTime=0x6e33c44a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d0a0)) returned 1 [0214.415] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0214.415] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\kdfn_yg xxw.xls"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\kDFn_YG XXw.xls.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\kdfn_yg xxw.xls.ampkcz")) returned 1 [0214.421] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps", lpFilePart=0x0) returned 0x36 [0214.421] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps", lpFilePart=0x0) returned 0x36 [0214.421] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps", dwFileAttributes=0x80) returned 1 [0214.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0214.422] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\pkwexkp.pps"), fInfoLevelId=0x0, lpFileInformation=0x27135a8 | out: lpFileInformation=0x27135a8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc23759c0, ftCreationTime.dwHighDateTime=0x1d82966, ftLastAccessTime.dwLowDateTime=0xd8145af0, ftLastAccessTime.dwHighDateTime=0x1d829e2, ftLastWriteTime.dwLowDateTime=0xd8145af0, ftLastWriteTime.dwHighDateTime=0x1d829e2, nFileSizeHigh=0x0, nFileSizeLow=0xc69b)) returned 1 [0214.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0214.422] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps", lpFilePart=0x0) returned 0x36 [0214.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0214.422] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\pkwexkp.pps"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0214.422] GetFileType (hFile=0x1f4) returned 0x1 [0214.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0214.422] GetFileType (hFile=0x1f4) returned 0x1 [0214.422] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xc69b [0214.422] ReadFile (in: hFile=0x1f4, lpBuffer=0x2713a30, nNumberOfBytesToRead=0xc69b, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2713a30*, lpNumberOfBytesRead=0x14ed68*=0xc69b, lpOverlapped=0x0) returned 1 [0214.424] CloseHandle (hObject=0x1f4) returned 1 [0214.793] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps", lpFilePart=0x0) returned 0x36 [0214.794] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0214.794] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\pkwexkp.pps"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0214.796] GetFileType (hFile=0x1f4) returned 0x1 [0214.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0214.796] GetFileType (hFile=0x1f4) returned 0x1 [0214.796] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25cb660*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.797] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25cb660*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.798] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25cb660*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.798] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25cb660*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.798] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25cb660*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.799] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25cb660*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.799] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25cb660*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.799] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25cb660*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.800] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25cb660*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.800] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25cb660*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.800] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25cb660*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.801] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25cb660*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.801] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25cb660*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.801] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25cb660*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.802] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25cb660*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.802] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25cb660*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0214.802] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cb660*, nNumberOfBytesToWrite=0x9a0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25cb660*, lpNumberOfBytesWritten=0x14ec28*=0x9a0, lpOverlapped=0x0) returned 1 [0214.802] CloseHandle (hObject=0x1f4) returned 1 [0214.806] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps", lpFilePart=0x0) returned 0x36 [0214.806] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps.ampkcz", lpFilePart=0x0) returned 0x3d [0214.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0214.807] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\pkwexkp.pps"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc23759c0, ftCreationTime.dwHighDateTime=0x1d82966, ftLastAccessTime.dwLowDateTime=0xd8145af0, ftLastAccessTime.dwHighDateTime=0x1d829e2, ftLastWriteTime.dwLowDateTime=0x6e6f8084, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x109a0)) returned 1 [0214.807] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0214.807] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\pkwexkp.pps"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\pKWEXKp.pps.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\pkwexkp.pps.ampkcz")) returned 1 [0214.808] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx", lpFilePart=0x0) returned 0x35 [0214.808] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx", lpFilePart=0x0) returned 0x35 [0214.808] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx", dwFileAttributes=0x80) returned 1 [0214.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0214.809] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\tyxrz.docx"), fInfoLevelId=0x0, lpFileInformation=0x25cca18 | out: lpFileInformation=0x25cca18*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xaffdf870, ftCreationTime.dwHighDateTime=0x1d82445, ftLastAccessTime.dwLowDateTime=0xb926c630, ftLastAccessTime.dwHighDateTime=0x1d8257f, ftLastWriteTime.dwLowDateTime=0xb926c630, ftLastWriteTime.dwHighDateTime=0x1d8257f, nFileSizeHigh=0x0, nFileSizeLow=0x9faa)) returned 1 [0214.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0214.809] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx", lpFilePart=0x0) returned 0x35 [0214.809] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0214.809] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\tyxrz.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0214.809] GetFileType (hFile=0x1f4) returned 0x1 [0214.809] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0214.809] GetFileType (hFile=0x1f4) returned 0x1 [0214.809] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x9faa [0214.809] ReadFile (in: hFile=0x1f4, lpBuffer=0x25ccea0, nNumberOfBytesToRead=0x9faa, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25ccea0*, lpNumberOfBytesRead=0x14ed68*=0x9faa, lpOverlapped=0x0) returned 1 [0214.810] CloseHandle (hObject=0x1f4) returned 1 [0215.125] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx", lpFilePart=0x0) returned 0x35 [0215.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0215.125] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\tyxrz.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0215.126] GetFileType (hFile=0x1f4) returned 0x1 [0215.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0215.127] GetFileType (hFile=0x1f4) returned 0x1 [0215.127] WriteFile (in: hFile=0x1f4, lpBuffer=0x2529ef0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2529ef0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0215.128] WriteFile (in: hFile=0x1f4, lpBuffer=0x2529ef0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2529ef0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0215.128] WriteFile (in: hFile=0x1f4, lpBuffer=0x2529ef0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2529ef0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0215.129] WriteFile (in: hFile=0x1f4, lpBuffer=0x2529ef0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2529ef0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0215.129] WriteFile (in: hFile=0x1f4, lpBuffer=0x2529ef0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2529ef0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0215.129] WriteFile (in: hFile=0x1f4, lpBuffer=0x2529ef0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2529ef0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0215.130] WriteFile (in: hFile=0x1f4, lpBuffer=0x2529ef0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2529ef0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0215.130] WriteFile (in: hFile=0x1f4, lpBuffer=0x2529ef0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2529ef0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0215.130] WriteFile (in: hFile=0x1f4, lpBuffer=0x2529ef0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2529ef0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0215.133] WriteFile (in: hFile=0x1f4, lpBuffer=0x2529ef0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2529ef0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0215.133] WriteFile (in: hFile=0x1f4, lpBuffer=0x2529ef0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2529ef0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0215.134] WriteFile (in: hFile=0x1f4, lpBuffer=0x2529ef0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2529ef0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0215.134] WriteFile (in: hFile=0x1f4, lpBuffer=0x2529ef0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2529ef0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0215.134] WriteFile (in: hFile=0x1f4, lpBuffer=0x2529ef0*, nNumberOfBytesToWrite=0x5b4, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2529ef0*, lpNumberOfBytesWritten=0x14ec28*=0x5b4, lpOverlapped=0x0) returned 1 [0215.134] CloseHandle (hObject=0x1f4) returned 1 [0215.137] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx", lpFilePart=0x0) returned 0x35 [0215.137] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx.ampkcz", lpFilePart=0x0) returned 0x3c [0215.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0215.137] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\tyxrz.docx"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaffdf870, ftCreationTime.dwHighDateTime=0x1d82445, ftLastAccessTime.dwLowDateTime=0xb926c630, ftLastAccessTime.dwHighDateTime=0x1d8257f, ftLastWriteTime.dwLowDateTime=0x6ea2070c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd5b4)) returned 1 [0215.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0215.138] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\tyxrz.docx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\TyXrZ.docx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\tyxrz.docx.ampkcz")) returned 1 [0215.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0215.145] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi", lpFilePart=0x0) returned 0x2a [0215.145] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\", lpFilePart=0x0) returned 0x2b [0215.145] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa336b3a0, ftCreationTime.dwHighDateTime=0x1d81aba, ftLastAccessTime.dwLowDateTime=0x6ea21f25, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6ea21f25, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0215.146] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa336b3a0, ftCreationTime.dwHighDateTime=0x1d81aba, ftLastAccessTime.dwLowDateTime=0x6ea21f25, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6ea21f25, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0215.146] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc93de210, ftCreationTime.dwHighDateTime=0x1d82471, ftLastAccessTime.dwLowDateTime=0x453467f0, ftLastAccessTime.dwHighDateTime=0x1d82840, ftLastWriteTime.dwLowDateTime=0x6cf2b451, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x20874, dwReserved0=0x0, dwReserved1=0x0, cFileName="-hnSJxj1Uj.xls.ampkcz", cAlternateFileName="-HNSJX~1.AMP")) returned 1 [0215.146] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x788cd690, ftCreationTime.dwHighDateTime=0x1d82427, ftLastAccessTime.dwLowDateTime=0x81a16610, ftLastAccessTime.dwHighDateTime=0x1d8267f, ftLastWriteTime.dwLowDateTime=0x6d243ce3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xff48, dwReserved0=0x0, dwReserved1=0x0, cFileName="0aqOojXPcy4.pptx.ampkcz", cAlternateFileName="0AQOOJ~1.AMP")) returned 1 [0215.146] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4de37400, ftCreationTime.dwHighDateTime=0x1d81fc5, ftLastAccessTime.dwLowDateTime=0xc88c35f0, ftLastAccessTime.dwHighDateTime=0x1d8225b, ftLastWriteTime.dwLowDateTime=0x6d596b0a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd7b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="5JE02Kb.xls.ampkcz", cAlternateFileName="5JE02K~1.AMP")) returned 1 [0215.146] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7eea290, ftCreationTime.dwHighDateTime=0x1d81d1a, ftLastAccessTime.dwLowDateTime=0x6b023b60, ftLastAccessTime.dwHighDateTime=0x1d8293a, ftLastWriteTime.dwLowDateTime=0x6d8ffd89, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd1e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8G_KTv3fC9ZSX8qy.ods.ampkcz", cAlternateFileName="8G_KTV~1.AMP")) returned 1 [0215.147] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf80f4bc0, ftCreationTime.dwHighDateTime=0x1d81fc5, ftLastAccessTime.dwLowDateTime=0x3d142990, ftLastAccessTime.dwHighDateTime=0x1d82753, ftLastWriteTime.dwLowDateTime=0x6dc06165, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xf620, dwReserved0=0x0, dwReserved1=0x0, cFileName="CFltAr.pdf.ampkcz", cAlternateFileName="CFLTAR~1.AMP")) returned 1 [0215.147] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x793e5c60, ftCreationTime.dwHighDateTime=0x1d81f7e, ftLastAccessTime.dwLowDateTime=0x37ac3fe0, ftLastAccessTime.dwHighDateTime=0x1d821f1, ftLastWriteTime.dwLowDateTime=0x6df16440, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x109b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="dv1BjUamcjV9b3.ods.ampkcz", cAlternateFileName="DV1BJU~1.AMP")) returned 1 [0215.147] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfe7770e0, ftCreationTime.dwHighDateTime=0x1d81c33, ftLastAccessTime.dwLowDateTime=0x514b5780, ftLastAccessTime.dwHighDateTime=0x1d81d9e, ftLastWriteTime.dwLowDateTime=0x6e33c44a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d0a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="kDFn_YG XXw.xls.ampkcz", cAlternateFileName="KDFN_Y~1.AMP")) returned 1 [0215.147] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc23759c0, ftCreationTime.dwHighDateTime=0x1d82966, ftLastAccessTime.dwLowDateTime=0xd8145af0, ftLastAccessTime.dwHighDateTime=0x1d829e2, ftLastWriteTime.dwLowDateTime=0x6e6f8084, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x109a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pKWEXKp.pps.ampkcz", cAlternateFileName="PKWEXK~1.AMP")) returned 1 [0215.147] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6cf2ef88, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x6cf2ef88, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6cf351a9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0215.147] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaffdf870, ftCreationTime.dwHighDateTime=0x1d82445, ftLastAccessTime.dwLowDateTime=0xb926c630, ftLastAccessTime.dwHighDateTime=0x1d8257f, ftLastWriteTime.dwLowDateTime=0x6ea2070c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd5b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="TyXrZ.docx.ampkcz", cAlternateFileName="TYXRZD~1.AMP")) returned 1 [0215.148] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6ce3090, ftCreationTime.dwHighDateTime=0x1d828d6, ftLastAccessTime.dwLowDateTime=0xd24f8490, ftLastAccessTime.dwHighDateTime=0x1d829ac, ftLastWriteTime.dwLowDateTime=0xd24f8490, ftLastWriteTime.dwHighDateTime=0x1d829ac, nFileSizeHigh=0x0, nFileSizeLow=0x14db7, dwReserved0=0x0, dwReserved1=0x0, cFileName="X 1zieQlirCN.ots", cAlternateFileName="X1ZIEQ~1.OTS")) returned 1 [0215.148] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef3bfc90, ftCreationTime.dwHighDateTime=0x1d81c10, ftLastAccessTime.dwLowDateTime=0xbb2b3c0, ftLastAccessTime.dwHighDateTime=0x1d81c28, ftLastWriteTime.dwLowDateTime=0xbb2b3c0, ftLastWriteTime.dwHighDateTime=0x1d81c28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="xqlp", cAlternateFileName="")) returned 1 [0215.148] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0215.148] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0215.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0215.148] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0215.148] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0215.148] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp", lpFilePart=0x0) returned 0x2f [0215.148] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\", lpFilePart=0x0) returned 0x30 [0215.148] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef3bfc90, ftCreationTime.dwHighDateTime=0x1d81c10, ftLastAccessTime.dwLowDateTime=0xbb2b3c0, ftLastAccessTime.dwHighDateTime=0x1d81c28, ftLastWriteTime.dwLowDateTime=0xbb2b3c0, ftLastWriteTime.dwHighDateTime=0x1d81c28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0215.149] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef3bfc90, ftCreationTime.dwHighDateTime=0x1d81c10, ftLastAccessTime.dwLowDateTime=0xbb2b3c0, ftLastAccessTime.dwHighDateTime=0x1d81c28, ftLastWriteTime.dwLowDateTime=0xbb2b3c0, ftLastWriteTime.dwHighDateTime=0x1d81c28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0215.149] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbdc34570, ftCreationTime.dwHighDateTime=0x1d822d1, ftLastAccessTime.dwLowDateTime=0xe1e50360, ftLastAccessTime.dwHighDateTime=0x1d82959, ftLastWriteTime.dwLowDateTime=0xe1e50360, ftLastWriteTime.dwHighDateTime=0x1d82959, nFileSizeHigh=0x0, nFileSizeLow=0x16aad, dwReserved0=0x0, dwReserved1=0x0, cFileName="D6AC.pptx", cAlternateFileName="D6AC~1.PPT")) returned 1 [0215.149] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62540c00, ftCreationTime.dwHighDateTime=0x1d81fd5, ftLastAccessTime.dwLowDateTime=0x314b6600, ftLastAccessTime.dwHighDateTime=0x1d822cb, ftLastWriteTime.dwLowDateTime=0x314b6600, ftLastWriteTime.dwHighDateTime=0x1d822cb, nFileSizeHigh=0x0, nFileSizeLow=0x42ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="hV7Qa.ods", cAlternateFileName="")) returned 1 [0215.149] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8b4dea0, ftCreationTime.dwHighDateTime=0x1d820d1, ftLastAccessTime.dwLowDateTime=0x9d5d8f00, ftLastAccessTime.dwHighDateTime=0x1d82887, ftLastWriteTime.dwLowDateTime=0x9d5d8f00, ftLastWriteTime.dwHighDateTime=0x1d82887, nFileSizeHigh=0x0, nFileSizeLow=0xb065, dwReserved0=0x0, dwReserved1=0x0, cFileName="iANwPv2pHlptalL2csWw.xlsx", cAlternateFileName="IANWPV~1.XLS")) returned 1 [0215.149] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69bfa190, ftCreationTime.dwHighDateTime=0x1d81e6b, ftLastAccessTime.dwLowDateTime=0x1dc72fa0, ftLastAccessTime.dwHighDateTime=0x1d824c5, ftLastWriteTime.dwLowDateTime=0x1dc72fa0, ftLastWriteTime.dwHighDateTime=0x1d824c5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="We3dETs", cAlternateFileName="")) returned 1 [0215.150] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69bfa190, ftCreationTime.dwHighDateTime=0x1d81e6b, ftLastAccessTime.dwLowDateTime=0x1dc72fa0, ftLastAccessTime.dwHighDateTime=0x1d824c5, ftLastWriteTime.dwLowDateTime=0x1dc72fa0, ftLastWriteTime.dwHighDateTime=0x1d824c5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="We3dETs", cAlternateFileName="")) returned 0 [0215.150] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0215.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0215.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0215.150] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx", lpFilePart=0x0) returned 0x39 [0215.150] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx", lpFilePart=0x0) returned 0x39 [0215.150] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx", dwFileAttributes=0x80) returned 1 [0215.150] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0215.150] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\d6ac.pptx"), fInfoLevelId=0x0, lpFileInformation=0x25310b8 | out: lpFileInformation=0x25310b8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbdc34570, ftCreationTime.dwHighDateTime=0x1d822d1, ftLastAccessTime.dwLowDateTime=0xe1e50360, ftLastAccessTime.dwHighDateTime=0x1d82959, ftLastWriteTime.dwLowDateTime=0xe1e50360, ftLastWriteTime.dwHighDateTime=0x1d82959, nFileSizeHigh=0x0, nFileSizeLow=0x16aad)) returned 1 [0215.151] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0215.151] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx", lpFilePart=0x0) returned 0x39 [0215.151] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0215.151] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\d6ac.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0215.151] GetFileType (hFile=0x1f4) returned 0x1 [0215.151] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0215.151] GetFileType (hFile=0x1f4) returned 0x1 [0215.151] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x16aad [0215.152] ReadFile (in: hFile=0x1f4, lpBuffer=0x1255f7a8, nNumberOfBytesToRead=0x16aad, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x1255f7a8*, lpNumberOfBytesRead=0x14ecf8*=0x16aad, lpOverlapped=0x0) returned 1 [0215.154] CloseHandle (hObject=0x1f4) returned 1 [0215.559] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx", lpFilePart=0x0) returned 0x39 [0215.559] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0215.559] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\d6ac.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0215.562] GetFileType (hFile=0x1f4) returned 0x1 [0215.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0215.562] GetFileType (hFile=0x1f4) returned 0x1 [0215.563] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.564] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.565] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.565] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.566] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.566] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.566] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.567] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.567] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.567] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.567] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.568] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.568] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.568] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.569] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.569] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.569] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.570] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.570] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.571] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.571] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.571] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.572] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.572] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.572] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.573] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.573] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.573] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.574] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.574] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.574] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aa9a0*, nNumberOfBytesToWrite=0x460, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x25aa9a0*, lpNumberOfBytesWritten=0x14ebb8*=0x460, lpOverlapped=0x0) returned 1 [0215.574] CloseHandle (hObject=0x1f4) returned 1 [0215.578] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx", lpFilePart=0x0) returned 0x39 [0215.578] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx.ampkcz", lpFilePart=0x0) returned 0x40 [0215.578] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0215.578] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\d6ac.pptx"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbdc34570, ftCreationTime.dwHighDateTime=0x1d822d1, ftLastAccessTime.dwLowDateTime=0xe1e50360, ftLastAccessTime.dwHighDateTime=0x1d82959, ftLastWriteTime.dwLowDateTime=0x6ee54cd9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1e460)) returned 1 [0215.578] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0215.579] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\d6ac.pptx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\D6AC.pptx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\d6ac.pptx.ampkcz")) returned 1 [0215.580] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\readme.txt", lpFilePart=0x0) returned 0x3a [0215.580] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0215.580] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0215.581] GetFileType (hFile=0x1f4) returned 0x1 [0215.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0215.581] GetFileType (hFile=0x1f4) returned 0x1 [0215.581] WriteFile (in: hFile=0x1f4, lpBuffer=0x25adc18*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ec68, lpOverlapped=0x0 | out: lpBuffer=0x25adc18*, lpNumberOfBytesWritten=0x14ec68*=0x6c6, lpOverlapped=0x0) returned 1 [0215.585] CloseHandle (hObject=0x1f4) returned 1 [0215.588] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods", lpFilePart=0x0) returned 0x39 [0215.588] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods", lpFilePart=0x0) returned 0x39 [0215.588] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods", dwFileAttributes=0x80) returned 1 [0215.588] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0215.589] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\hv7qa.ods"), fInfoLevelId=0x0, lpFileInformation=0x25b0570 | out: lpFileInformation=0x25b0570*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x62540c00, ftCreationTime.dwHighDateTime=0x1d81fd5, ftLastAccessTime.dwLowDateTime=0x314b6600, ftLastAccessTime.dwHighDateTime=0x1d822cb, ftLastWriteTime.dwLowDateTime=0x314b6600, ftLastWriteTime.dwHighDateTime=0x1d822cb, nFileSizeHigh=0x0, nFileSizeLow=0x42ad)) returned 1 [0215.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0215.589] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods", lpFilePart=0x0) returned 0x39 [0215.589] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0215.589] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\hv7qa.ods"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0215.589] GetFileType (hFile=0x1f4) returned 0x1 [0215.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0215.589] GetFileType (hFile=0x1f4) returned 0x1 [0215.589] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x42ad [0215.589] ReadFile (in: hFile=0x1f4, lpBuffer=0x25b0a10, nNumberOfBytesToRead=0x42ad, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x25b0a10*, lpNumberOfBytesRead=0x14ecf8*=0x42ad, lpOverlapped=0x0) returned 1 [0215.590] CloseHandle (hObject=0x1f4) returned 1 [0215.881] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods", lpFilePart=0x0) returned 0x39 [0215.881] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0215.881] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\hv7qa.ods"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0215.883] GetFileType (hFile=0x1f4) returned 0x1 [0215.883] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0215.883] GetFileType (hFile=0x1f4) returned 0x1 [0215.883] WriteFile (in: hFile=0x1f4, lpBuffer=0x2659430*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2659430*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.884] WriteFile (in: hFile=0x1f4, lpBuffer=0x2659430*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2659430*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.884] WriteFile (in: hFile=0x1f4, lpBuffer=0x2659430*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2659430*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.885] WriteFile (in: hFile=0x1f4, lpBuffer=0x2659430*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2659430*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.885] WriteFile (in: hFile=0x1f4, lpBuffer=0x2659430*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2659430*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0215.885] WriteFile (in: hFile=0x1f4, lpBuffer=0x2659430*, nNumberOfBytesToWrite=0x9b4, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x2659430*, lpNumberOfBytesWritten=0x14ebb8*=0x9b4, lpOverlapped=0x0) returned 1 [0215.886] CloseHandle (hObject=0x1f4) returned 1 [0215.888] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods", lpFilePart=0x0) returned 0x39 [0215.888] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods.ampkcz", lpFilePart=0x0) returned 0x40 [0215.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0215.888] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\hv7qa.ods"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62540c00, ftCreationTime.dwHighDateTime=0x1d81fd5, ftLastAccessTime.dwLowDateTime=0x314b6600, ftLastAccessTime.dwHighDateTime=0x1d822cb, ftLastWriteTime.dwLowDateTime=0x6f149ab8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x59b4)) returned 1 [0215.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0215.889] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\hv7qa.ods"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\hV7Qa.ods.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\hv7qa.ods.ampkcz")) returned 1 [0215.890] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx", lpFilePart=0x0) returned 0x49 [0215.890] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx", lpFilePart=0x0) returned 0x49 [0215.890] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx", dwFileAttributes=0x80) returned 1 [0215.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0215.890] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\ianwpv2phlptall2csww.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x265a870 | out: lpFileInformation=0x265a870*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc8b4dea0, ftCreationTime.dwHighDateTime=0x1d820d1, ftLastAccessTime.dwLowDateTime=0x9d5d8f00, ftLastAccessTime.dwHighDateTime=0x1d82887, ftLastWriteTime.dwLowDateTime=0x9d5d8f00, ftLastWriteTime.dwHighDateTime=0x1d82887, nFileSizeHigh=0x0, nFileSizeLow=0xb065)) returned 1 [0215.890] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0215.890] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx", lpFilePart=0x0) returned 0x49 [0215.890] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0215.890] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\ianwpv2phlptall2csww.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0215.891] GetFileType (hFile=0x1f4) returned 0x1 [0215.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0215.891] GetFileType (hFile=0x1f4) returned 0x1 [0215.891] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0xb065 [0215.891] ReadFile (in: hFile=0x1f4, lpBuffer=0x265adb0, nNumberOfBytesToRead=0xb065, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x265adb0*, lpNumberOfBytesRead=0x14ecf8*=0xb065, lpOverlapped=0x0) returned 1 [0215.892] CloseHandle (hObject=0x1f4) returned 1 [0216.207] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx", lpFilePart=0x0) returned 0x49 [0216.207] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0216.207] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\ianwpv2phlptall2csww.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0216.210] GetFileType (hFile=0x1f4) returned 0x1 [0216.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0216.211] GetFileType (hFile=0x1f4) returned 0x1 [0216.211] WriteFile (in: hFile=0x1f4, lpBuffer=0x2700438*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2700438*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0216.212] WriteFile (in: hFile=0x1f4, lpBuffer=0x2700438*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2700438*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0216.213] WriteFile (in: hFile=0x1f4, lpBuffer=0x2700438*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2700438*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0216.213] WriteFile (in: hFile=0x1f4, lpBuffer=0x2700438*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2700438*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0216.214] WriteFile (in: hFile=0x1f4, lpBuffer=0x2700438*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2700438*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0216.214] WriteFile (in: hFile=0x1f4, lpBuffer=0x2700438*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2700438*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0216.215] WriteFile (in: hFile=0x1f4, lpBuffer=0x2700438*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2700438*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0216.215] WriteFile (in: hFile=0x1f4, lpBuffer=0x2700438*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2700438*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0216.216] WriteFile (in: hFile=0x1f4, lpBuffer=0x2700438*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2700438*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0216.216] WriteFile (in: hFile=0x1f4, lpBuffer=0x2700438*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2700438*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0216.216] WriteFile (in: hFile=0x1f4, lpBuffer=0x2700438*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2700438*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0216.217] WriteFile (in: hFile=0x1f4, lpBuffer=0x2700438*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2700438*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0216.217] WriteFile (in: hFile=0x1f4, lpBuffer=0x2700438*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2700438*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0216.217] WriteFile (in: hFile=0x1f4, lpBuffer=0x2700438*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2700438*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0216.218] WriteFile (in: hFile=0x1f4, lpBuffer=0x2700438*, nNumberOfBytesToWrite=0xc08, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x2700438*, lpNumberOfBytesWritten=0x14ebb8*=0xc08, lpOverlapped=0x0) returned 1 [0216.218] CloseHandle (hObject=0x1f4) returned 1 [0216.221] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx", lpFilePart=0x0) returned 0x49 [0216.221] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx.ampkcz", lpFilePart=0x0) returned 0x50 [0216.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0216.221] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\ianwpv2phlptall2csww.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8b4dea0, ftCreationTime.dwHighDateTime=0x1d820d1, ftLastAccessTime.dwLowDateTime=0x9d5d8f00, ftLastAccessTime.dwHighDateTime=0x1d82887, ftLastWriteTime.dwLowDateTime=0x6f475800, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xec08)) returned 1 [0216.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0216.221] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\ianwpv2phlptall2csww.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\iANwPv2pHlptalL2csWw.xlsx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\ianwpv2phlptall2csww.xlsx.ampkcz")) returned 1 [0216.222] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0216.222] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp", lpFilePart=0x0) returned 0x2f [0216.222] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\", lpFilePart=0x0) returned 0x30 [0216.223] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef3bfc90, ftCreationTime.dwHighDateTime=0x1d81c10, ftLastAccessTime.dwLowDateTime=0x6f477bb8, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6f477bb8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0216.223] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xef3bfc90, ftCreationTime.dwHighDateTime=0x1d81c10, ftLastAccessTime.dwLowDateTime=0x6f477bb8, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6f477bb8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0216.224] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbdc34570, ftCreationTime.dwHighDateTime=0x1d822d1, ftLastAccessTime.dwLowDateTime=0xe1e50360, ftLastAccessTime.dwHighDateTime=0x1d82959, ftLastWriteTime.dwLowDateTime=0x6ee54cd9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1e460, dwReserved0=0x0, dwReserved1=0x0, cFileName="D6AC.pptx.ampkcz", cAlternateFileName="D6ACPP~1.AMP")) returned 1 [0216.224] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x62540c00, ftCreationTime.dwHighDateTime=0x1d81fd5, ftLastAccessTime.dwLowDateTime=0x314b6600, ftLastAccessTime.dwHighDateTime=0x1d822cb, ftLastWriteTime.dwLowDateTime=0x6f149ab8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x59b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="hV7Qa.ods.ampkcz", cAlternateFileName="HV7QAO~1.AMP")) returned 1 [0216.224] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8b4dea0, ftCreationTime.dwHighDateTime=0x1d820d1, ftLastAccessTime.dwLowDateTime=0x9d5d8f00, ftLastAccessTime.dwHighDateTime=0x1d82887, ftLastWriteTime.dwLowDateTime=0x6f475800, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xec08, dwReserved0=0x0, dwReserved1=0x0, cFileName="iANwPv2pHlptalL2csWw.xlsx.ampkcz", cAlternateFileName="IANWPV~1.AMP")) returned 1 [0216.224] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6ee59e8a, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x6ee59e8a, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6ee67636, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0216.224] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69bfa190, ftCreationTime.dwHighDateTime=0x1d81e6b, ftLastAccessTime.dwLowDateTime=0x1dc72fa0, ftLastAccessTime.dwHighDateTime=0x1d824c5, ftLastWriteTime.dwLowDateTime=0x1dc72fa0, ftLastWriteTime.dwHighDateTime=0x1d824c5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="We3dETs", cAlternateFileName="")) returned 1 [0216.224] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0216.225] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0216.225] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0216.225] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0216.225] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0216.225] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs", lpFilePart=0x0) returned 0x37 [0216.225] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\", lpFilePart=0x0) returned 0x38 [0216.225] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69bfa190, ftCreationTime.dwHighDateTime=0x1d81e6b, ftLastAccessTime.dwLowDateTime=0x1dc72fa0, ftLastAccessTime.dwHighDateTime=0x1d824c5, ftLastWriteTime.dwLowDateTime=0x1dc72fa0, ftLastWriteTime.dwHighDateTime=0x1d824c5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0216.225] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69bfa190, ftCreationTime.dwHighDateTime=0x1d81e6b, ftLastAccessTime.dwLowDateTime=0x1dc72fa0, ftLastAccessTime.dwHighDateTime=0x1d824c5, ftLastWriteTime.dwLowDateTime=0x1dc72fa0, ftLastWriteTime.dwHighDateTime=0x1d824c5, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0216.226] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x349b8cb0, ftCreationTime.dwHighDateTime=0x1d8231e, ftLastAccessTime.dwLowDateTime=0xd07226a0, ftLastAccessTime.dwHighDateTime=0x1d82399, ftLastWriteTime.dwLowDateTime=0xd07226a0, ftLastWriteTime.dwHighDateTime=0x1d82399, nFileSizeHigh=0x0, nFileSizeLow=0x1839, dwReserved0=0x0, dwReserved1=0x0, cFileName="bRsSZdBZoL qdvafNLF.pptx", cAlternateFileName="BRSSZD~1.PPT")) returned 1 [0216.226] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50584240, ftCreationTime.dwHighDateTime=0x1d81ecd, ftLastAccessTime.dwLowDateTime=0xd309da60, ftLastAccessTime.dwHighDateTime=0x1d825bb, ftLastWriteTime.dwLowDateTime=0xd309da60, ftLastWriteTime.dwHighDateTime=0x1d825bb, nFileSizeHigh=0x0, nFileSizeLow=0xd4d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="FiPmvzuFqtW5HPbrQ_Z.pptx", cAlternateFileName="FIPMVZ~1.PPT")) returned 1 [0216.226] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f5e8ae0, ftCreationTime.dwHighDateTime=0x1d820ee, ftLastAccessTime.dwLowDateTime=0xcc38e040, ftLastAccessTime.dwHighDateTime=0x1d822c9, ftLastWriteTime.dwLowDateTime=0xcc38e040, ftLastWriteTime.dwHighDateTime=0x1d822c9, nFileSizeHigh=0x0, nFileSizeLow=0x13d44, dwReserved0=0x0, dwReserved1=0x0, cFileName="G-GX1bLPx.docx", cAlternateFileName="G-GX1B~1.DOC")) returned 1 [0216.226] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x95adc1c0, ftCreationTime.dwHighDateTime=0x1d81faf, ftLastAccessTime.dwLowDateTime=0xc8c17ed0, ftLastAccessTime.dwHighDateTime=0x1d82892, ftLastWriteTime.dwLowDateTime=0xc8c17ed0, ftLastWriteTime.dwHighDateTime=0x1d82892, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="kJDkYulv7yXLvXMz", cAlternateFileName="KJDKYU~1")) returned 1 [0216.226] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe71e1960, ftCreationTime.dwHighDateTime=0x1d8211c, ftLastAccessTime.dwLowDateTime=0x2f0db960, ftLastAccessTime.dwHighDateTime=0x1d829ce, ftLastWriteTime.dwLowDateTime=0x2f0db960, ftLastWriteTime.dwHighDateTime=0x1d829ce, nFileSizeHigh=0x0, nFileSizeLow=0xf141, dwReserved0=0x0, dwReserved1=0x0, cFileName="NrPAwo00v KCQzI0375.xlsx", cAlternateFileName="NRPAWO~1.XLS")) returned 1 [0216.226] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad0c5d60, ftCreationTime.dwHighDateTime=0x1d8261f, ftLastAccessTime.dwLowDateTime=0x21dd3810, ftLastAccessTime.dwHighDateTime=0x1d826bd, ftLastWriteTime.dwLowDateTime=0x21dd3810, ftLastWriteTime.dwHighDateTime=0x1d826bd, nFileSizeHigh=0x0, nFileSizeLow=0x11af2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pl6cEP 9l.xls", cAlternateFileName="PL6CEP~1.XLS")) returned 1 [0216.227] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc78748d0, ftCreationTime.dwHighDateTime=0x1d81e18, ftLastAccessTime.dwLowDateTime=0x7cc99db0, ftLastAccessTime.dwHighDateTime=0x1d8261b, ftLastWriteTime.dwLowDateTime=0x7cc99db0, ftLastWriteTime.dwHighDateTime=0x1d8261b, nFileSizeHigh=0x0, nFileSizeLow=0x163b, dwReserved0=0x0, dwReserved1=0x0, cFileName="T3aXJ7JnmiGblPU5.doc", cAlternateFileName="T3AXJ7~1.DOC")) returned 1 [0216.227] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac5b14a0, ftCreationTime.dwHighDateTime=0x1d81da1, ftLastAccessTime.dwLowDateTime=0x6f84fd10, ftLastAccessTime.dwHighDateTime=0x1d82397, ftLastWriteTime.dwLowDateTime=0x6f84fd10, ftLastWriteTime.dwHighDateTime=0x1d82397, nFileSizeHigh=0x0, nFileSizeLow=0x8c87, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zxb9-KR.xlsx", cAlternateFileName="ZXB9-K~1.XLS")) returned 1 [0216.227] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0216.227] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0216.227] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0216.227] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0216.227] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx", lpFilePart=0x0) returned 0x50 [0216.227] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx", lpFilePart=0x0) returned 0x50 [0216.228] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx", dwFileAttributes=0x80) returned 1 [0216.228] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0216.228] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\brsszdbzol qdvafnlf.pptx"), fInfoLevelId=0x0, lpFileInformation=0x2704c60 | out: lpFileInformation=0x2704c60*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x349b8cb0, ftCreationTime.dwHighDateTime=0x1d8231e, ftLastAccessTime.dwLowDateTime=0xd07226a0, ftLastAccessTime.dwHighDateTime=0x1d82399, ftLastWriteTime.dwLowDateTime=0xd07226a0, ftLastWriteTime.dwHighDateTime=0x1d82399, nFileSizeHigh=0x0, nFileSizeLow=0x1839)) returned 1 [0216.228] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0216.228] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx", lpFilePart=0x0) returned 0x50 [0216.228] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0216.228] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\brsszdbzol qdvafnlf.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0216.228] GetFileType (hFile=0x1f4) returned 0x1 [0216.228] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0216.229] GetFileType (hFile=0x1f4) returned 0x1 [0216.229] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x1839 [0216.229] ReadFile (in: hFile=0x1f4, lpBuffer=0x27051d0, nNumberOfBytesToRead=0x1839, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x27051d0*, lpNumberOfBytesRead=0x14ec88*=0x1839, lpOverlapped=0x0) returned 1 [0216.230] CloseHandle (hObject=0x1f4) returned 1 [0216.652] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx", lpFilePart=0x0) returned 0x50 [0216.652] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0216.652] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\brsszdbzol qdvafnlf.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0216.654] GetFileType (hFile=0x1f4) returned 0x1 [0216.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0216.654] GetFileType (hFile=0x1f4) returned 0x1 [0216.654] WriteFile (in: hFile=0x1f4, lpBuffer=0x25920b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25920b8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0216.655] WriteFile (in: hFile=0x1f4, lpBuffer=0x25920b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14eb68, lpOverlapped=0x0 | out: lpBuffer=0x25920b8*, lpNumberOfBytesWritten=0x14eb68*=0x1000, lpOverlapped=0x0) returned 1 [0216.655] WriteFile (in: hFile=0x1f4, lpBuffer=0x25920b8*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x25920b8*, lpNumberOfBytesWritten=0x14eb48*=0x120, lpOverlapped=0x0) returned 1 [0216.656] CloseHandle (hObject=0x1f4) returned 1 [0216.657] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx", lpFilePart=0x0) returned 0x50 [0216.658] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx.ampkcz", lpFilePart=0x0) returned 0x57 [0216.658] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0216.658] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\brsszdbzol qdvafnlf.pptx"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x349b8cb0, ftCreationTime.dwHighDateTime=0x1d8231e, ftLastAccessTime.dwLowDateTime=0xd07226a0, ftLastAccessTime.dwHighDateTime=0x1d82399, ftLastWriteTime.dwLowDateTime=0x6f89f8f8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2120)) returned 1 [0216.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0216.658] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\brsszdbzol qdvafnlf.pptx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\bRsSZdBZoL qdvafNLF.pptx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\brsszdbzol qdvafnlf.pptx.ampkcz")) returned 1 [0216.659] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\readme.txt", lpFilePart=0x0) returned 0x42 [0216.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb50) returned 1 [0216.659] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0216.659] GetFileType (hFile=0x1f4) returned 0x1 [0216.659] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eac0) returned 1 [0216.659] GetFileType (hFile=0x1f4) returned 0x1 [0216.660] WriteFile (in: hFile=0x1f4, lpBuffer=0x25953d0*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ebf8, lpOverlapped=0x0 | out: lpBuffer=0x25953d0*, lpNumberOfBytesWritten=0x14ebf8*=0x6c6, lpOverlapped=0x0) returned 1 [0216.662] CloseHandle (hObject=0x1f4) returned 1 [0216.662] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx", lpFilePart=0x0) returned 0x50 [0216.662] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx", lpFilePart=0x0) returned 0x50 [0216.662] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx", dwFileAttributes=0x80) returned 1 [0216.663] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0216.663] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\fipmvzufqtw5hpbrq_z.pptx"), fInfoLevelId=0x0, lpFileInformation=0x2596df8 | out: lpFileInformation=0x2596df8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x50584240, ftCreationTime.dwHighDateTime=0x1d81ecd, ftLastAccessTime.dwLowDateTime=0xd309da60, ftLastAccessTime.dwHighDateTime=0x1d825bb, ftLastWriteTime.dwLowDateTime=0xd309da60, ftLastWriteTime.dwHighDateTime=0x1d825bb, nFileSizeHigh=0x0, nFileSizeLow=0xd4d3)) returned 1 [0216.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0216.663] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx", lpFilePart=0x0) returned 0x50 [0216.663] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0216.663] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\fipmvzufqtw5hpbrq_z.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0216.663] GetFileType (hFile=0x1f4) returned 0x1 [0216.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0216.663] GetFileType (hFile=0x1f4) returned 0x1 [0216.663] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0xd4d3 [0216.663] ReadFile (in: hFile=0x1f4, lpBuffer=0x2597368, nNumberOfBytesToRead=0xd4d3, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x2597368*, lpNumberOfBytesRead=0x14ec88*=0xd4d3, lpOverlapped=0x0) returned 1 [0216.665] CloseHandle (hObject=0x1f4) returned 1 [0216.973] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx", lpFilePart=0x0) returned 0x50 [0216.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0216.973] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\fipmvzufqtw5hpbrq_z.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0216.974] GetFileType (hFile=0x1f4) returned 0x1 [0216.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0216.974] GetFileType (hFile=0x1f4) returned 0x1 [0216.974] WriteFile (in: hFile=0x1f4, lpBuffer=0x2645bc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2645bc0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0216.976] WriteFile (in: hFile=0x1f4, lpBuffer=0x2645bc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2645bc0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0216.976] WriteFile (in: hFile=0x1f4, lpBuffer=0x2645bc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2645bc0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0216.977] WriteFile (in: hFile=0x1f4, lpBuffer=0x2645bc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2645bc0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0216.977] WriteFile (in: hFile=0x1f4, lpBuffer=0x2645bc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2645bc0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0216.977] WriteFile (in: hFile=0x1f4, lpBuffer=0x2645bc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2645bc0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0216.978] WriteFile (in: hFile=0x1f4, lpBuffer=0x2645bc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2645bc0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0216.978] WriteFile (in: hFile=0x1f4, lpBuffer=0x2645bc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2645bc0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0216.978] WriteFile (in: hFile=0x1f4, lpBuffer=0x2645bc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2645bc0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0216.979] WriteFile (in: hFile=0x1f4, lpBuffer=0x2645bc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2645bc0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0216.979] WriteFile (in: hFile=0x1f4, lpBuffer=0x2645bc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2645bc0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0216.979] WriteFile (in: hFile=0x1f4, lpBuffer=0x2645bc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2645bc0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0216.980] WriteFile (in: hFile=0x1f4, lpBuffer=0x2645bc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2645bc0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0216.980] WriteFile (in: hFile=0x1f4, lpBuffer=0x2645bc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2645bc0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0216.980] WriteFile (in: hFile=0x1f4, lpBuffer=0x2645bc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2645bc0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0216.981] WriteFile (in: hFile=0x1f4, lpBuffer=0x2645bc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2645bc0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0216.981] WriteFile (in: hFile=0x1f4, lpBuffer=0x2645bc0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2645bc0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0216.982] WriteFile (in: hFile=0x1f4, lpBuffer=0x2645bc0*, nNumberOfBytesToWrite=0xca0, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x2645bc0*, lpNumberOfBytesWritten=0x14eb48*=0xca0, lpOverlapped=0x0) returned 1 [0216.982] CloseHandle (hObject=0x1f4) returned 1 [0216.984] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx", lpFilePart=0x0) returned 0x50 [0216.985] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx.ampkcz", lpFilePart=0x0) returned 0x57 [0216.985] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0216.985] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\fipmvzufqtw5hpbrq_z.pptx"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50584240, ftCreationTime.dwHighDateTime=0x1d81ecd, ftLastAccessTime.dwLowDateTime=0xd309da60, ftLastAccessTime.dwHighDateTime=0x1d825bb, ftLastWriteTime.dwLowDateTime=0x6fbbe232, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x11ca0)) returned 1 [0216.985] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0216.985] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\fipmvzufqtw5hpbrq_z.pptx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\FiPmvzuFqtW5HPbrQ_Z.pptx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\fipmvzufqtw5hpbrq_z.pptx.ampkcz")) returned 1 [0216.988] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx", lpFilePart=0x0) returned 0x46 [0216.988] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx", lpFilePart=0x0) returned 0x46 [0216.988] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx", dwFileAttributes=0x80) returned 1 [0216.989] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0216.989] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\g-gx1blpx.docx"), fInfoLevelId=0x0, lpFileInformation=0x2647018 | out: lpFileInformation=0x2647018*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2f5e8ae0, ftCreationTime.dwHighDateTime=0x1d820ee, ftLastAccessTime.dwLowDateTime=0xcc38e040, ftLastAccessTime.dwHighDateTime=0x1d822c9, ftLastWriteTime.dwLowDateTime=0xcc38e040, ftLastWriteTime.dwHighDateTime=0x1d822c9, nFileSizeHigh=0x0, nFileSizeLow=0x13d44)) returned 1 [0216.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0216.989] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx", lpFilePart=0x0) returned 0x46 [0216.989] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0216.989] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\g-gx1blpx.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0216.989] GetFileType (hFile=0x1f4) returned 0x1 [0216.989] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0216.989] GetFileType (hFile=0x1f4) returned 0x1 [0216.989] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x13d44 [0216.989] ReadFile (in: hFile=0x1f4, lpBuffer=0x2647510, nNumberOfBytesToRead=0x13d44, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x2647510*, lpNumberOfBytesRead=0x14ec88*=0x13d44, lpOverlapped=0x0) returned 1 [0216.991] CloseHandle (hObject=0x1f4) returned 1 [0217.338] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx", lpFilePart=0x0) returned 0x46 [0217.338] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0217.338] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\g-gx1blpx.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0217.340] GetFileType (hFile=0x1f4) returned 0x1 [0217.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0217.340] GetFileType (hFile=0x1f4) returned 0x1 [0217.340] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.341] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.342] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.342] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.342] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.343] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.343] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.343] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.344] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.344] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.344] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.345] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.345] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.345] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.346] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.346] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.346] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.347] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.347] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.347] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.347] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.348] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.348] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.349] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.349] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.349] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.350] WriteFile (in: hFile=0x1f4, lpBuffer=0x270fef8*, nNumberOfBytesToWrite=0x7e0, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x270fef8*, lpNumberOfBytesWritten=0x14eb48*=0x7e0, lpOverlapped=0x0) returned 1 [0217.350] CloseHandle (hObject=0x1f4) returned 1 [0217.354] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx", lpFilePart=0x0) returned 0x46 [0217.354] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx.ampkcz", lpFilePart=0x0) returned 0x4d [0217.354] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0217.354] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\g-gx1blpx.docx"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f5e8ae0, ftCreationTime.dwHighDateTime=0x1d820ee, ftLastAccessTime.dwLowDateTime=0xcc38e040, ftLastAccessTime.dwHighDateTime=0x1d822c9, ftLastWriteTime.dwLowDateTime=0x6ff43f29, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a7e0)) returned 1 [0217.354] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0217.354] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\g-gx1blpx.docx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\G-GX1bLPx.docx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\g-gx1blpx.docx.ampkcz")) returned 1 [0217.360] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx", lpFilePart=0x0) returned 0x50 [0217.360] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx", lpFilePart=0x0) returned 0x50 [0217.360] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx", dwFileAttributes=0x80) returned 1 [0217.360] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0217.360] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\nrpawo00v kcqzi0375.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x2711380 | out: lpFileInformation=0x2711380*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe71e1960, ftCreationTime.dwHighDateTime=0x1d8211c, ftLastAccessTime.dwLowDateTime=0x2f0db960, ftLastAccessTime.dwHighDateTime=0x1d829ce, ftLastWriteTime.dwLowDateTime=0x2f0db960, ftLastWriteTime.dwHighDateTime=0x1d829ce, nFileSizeHigh=0x0, nFileSizeLow=0xf141)) returned 1 [0217.360] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0217.360] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx", lpFilePart=0x0) returned 0x50 [0217.360] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0217.360] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\nrpawo00v kcqzi0375.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0217.361] GetFileType (hFile=0x1f4) returned 0x1 [0217.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0217.361] GetFileType (hFile=0x1f4) returned 0x1 [0217.361] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0xf141 [0217.361] ReadFile (in: hFile=0x1f4, lpBuffer=0x27118f0, nNumberOfBytesToRead=0xf141, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x27118f0*, lpNumberOfBytesRead=0x14ec88*=0xf141, lpOverlapped=0x0) returned 1 [0217.362] CloseHandle (hObject=0x1f4) returned 1 [0217.741] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx", lpFilePart=0x0) returned 0x50 [0217.741] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0217.741] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\nrpawo00v kcqzi0375.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0217.743] GetFileType (hFile=0x1f4) returned 0x1 [0217.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0217.743] GetFileType (hFile=0x1f4) returned 0x1 [0217.743] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.744] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.744] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.745] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.745] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.745] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.746] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.746] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.747] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.747] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.747] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.748] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.748] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.748] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.749] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.749] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.749] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.750] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.750] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0217.750] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14eb68, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14eb68*=0x1000, lpOverlapped=0x0) returned 1 [0217.751] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d9ba0*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x25d9ba0*, lpNumberOfBytesWritten=0x14eb48*=0x288, lpOverlapped=0x0) returned 1 [0217.751] CloseHandle (hObject=0x1f4) returned 1 [0217.755] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx", lpFilePart=0x0) returned 0x50 [0217.755] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx.ampkcz", lpFilePart=0x0) returned 0x57 [0217.755] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0217.755] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\nrpawo00v kcqzi0375.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe71e1960, ftCreationTime.dwHighDateTime=0x1d8211c, ftLastAccessTime.dwLowDateTime=0x2f0db960, ftLastAccessTime.dwHighDateTime=0x1d829ce, ftLastWriteTime.dwLowDateTime=0x70315f96, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x14288)) returned 1 [0217.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0217.755] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\nrpawo00v kcqzi0375.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\NrPAwo00v KCQzI0375.xlsx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\nrpawo00v kcqzi0375.xlsx.ampkcz")) returned 1 [0217.756] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls", lpFilePart=0x0) returned 0x45 [0217.756] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls", lpFilePart=0x0) returned 0x45 [0217.756] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls", dwFileAttributes=0x80) returned 1 [0217.757] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0217.757] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\pl6cep 9l.xls"), fInfoLevelId=0x0, lpFileInformation=0x25db020 | out: lpFileInformation=0x25db020*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xad0c5d60, ftCreationTime.dwHighDateTime=0x1d8261f, ftLastAccessTime.dwLowDateTime=0x21dd3810, ftLastAccessTime.dwHighDateTime=0x1d826bd, ftLastWriteTime.dwLowDateTime=0x21dd3810, ftLastWriteTime.dwHighDateTime=0x1d826bd, nFileSizeHigh=0x0, nFileSizeLow=0x11af2)) returned 1 [0217.757] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0217.757] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls", lpFilePart=0x0) returned 0x45 [0217.757] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0217.757] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\pl6cep 9l.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0217.757] GetFileType (hFile=0x1f4) returned 0x1 [0217.757] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0217.757] GetFileType (hFile=0x1f4) returned 0x1 [0217.757] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x11af2 [0217.757] ReadFile (in: hFile=0x1f4, lpBuffer=0x25db518, nNumberOfBytesToRead=0x11af2, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x25db518*, lpNumberOfBytesRead=0x14ec88*=0x11af2, lpOverlapped=0x0) returned 1 [0217.814] CloseHandle (hObject=0x1f4) returned 1 [0218.290] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls", lpFilePart=0x0) returned 0x45 [0218.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0218.290] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\pl6cep 9l.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0218.291] GetFileType (hFile=0x1f4) returned 0x1 [0218.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0218.292] GetFileType (hFile=0x1f4) returned 0x1 [0218.292] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.294] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.294] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.294] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.295] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.295] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.295] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.296] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.296] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.296] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.297] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.297] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.306] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.306] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.307] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.307] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.307] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.308] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.308] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.308] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.309] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.309] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.309] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.310] WriteFile (in: hFile=0x1f4, lpBuffer=0x2531b50*, nNumberOfBytesToWrite=0xa20, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x2531b50*, lpNumberOfBytesWritten=0x14eb48*=0xa20, lpOverlapped=0x0) returned 1 [0218.310] CloseHandle (hObject=0x1f4) returned 1 [0218.314] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls", lpFilePart=0x0) returned 0x45 [0218.314] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls.ampkcz", lpFilePart=0x0) returned 0x4c [0218.314] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0218.314] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\pl6cep 9l.xls"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad0c5d60, ftCreationTime.dwHighDateTime=0x1d8261f, ftLastAccessTime.dwLowDateTime=0x21dd3810, ftLastAccessTime.dwHighDateTime=0x1d826bd, ftLastWriteTime.dwLowDateTime=0x70865fe9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x17a20)) returned 1 [0218.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0218.314] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\pl6cep 9l.xls"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Pl6cEP 9l.xls.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\pl6cep 9l.xls.ampkcz")) returned 1 [0218.315] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc", lpFilePart=0x0) returned 0x4c [0218.315] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc", lpFilePart=0x0) returned 0x4c [0218.315] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc", dwFileAttributes=0x80) returned 1 [0218.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0218.315] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\t3axj7jnmigblpu5.doc"), fInfoLevelId=0x0, lpFileInformation=0x2532f58 | out: lpFileInformation=0x2532f58*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc78748d0, ftCreationTime.dwHighDateTime=0x1d81e18, ftLastAccessTime.dwLowDateTime=0x7cc99db0, ftLastAccessTime.dwHighDateTime=0x1d8261b, ftLastWriteTime.dwLowDateTime=0x7cc99db0, ftLastWriteTime.dwHighDateTime=0x1d8261b, nFileSizeHigh=0x0, nFileSizeLow=0x163b)) returned 1 [0218.315] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0218.315] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc", lpFilePart=0x0) returned 0x4c [0218.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0218.315] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\t3axj7jnmigblpu5.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0218.316] GetFileType (hFile=0x1f4) returned 0x1 [0218.316] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0218.316] GetFileType (hFile=0x1f4) returned 0x1 [0218.316] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x163b [0218.316] ReadFile (in: hFile=0x1f4, lpBuffer=0x25334a0, nNumberOfBytesToRead=0x163b, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x25334a0*, lpNumberOfBytesRead=0x14ec88*=0x163b, lpOverlapped=0x0) returned 1 [0218.317] CloseHandle (hObject=0x1f4) returned 1 [0218.635] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc", lpFilePart=0x0) returned 0x4c [0218.635] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0218.636] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\t3axj7jnmigblpu5.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0218.637] GetFileType (hFile=0x1f4) returned 0x1 [0218.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0218.637] GetFileType (hFile=0x1f4) returned 0x1 [0218.637] WriteFile (in: hFile=0x1f4, lpBuffer=0x25bc760*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25bc760*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0218.638] WriteFile (in: hFile=0x1f4, lpBuffer=0x25bc760*, nNumberOfBytesToWrite=0xe74, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x25bc760*, lpNumberOfBytesWritten=0x14eb48*=0xe74, lpOverlapped=0x0) returned 1 [0218.638] CloseHandle (hObject=0x1f4) returned 1 [0218.640] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc", lpFilePart=0x0) returned 0x4c [0218.640] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc.ampkcz", lpFilePart=0x0) returned 0x53 [0218.640] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0218.640] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\t3axj7jnmigblpu5.doc"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc78748d0, ftCreationTime.dwHighDateTime=0x1d81e18, ftLastAccessTime.dwLowDateTime=0x7cc99db0, ftLastAccessTime.dwHighDateTime=0x1d8261b, ftLastWriteTime.dwLowDateTime=0x70b88b19, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1e74)) returned 1 [0218.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0218.641] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\t3axj7jnmigblpu5.doc"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\T3aXJ7JnmiGblPU5.doc.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\t3axj7jnmigblpu5.doc.ampkcz")) returned 1 [0218.642] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx", lpFilePart=0x0) returned 0x44 [0218.642] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx", lpFilePart=0x0) returned 0x44 [0218.642] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx", dwFileAttributes=0x80) returned 1 [0218.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0218.642] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\zxb9-kr.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x25bdbf0 | out: lpFileInformation=0x25bdbf0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xac5b14a0, ftCreationTime.dwHighDateTime=0x1d81da1, ftLastAccessTime.dwLowDateTime=0x6f84fd10, ftLastAccessTime.dwHighDateTime=0x1d82397, ftLastWriteTime.dwLowDateTime=0x6f84fd10, ftLastWriteTime.dwHighDateTime=0x1d82397, nFileSizeHigh=0x0, nFileSizeLow=0x8c87)) returned 1 [0218.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0218.642] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx", lpFilePart=0x0) returned 0x44 [0218.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0218.642] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\zxb9-kr.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0218.643] GetFileType (hFile=0x1f4) returned 0x1 [0218.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0218.643] GetFileType (hFile=0x1f4) returned 0x1 [0218.643] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x8c87 [0218.643] ReadFile (in: hFile=0x1f4, lpBuffer=0x25be0e8, nNumberOfBytesToRead=0x8c87, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x25be0e8*, lpNumberOfBytesRead=0x14ec88*=0x8c87, lpOverlapped=0x0) returned 1 [0218.644] CloseHandle (hObject=0x1f4) returned 1 [0219.040] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx", lpFilePart=0x0) returned 0x44 [0219.040] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0219.040] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\zxb9-kr.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0219.041] GetFileType (hFile=0x1f4) returned 0x1 [0219.041] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0219.041] GetFileType (hFile=0x1f4) returned 0x1 [0219.042] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c0e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c0e8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0219.043] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c0e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c0e8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0219.043] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c0e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c0e8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0219.043] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c0e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c0e8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0219.044] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c0e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c0e8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0219.045] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c0e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c0e8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0219.045] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c0e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c0e8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0219.046] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c0e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c0e8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0219.046] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c0e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c0e8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0219.046] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c0e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c0e8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0219.047] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c0e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c0e8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0219.047] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c0e8*, nNumberOfBytesToWrite=0xc34, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x266c0e8*, lpNumberOfBytesWritten=0x14eb48*=0xc34, lpOverlapped=0x0) returned 1 [0219.047] CloseHandle (hObject=0x1f4) returned 1 [0219.050] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx", lpFilePart=0x0) returned 0x44 [0219.050] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx.ampkcz", lpFilePart=0x0) returned 0x4b [0219.050] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0219.050] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\zxb9-kr.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac5b14a0, ftCreationTime.dwHighDateTime=0x1d81da1, ftLastAccessTime.dwLowDateTime=0x6f84fd10, ftLastAccessTime.dwHighDateTime=0x1d82397, ftLastWriteTime.dwLowDateTime=0x70f712b1, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xbc34)) returned 1 [0219.050] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0219.050] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\zxb9-kr.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\Zxb9-KR.xlsx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\jn3akvsgji\\xqlp\\we3dets\\zxb9-kr.xlsx.ampkcz")) returned 1 [0219.051] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0219.051] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs", lpFilePart=0x0) returned 0x37 [0219.051] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\", lpFilePart=0x0) returned 0x38 [0219.051] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69bfa190, ftCreationTime.dwHighDateTime=0x1d81e6b, ftLastAccessTime.dwLowDateTime=0x70f72e1c, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x70f72e1c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0219.052] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x69bfa190, ftCreationTime.dwHighDateTime=0x1d81e6b, ftLastAccessTime.dwLowDateTime=0x70f72e1c, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x70f72e1c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0219.052] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x349b8cb0, ftCreationTime.dwHighDateTime=0x1d8231e, ftLastAccessTime.dwLowDateTime=0xd07226a0, ftLastAccessTime.dwHighDateTime=0x1d82399, ftLastWriteTime.dwLowDateTime=0x6f89f8f8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2120, dwReserved0=0x0, dwReserved1=0x0, cFileName="bRsSZdBZoL qdvafNLF.pptx.ampkcz", cAlternateFileName="BRSSZD~1.AMP")) returned 1 [0219.052] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x50584240, ftCreationTime.dwHighDateTime=0x1d81ecd, ftLastAccessTime.dwLowDateTime=0xd309da60, ftLastAccessTime.dwHighDateTime=0x1d825bb, ftLastWriteTime.dwLowDateTime=0x6fbbe232, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x11ca0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FiPmvzuFqtW5HPbrQ_Z.pptx.ampkcz", cAlternateFileName="FIPMVZ~1.AMP")) returned 1 [0219.052] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f5e8ae0, ftCreationTime.dwHighDateTime=0x1d820ee, ftLastAccessTime.dwLowDateTime=0xcc38e040, ftLastAccessTime.dwHighDateTime=0x1d822c9, ftLastWriteTime.dwLowDateTime=0x6ff43f29, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a7e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="G-GX1bLPx.docx.ampkcz", cAlternateFileName="G-GX1B~1.AMP")) returned 1 [0219.052] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x95adc1c0, ftCreationTime.dwHighDateTime=0x1d81faf, ftLastAccessTime.dwLowDateTime=0xc8c17ed0, ftLastAccessTime.dwHighDateTime=0x1d82892, ftLastWriteTime.dwLowDateTime=0xc8c17ed0, ftLastWriteTime.dwHighDateTime=0x1d82892, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="kJDkYulv7yXLvXMz", cAlternateFileName="KJDKYU~1")) returned 1 [0219.053] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe71e1960, ftCreationTime.dwHighDateTime=0x1d8211c, ftLastAccessTime.dwLowDateTime=0x2f0db960, ftLastAccessTime.dwHighDateTime=0x1d829ce, ftLastWriteTime.dwLowDateTime=0x70315f96, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x14288, dwReserved0=0x0, dwReserved1=0x0, cFileName="NrPAwo00v KCQzI0375.xlsx.ampkcz", cAlternateFileName="NRPAWO~1.AMP")) returned 1 [0219.053] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad0c5d60, ftCreationTime.dwHighDateTime=0x1d8261f, ftLastAccessTime.dwLowDateTime=0x21dd3810, ftLastAccessTime.dwHighDateTime=0x1d826bd, ftLastWriteTime.dwLowDateTime=0x70865fe9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x17a20, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pl6cEP 9l.xls.ampkcz", cAlternateFileName="PL6CEP~1.AMP")) returned 1 [0219.053] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f8a3cb5, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x6f8a3cb5, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x6f8a9e49, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0219.053] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc78748d0, ftCreationTime.dwHighDateTime=0x1d81e18, ftLastAccessTime.dwLowDateTime=0x7cc99db0, ftLastAccessTime.dwHighDateTime=0x1d8261b, ftLastWriteTime.dwLowDateTime=0x70b88b19, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="T3aXJ7JnmiGblPU5.doc.ampkcz", cAlternateFileName="T3AXJ7~1.AMP")) returned 1 [0219.053] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac5b14a0, ftCreationTime.dwHighDateTime=0x1d81da1, ftLastAccessTime.dwLowDateTime=0x6f84fd10, ftLastAccessTime.dwHighDateTime=0x1d82397, ftLastWriteTime.dwLowDateTime=0x70f712b1, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xbc34, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zxb9-KR.xlsx.ampkcz", cAlternateFileName="ZXB9-K~1.AMP")) returned 1 [0219.053] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac5b14a0, ftCreationTime.dwHighDateTime=0x1d81da1, ftLastAccessTime.dwLowDateTime=0x6f84fd10, ftLastAccessTime.dwHighDateTime=0x1d82397, ftLastWriteTime.dwLowDateTime=0x70f712b1, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xbc34, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zxb9-KR.xlsx.ampkcz", cAlternateFileName="ZXB9-K~1.AMP")) returned 0 [0219.054] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0219.054] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0219.054] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0219.054] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0219.054] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\kJDkYulv7yXLvXMz", nBufferLength=0x105, lpBuffer=0x14e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\kJDkYulv7yXLvXMz", lpFilePart=0x0) returned 0x48 [0219.054] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\kJDkYulv7yXLvXMz\\", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\kJDkYulv7yXLvXMz\\", lpFilePart=0x0) returned 0x49 [0219.054] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\kJDkYulv7yXLvXMz\\*", lpFindFileData=0x14e960 | out: lpFindFileData=0x14e960*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x95adc1c0, ftCreationTime.dwHighDateTime=0x1d81faf, ftLastAccessTime.dwLowDateTime=0xc8c17ed0, ftLastAccessTime.dwHighDateTime=0x1d82892, ftLastWriteTime.dwLowDateTime=0xc8c17ed0, ftLastWriteTime.dwHighDateTime=0x1d82892, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0219.054] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x95adc1c0, ftCreationTime.dwHighDateTime=0x1d81faf, ftLastAccessTime.dwLowDateTime=0xc8c17ed0, ftLastAccessTime.dwHighDateTime=0x1d82892, ftLastWriteTime.dwLowDateTime=0xc8c17ed0, ftLastWriteTime.dwHighDateTime=0x1d82892, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0219.055] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x95adc1c0, ftCreationTime.dwHighDateTime=0x1d81faf, ftLastAccessTime.dwLowDateTime=0xc8c17ed0, ftLastAccessTime.dwHighDateTime=0x1d82892, ftLastWriteTime.dwLowDateTime=0xc8c17ed0, ftLastWriteTime.dwHighDateTime=0x1d82892, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0219.055] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0219.055] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0219.055] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebd0) returned 1 [0219.055] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0219.055] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\kJDkYulv7yXLvXMz", nBufferLength=0x105, lpBuffer=0x14e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\kJDkYulv7yXLvXMz", lpFilePart=0x0) returned 0x48 [0219.055] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\kJDkYulv7yXLvXMz\\", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\kJDkYulv7yXLvXMz\\", lpFilePart=0x0) returned 0x49 [0219.055] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\JN3akvSGJi\\xqlp\\We3dETs\\kJDkYulv7yXLvXMz\\*", lpFindFileData=0x14e960 | out: lpFindFileData=0x14e960*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x95adc1c0, ftCreationTime.dwHighDateTime=0x1d81faf, ftLastAccessTime.dwLowDateTime=0xc8c17ed0, ftLastAccessTime.dwHighDateTime=0x1d82892, ftLastWriteTime.dwLowDateTime=0xc8c17ed0, ftLastWriteTime.dwHighDateTime=0x1d82892, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b90 [0219.055] FindNextFileW (in: hFindFile=0x687b90, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x95adc1c0, ftCreationTime.dwHighDateTime=0x1d81faf, ftLastAccessTime.dwLowDateTime=0xc8c17ed0, ftLastAccessTime.dwHighDateTime=0x1d82892, ftLastWriteTime.dwLowDateTime=0xc8c17ed0, ftLastWriteTime.dwHighDateTime=0x1d82892, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0219.056] FindNextFileW (in: hFindFile=0x687b90, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x95adc1c0, ftCreationTime.dwHighDateTime=0x1d81faf, ftLastAccessTime.dwLowDateTime=0xc8c17ed0, ftLastAccessTime.dwHighDateTime=0x1d82892, ftLastWriteTime.dwLowDateTime=0xc8c17ed0, ftLastWriteTime.dwHighDateTime=0x1d82892, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0219.056] FindClose (in: hFindFile=0x687b90 | out: hFindFile=0x687b90) returned 1 [0219.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0219.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebd0) returned 1 [0219.056] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0219.056] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Music", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Music", lpFilePart=0x0) returned 0x28 [0219.056] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Music\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Music\\", lpFilePart=0x0) returned 0x29 [0219.056] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Music\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0219.057] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed40) returned 1 [0219.095] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0219.095] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Pictures", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Pictures", lpFilePart=0x0) returned 0x2b [0219.095] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Pictures\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Pictures\\", lpFilePart=0x0) returned 0x2c [0219.095] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Pictures\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0219.095] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed40) returned 1 [0219.098] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0219.098] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Videos", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Videos", lpFilePart=0x0) returned 0x29 [0219.098] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Videos\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Videos\\", lpFilePart=0x0) returned 0x2a [0219.098] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\My Videos\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffffffffffff [0219.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed40) returned 1 [0219.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0219.101] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files", lpFilePart=0x0) returned 0x2d [0219.101] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\", lpFilePart=0x0) returned 0x2e [0219.101] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63954f0d, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x65ef9a5c, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x878c65f2, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0219.104] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63954f0d, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x65ef9a5c, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x878c65f2, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0219.104] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6397affd, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6397affd, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x878917cb, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x42400, dwReserved0=0x0, dwReserved1=0x0, cFileName="achoo@gdllo.de.pst", cAlternateFileName="ACHOO@~1.PST")) returned 1 [0219.104] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0219.104] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0219.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0219.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0219.108] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst", lpFilePart=0x0) returned 0x40 [0219.108] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst", lpFilePart=0x0) returned 0x40 [0219.108] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst", dwFileAttributes=0x80) returned 1 [0219.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0219.109] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\achoo@gdllo.de.pst"), fInfoLevelId=0x0, lpFileInformation=0x26789a0 | out: lpFileInformation=0x26789a0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6397affd, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6397affd, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x878917cb, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x42400)) returned 1 [0219.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0219.109] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst", lpFilePart=0x0) returned 0x40 [0219.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0219.109] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\achoo@gdllo.de.pst"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0219.109] GetFileType (hFile=0x1f4) returned 0x1 [0219.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0219.109] GetFileType (hFile=0x1f4) returned 0x1 [0219.109] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x42400 [0219.110] ReadFile (in: hFile=0x1f4, lpBuffer=0x125b7918, nNumberOfBytesToRead=0x42400, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x125b7918*, lpNumberOfBytesRead=0x14ed68*=0x42400, lpOverlapped=0x0) returned 1 [0219.122] CloseHandle (hObject=0x1f4) returned 1 [0219.477] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst", lpFilePart=0x0) returned 0x40 [0219.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0219.477] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\achoo@gdllo.de.pst"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0219.480] GetFileType (hFile=0x1f4) returned 0x1 [0219.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0219.480] GetFileType (hFile=0x1f4) returned 0x1 [0219.481] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.482] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.482] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.483] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.483] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.483] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.484] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.484] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.484] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.485] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.485] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.485] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.486] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.486] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.486] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.487] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.487] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.487] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.488] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.488] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.488] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.489] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.489] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.489] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.490] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.490] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.491] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.491] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.491] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.492] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.492] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.493] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.493] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.494] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.494] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.494] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.495] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.502] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.502] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.502] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.503] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.504] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.504] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.505] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.505] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.505] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.506] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.506] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.506] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.507] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.507] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.507] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.508] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.508] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.508] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.509] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.509] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.509] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.510] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.510] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.510] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.510] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.511] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.511] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.511] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.512] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.512] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.512] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.512] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.513] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.513] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.513] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.514] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.514] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.514] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.515] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.515] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.515] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.515] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.515] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.516] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.516] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.516] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.516] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.517] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.517] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.517] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.517] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.518] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f2300*, nNumberOfBytesToWrite=0x634, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26f2300*, lpNumberOfBytesWritten=0x14ec28*=0x634, lpOverlapped=0x0) returned 1 [0219.518] CloseHandle (hObject=0x1f4) returned 1 [0219.529] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst", lpFilePart=0x0) returned 0x40 [0219.529] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst.ampkcz", lpFilePart=0x0) returned 0x47 [0219.529] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0219.529] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\achoo@gdllo.de.pst"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6397affd, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6397affd, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x71401f2f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x58634)) returned 1 [0219.529] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0219.529] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\achoo@gdllo.de.pst"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\achoo@gdllo.de.pst.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\achoo@gdllo.de.pst.ampkcz")) returned 1 [0219.530] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\readme.txt", lpFilePart=0x0) returned 0x38 [0219.531] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0219.531] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\outlook files\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0219.531] GetFileType (hFile=0x1f4) returned 0x1 [0219.531] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0219.531] GetFileType (hFile=0x1f4) returned 0x1 [0219.531] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f5598*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x26f5598*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0219.532] CloseHandle (hObject=0x1f4) returned 1 [0219.533] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0219.533] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files", lpFilePart=0x0) returned 0x2d [0219.533] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\", lpFilePart=0x0) returned 0x2e [0219.533] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Outlook Files\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63954f0d, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x71404563, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x71406d0a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0219.533] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x63954f0d, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x71404563, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x71406d0a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0219.533] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6397affd, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6397affd, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x71401f2f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x58634, dwReserved0=0x0, dwReserved1=0x0, cFileName="achoo@gdllo.de.pst.ampkcz", cAlternateFileName="ACHOO@~1.AMP")) returned 1 [0219.533] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71406d0a, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x71406d0a, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7140a6f3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0219.534] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71406d0a, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x71406d0a, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7140a6f3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0219.534] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0219.534] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0219.534] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0219.534] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0219.534] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8", lpFilePart=0x0) returned 0x2a [0219.534] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\", lpFilePart=0x0) returned 0x2b [0219.534] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc5c4bc10, ftCreationTime.dwHighDateTime=0x1d81b09, ftLastAccessTime.dwLowDateTime=0xb37cd960, ftLastAccessTime.dwHighDateTime=0x1d8278f, ftLastWriteTime.dwLowDateTime=0xb37cd960, ftLastWriteTime.dwHighDateTime=0x1d8278f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0219.534] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc5c4bc10, ftCreationTime.dwHighDateTime=0x1d81b09, ftLastAccessTime.dwLowDateTime=0xb37cd960, ftLastAccessTime.dwHighDateTime=0x1d8278f, ftLastWriteTime.dwLowDateTime=0xb37cd960, ftLastWriteTime.dwHighDateTime=0x1d8278f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0219.535] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x281b56f0, ftCreationTime.dwHighDateTime=0x1d82981, ftLastAccessTime.dwLowDateTime=0x17d234a0, ftLastAccessTime.dwHighDateTime=0x1d82989, ftLastWriteTime.dwLowDateTime=0x17d234a0, ftLastWriteTime.dwHighDateTime=0x1d82989, nFileSizeHigh=0x0, nFileSizeLow=0xe0b3, dwReserved0=0x0, dwReserved1=0x0, cFileName="-K6OWWoFoPzYq-hdIX.pps", cAlternateFileName="-K6OWW~1.PPS")) returned 1 [0219.535] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98474230, ftCreationTime.dwHighDateTime=0x1d81b9a, ftLastAccessTime.dwLowDateTime=0xc9a83af0, ftLastAccessTime.dwHighDateTime=0x1d82806, ftLastWriteTime.dwLowDateTime=0xc9a83af0, ftLastWriteTime.dwHighDateTime=0x1d82806, nFileSizeHigh=0x0, nFileSizeLow=0xb406, dwReserved0=0x0, dwReserved1=0x0, cFileName="3m6IgzrLvSc6-KZCaxw7.rtf", cAlternateFileName="3M6IGZ~1.RTF")) returned 1 [0219.535] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6c00db0, ftCreationTime.dwHighDateTime=0x1d828b2, ftLastAccessTime.dwLowDateTime=0xc4bd8c10, ftLastAccessTime.dwHighDateTime=0x1d8293d, ftLastWriteTime.dwLowDateTime=0xc4bd8c10, ftLastWriteTime.dwHighDateTime=0x1d8293d, nFileSizeHigh=0x0, nFileSizeLow=0x1578b, dwReserved0=0x0, dwReserved1=0x0, cFileName="5mb3rREI7uI1Pp.xls", cAlternateFileName="5MB3RR~1.XLS")) returned 1 [0219.535] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb03fd60, ftCreationTime.dwHighDateTime=0x1d82574, ftLastAccessTime.dwLowDateTime=0x133cae00, ftLastAccessTime.dwHighDateTime=0x1d82878, ftLastWriteTime.dwLowDateTime=0x133cae00, ftLastWriteTime.dwHighDateTime=0x1d82878, nFileSizeHigh=0x0, nFileSizeLow=0x1a82, dwReserved0=0x0, dwReserved1=0x0, cFileName="acXYO1yhB7sJfRK.doc", cAlternateFileName="ACXYO1~1.DOC")) returned 1 [0219.535] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7d36250, ftCreationTime.dwHighDateTime=0x1d81f9f, ftLastAccessTime.dwLowDateTime=0x157f2730, ftLastAccessTime.dwHighDateTime=0x1d82547, ftLastWriteTime.dwLowDateTime=0x157f2730, ftLastWriteTime.dwHighDateTime=0x1d82547, nFileSizeHigh=0x0, nFileSizeLow=0xb2ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="L4-0_ nb.pdf", cAlternateFileName="L4-0_N~1.PDF")) returned 1 [0219.535] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b543b40, ftCreationTime.dwHighDateTime=0x1d82a18, ftLastAccessTime.dwLowDateTime=0xd0118df0, ftLastAccessTime.dwHighDateTime=0x1d82a19, ftLastWriteTime.dwLowDateTime=0xd0118df0, ftLastWriteTime.dwHighDateTime=0x1d82a19, nFileSizeHigh=0x0, nFileSizeLow=0x10f41, dwReserved0=0x0, dwReserved1=0x0, cFileName="oyEU.ots", cAlternateFileName="")) returned 1 [0219.536] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9f1f9540, ftCreationTime.dwHighDateTime=0x1d81f0e, ftLastAccessTime.dwLowDateTime=0x17c56e40, ftLastAccessTime.dwHighDateTime=0x1d82827, ftLastWriteTime.dwLowDateTime=0x17c56e40, ftLastWriteTime.dwHighDateTime=0x1d82827, nFileSizeHigh=0x0, nFileSizeLow=0x9210, dwReserved0=0x0, dwReserved1=0x0, cFileName="tSQ.docx", cAlternateFileName="TSQ~1.DOC")) returned 1 [0219.536] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2805c240, ftCreationTime.dwHighDateTime=0x1d82161, ftLastAccessTime.dwLowDateTime=0x4339c270, ftLastAccessTime.dwHighDateTime=0x1d823f8, ftLastWriteTime.dwLowDateTime=0x4339c270, ftLastWriteTime.dwHighDateTime=0x1d823f8, nFileSizeHigh=0x0, nFileSizeLow=0x14636, dwReserved0=0x0, dwReserved1=0x0, cFileName="v3V2Y3Hpen0RMfAQo.odt", cAlternateFileName="V3V2Y3~1.ODT")) returned 1 [0219.536] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9e66040, ftCreationTime.dwHighDateTime=0x1d82719, ftLastAccessTime.dwLowDateTime=0x3a707430, ftLastAccessTime.dwHighDateTime=0x1d8282c, ftLastWriteTime.dwLowDateTime=0x3a707430, ftLastWriteTime.dwHighDateTime=0x1d8282c, nFileSizeHigh=0x0, nFileSizeLow=0x64db, dwReserved0=0x0, dwReserved1=0x0, cFileName="YKV-eu9e6_ WXh5sqju.pdf", cAlternateFileName="YKV-EU~1.PDF")) returned 1 [0219.536] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0219.536] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0219.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0219.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0219.540] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps", lpFilePart=0x0) returned 0x41 [0219.540] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps", lpFilePart=0x0) returned 0x41 [0219.540] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps", dwFileAttributes=0x80) returned 1 [0219.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0219.541] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\-k6owwofopzyq-hdix.pps"), fInfoLevelId=0x0, lpFileInformation=0x26fb218 | out: lpFileInformation=0x26fb218*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x281b56f0, ftCreationTime.dwHighDateTime=0x1d82981, ftLastAccessTime.dwLowDateTime=0x17d234a0, ftLastAccessTime.dwHighDateTime=0x1d82989, ftLastWriteTime.dwLowDateTime=0x17d234a0, ftLastWriteTime.dwHighDateTime=0x1d82989, nFileSizeHigh=0x0, nFileSizeLow=0xe0b3)) returned 1 [0219.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0219.541] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps", lpFilePart=0x0) returned 0x41 [0219.541] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0219.541] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\-k6owwofopzyq-hdix.pps"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0219.541] GetFileType (hFile=0x1f4) returned 0x1 [0219.541] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0219.541] GetFileType (hFile=0x1f4) returned 0x1 [0219.541] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xe0b3 [0219.542] ReadFile (in: hFile=0x1f4, lpBuffer=0x26fb718, nNumberOfBytesToRead=0xe0b3, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x26fb718*, lpNumberOfBytesRead=0x14ed68*=0xe0b3, lpOverlapped=0x0) returned 1 [0219.543] CloseHandle (hObject=0x1f4) returned 1 [0219.894] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps", lpFilePart=0x0) returned 0x41 [0219.894] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0219.894] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\-k6owwofopzyq-hdix.pps"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0219.895] GetFileType (hFile=0x1f4) returned 0x1 [0219.895] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0219.896] GetFileType (hFile=0x1f4) returned 0x1 [0219.896] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.897] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.897] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.897] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.898] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.898] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.898] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.899] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.899] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.899] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.899] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.900] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.900] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.900] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.901] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.901] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.901] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.902] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0219.902] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ab7d8*, nNumberOfBytesToWrite=0xc74, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25ab7d8*, lpNumberOfBytesWritten=0x14ec28*=0xc74, lpOverlapped=0x0) returned 1 [0219.902] CloseHandle (hObject=0x1f4) returned 1 [0219.906] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps", lpFilePart=0x0) returned 0x41 [0219.906] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps.ampkcz", lpFilePart=0x0) returned 0x48 [0219.906] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0219.906] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\-k6owwofopzyq-hdix.pps"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x281b56f0, ftCreationTime.dwHighDateTime=0x1d82981, ftLastAccessTime.dwLowDateTime=0x17d234a0, ftLastAccessTime.dwHighDateTime=0x1d82989, ftLastWriteTime.dwLowDateTime=0x7179a44a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x12c74)) returned 1 [0219.906] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0219.906] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\-k6owwofopzyq-hdix.pps"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\-K6OWWoFoPzYq-hdIX.pps.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\-k6owwofopzyq-hdix.pps.ampkcz")) returned 1 [0219.907] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\readme.txt", lpFilePart=0x0) returned 0x35 [0219.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0219.907] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0219.907] GetFileType (hFile=0x1f4) returned 0x1 [0219.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0219.907] GetFileType (hFile=0x1f4) returned 0x1 [0219.908] WriteFile (in: hFile=0x1f4, lpBuffer=0x25aea70*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x25aea70*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0219.910] CloseHandle (hObject=0x1f4) returned 1 [0219.911] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf", lpFilePart=0x0) returned 0x43 [0219.911] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf", lpFilePart=0x0) returned 0x43 [0219.911] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf", dwFileAttributes=0x80) returned 1 [0219.912] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0219.912] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\3m6igzrlvsc6-kzcaxw7.rtf"), fInfoLevelId=0x0, lpFileInformation=0x25b0948 | out: lpFileInformation=0x25b0948*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x98474230, ftCreationTime.dwHighDateTime=0x1d81b9a, ftLastAccessTime.dwLowDateTime=0xc9a83af0, ftLastAccessTime.dwHighDateTime=0x1d82806, ftLastWriteTime.dwLowDateTime=0xc9a83af0, ftLastWriteTime.dwHighDateTime=0x1d82806, nFileSizeHigh=0x0, nFileSizeLow=0xb406)) returned 1 [0219.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0219.912] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf", lpFilePart=0x0) returned 0x43 [0219.912] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0219.912] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\3m6igzrlvsc6-kzcaxw7.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0219.912] GetFileType (hFile=0x1f4) returned 0x1 [0219.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0219.912] GetFileType (hFile=0x1f4) returned 0x1 [0219.912] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xb406 [0219.912] ReadFile (in: hFile=0x1f4, lpBuffer=0x25b0e58, nNumberOfBytesToRead=0xb406, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25b0e58*, lpNumberOfBytesRead=0x14ed68*=0xb406, lpOverlapped=0x0) returned 1 [0219.914] CloseHandle (hObject=0x1f4) returned 1 [0220.315] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf", lpFilePart=0x0) returned 0x43 [0220.315] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0220.315] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\3m6igzrlvsc6-kzcaxw7.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0220.317] GetFileType (hFile=0x1f4) returned 0x1 [0220.317] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0220.317] GetFileType (hFile=0x1f4) returned 0x1 [0220.317] WriteFile (in: hFile=0x1f4, lpBuffer=0x2657350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657350*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.318] WriteFile (in: hFile=0x1f4, lpBuffer=0x2657350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657350*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.319] WriteFile (in: hFile=0x1f4, lpBuffer=0x2657350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657350*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.319] WriteFile (in: hFile=0x1f4, lpBuffer=0x2657350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657350*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.319] WriteFile (in: hFile=0x1f4, lpBuffer=0x2657350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657350*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.320] WriteFile (in: hFile=0x1f4, lpBuffer=0x2657350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657350*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.320] WriteFile (in: hFile=0x1f4, lpBuffer=0x2657350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657350*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.320] WriteFile (in: hFile=0x1f4, lpBuffer=0x2657350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657350*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.321] WriteFile (in: hFile=0x1f4, lpBuffer=0x2657350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657350*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.321] WriteFile (in: hFile=0x1f4, lpBuffer=0x2657350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657350*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.321] WriteFile (in: hFile=0x1f4, lpBuffer=0x2657350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657350*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.322] WriteFile (in: hFile=0x1f4, lpBuffer=0x2657350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657350*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.322] WriteFile (in: hFile=0x1f4, lpBuffer=0x2657350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657350*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.322] WriteFile (in: hFile=0x1f4, lpBuffer=0x2657350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2657350*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.323] WriteFile (in: hFile=0x1f4, lpBuffer=0x2657350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x2657350*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0220.323] WriteFile (in: hFile=0x1f4, lpBuffer=0x2657350*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2657350*, lpNumberOfBytesWritten=0x14ec28*=0xe0, lpOverlapped=0x0) returned 1 [0220.323] CloseHandle (hObject=0x1f4) returned 1 [0220.326] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf", lpFilePart=0x0) returned 0x43 [0220.326] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf.ampkcz", lpFilePart=0x0) returned 0x4a [0220.326] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0220.327] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\3m6igzrlvsc6-kzcaxw7.rtf"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98474230, ftCreationTime.dwHighDateTime=0x1d81b9a, ftLastAccessTime.dwLowDateTime=0xc9a83af0, ftLastAccessTime.dwHighDateTime=0x1d82806, ftLastWriteTime.dwLowDateTime=0x71b9cb96, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xf0e0)) returned 1 [0220.327] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0220.327] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\3m6igzrlvsc6-kzcaxw7.rtf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\3m6IgzrLvSc6-KZCaxw7.rtf.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\3m6igzrlvsc6-kzcaxw7.rtf.ampkcz")) returned 1 [0220.328] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls", lpFilePart=0x0) returned 0x3d [0220.328] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls", lpFilePart=0x0) returned 0x3d [0220.328] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls", dwFileAttributes=0x80) returned 1 [0220.329] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0220.329] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\5mb3rrei7ui1pp.xls"), fInfoLevelId=0x0, lpFileInformation=0x2658788 | out: lpFileInformation=0x2658788*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd6c00db0, ftCreationTime.dwHighDateTime=0x1d828b2, ftLastAccessTime.dwLowDateTime=0xc4bd8c10, ftLastAccessTime.dwHighDateTime=0x1d8293d, ftLastWriteTime.dwLowDateTime=0xc4bd8c10, ftLastWriteTime.dwHighDateTime=0x1d8293d, nFileSizeHigh=0x0, nFileSizeLow=0x1578b)) returned 1 [0220.329] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0220.329] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls", lpFilePart=0x0) returned 0x3d [0220.329] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0220.329] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\5mb3rrei7ui1pp.xls"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0220.330] GetFileType (hFile=0x1f4) returned 0x1 [0220.330] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0220.330] GetFileType (hFile=0x1f4) returned 0x1 [0220.330] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x1578b [0220.330] ReadFile (in: hFile=0x1f4, lpBuffer=0x125e3ee8, nNumberOfBytesToRead=0x1578b, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x125e3ee8*, lpNumberOfBytesRead=0x14ed68*=0x1578b, lpOverlapped=0x0) returned 1 [0220.332] CloseHandle (hObject=0x1f4) returned 1 [0220.679] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls", lpFilePart=0x0) returned 0x3d [0220.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0220.679] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\5mb3rrei7ui1pp.xls"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0220.681] GetFileType (hFile=0x1f4) returned 0x1 [0220.681] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0220.681] GetFileType (hFile=0x1f4) returned 0x1 [0220.681] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.682] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.682] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.683] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.683] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.683] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.684] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.684] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.684] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.684] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.685] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.685] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.685] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.686] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.686] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.686] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.687] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.687] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.687] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.688] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.688] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.688] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.689] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.689] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.690] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.690] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.690] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.691] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0220.691] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d20c0*, nNumberOfBytesToWrite=0xae0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26d20c0*, lpNumberOfBytesWritten=0x14ec28*=0xae0, lpOverlapped=0x0) returned 1 [0220.691] CloseHandle (hObject=0x1f4) returned 1 [0220.696] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls", lpFilePart=0x0) returned 0x3d [0220.696] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls.ampkcz", lpFilePart=0x0) returned 0x44 [0220.696] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0220.696] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\5mb3rrei7ui1pp.xls"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6c00db0, ftCreationTime.dwHighDateTime=0x1d828b2, ftLastAccessTime.dwLowDateTime=0xc4bd8c10, ftLastAccessTime.dwHighDateTime=0x1d8293d, ftLastWriteTime.dwLowDateTime=0x71f238a7, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1cae0)) returned 1 [0220.697] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0220.697] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\5mb3rrei7ui1pp.xls"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\5mb3rREI7uI1Pp.xls.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\5mb3rrei7ui1pp.xls.ampkcz")) returned 1 [0220.698] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc", lpFilePart=0x0) returned 0x3e [0220.698] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc", lpFilePart=0x0) returned 0x3e [0220.698] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc", dwFileAttributes=0x80) returned 1 [0220.699] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0220.699] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\acxyo1yhb7sjfrk.doc"), fInfoLevelId=0x0, lpFileInformation=0x26d3490 | out: lpFileInformation=0x26d3490*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcb03fd60, ftCreationTime.dwHighDateTime=0x1d82574, ftLastAccessTime.dwLowDateTime=0x133cae00, ftLastAccessTime.dwHighDateTime=0x1d82878, ftLastWriteTime.dwLowDateTime=0x133cae00, ftLastWriteTime.dwHighDateTime=0x1d82878, nFileSizeHigh=0x0, nFileSizeLow=0x1a82)) returned 1 [0220.699] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0220.699] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc", lpFilePart=0x0) returned 0x3e [0220.699] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0220.699] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\acxyo1yhb7sjfrk.doc"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0220.699] GetFileType (hFile=0x1f4) returned 0x1 [0220.699] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0220.699] GetFileType (hFile=0x1f4) returned 0x1 [0220.699] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x1a82 [0220.700] ReadFile (in: hFile=0x1f4, lpBuffer=0x26d3968, nNumberOfBytesToRead=0x1a82, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x26d3968*, lpNumberOfBytesRead=0x14ed68*=0x1a82, lpOverlapped=0x0) returned 1 [0220.700] CloseHandle (hObject=0x1f4) returned 1 [0221.038] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc", lpFilePart=0x0) returned 0x3e [0221.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0221.038] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\acxyo1yhb7sjfrk.doc"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0221.040] GetFileType (hFile=0x1f4) returned 0x1 [0221.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0221.040] GetFileType (hFile=0x1f4) returned 0x1 [0221.040] WriteFile (in: hFile=0x1f4, lpBuffer=0x2561e40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2561e40*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.041] WriteFile (in: hFile=0x1f4, lpBuffer=0x2561e40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2561e40*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.042] WriteFile (in: hFile=0x1f4, lpBuffer=0x2561e40*, nNumberOfBytesToWrite=0x434, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2561e40*, lpNumberOfBytesWritten=0x14ec28*=0x434, lpOverlapped=0x0) returned 1 [0221.042] CloseHandle (hObject=0x1f4) returned 1 [0221.044] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc", lpFilePart=0x0) returned 0x3e [0221.044] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc.ampkcz", lpFilePart=0x0) returned 0x45 [0221.044] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0221.044] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\acxyo1yhb7sjfrk.doc"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb03fd60, ftCreationTime.dwHighDateTime=0x1d82574, ftLastAccessTime.dwLowDateTime=0x133cae00, ftLastAccessTime.dwHighDateTime=0x1d82878, ftLastWriteTime.dwLowDateTime=0x722745f0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2434)) returned 1 [0221.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0221.044] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\acxyo1yhb7sjfrk.doc"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\acXYO1yhB7sJfRK.doc.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\acxyo1yhb7sjfrk.doc.ampkcz")) returned 1 [0221.045] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf", lpFilePart=0x0) returned 0x37 [0221.046] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf", lpFilePart=0x0) returned 0x37 [0221.046] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf", dwFileAttributes=0x80) returned 1 [0221.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0221.046] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\l4-0_ nb.pdf"), fInfoLevelId=0x0, lpFileInformation=0x25635a0 | out: lpFileInformation=0x25635a0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc7d36250, ftCreationTime.dwHighDateTime=0x1d81f9f, ftLastAccessTime.dwLowDateTime=0x157f2730, ftLastAccessTime.dwHighDateTime=0x1d82547, ftLastWriteTime.dwLowDateTime=0x157f2730, ftLastWriteTime.dwHighDateTime=0x1d82547, nFileSizeHigh=0x0, nFileSizeLow=0xb2ad)) returned 1 [0221.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0221.046] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf", lpFilePart=0x0) returned 0x37 [0221.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0221.046] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\l4-0_ nb.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0221.046] GetFileType (hFile=0x1f4) returned 0x1 [0221.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0221.046] GetFileType (hFile=0x1f4) returned 0x1 [0221.046] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xb2ad [0221.047] ReadFile (in: hFile=0x1f4, lpBuffer=0x2563a38, nNumberOfBytesToRead=0xb2ad, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2563a38*, lpNumberOfBytesRead=0x14ed68*=0xb2ad, lpOverlapped=0x0) returned 1 [0221.048] CloseHandle (hObject=0x1f4) returned 1 [0221.365] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf", lpFilePart=0x0) returned 0x37 [0221.365] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0221.365] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\l4-0_ nb.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0221.367] GetFileType (hFile=0x1f4) returned 0x1 [0221.367] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0221.367] GetFileType (hFile=0x1f4) returned 0x1 [0221.367] WriteFile (in: hFile=0x1f4, lpBuffer=0x2609980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2609980*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.368] WriteFile (in: hFile=0x1f4, lpBuffer=0x2609980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2609980*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.368] WriteFile (in: hFile=0x1f4, lpBuffer=0x2609980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2609980*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.369] WriteFile (in: hFile=0x1f4, lpBuffer=0x2609980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2609980*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.369] WriteFile (in: hFile=0x1f4, lpBuffer=0x2609980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2609980*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.369] WriteFile (in: hFile=0x1f4, lpBuffer=0x2609980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2609980*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.370] WriteFile (in: hFile=0x1f4, lpBuffer=0x2609980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2609980*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.370] WriteFile (in: hFile=0x1f4, lpBuffer=0x2609980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2609980*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.371] WriteFile (in: hFile=0x1f4, lpBuffer=0x2609980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2609980*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.371] WriteFile (in: hFile=0x1f4, lpBuffer=0x2609980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2609980*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.371] WriteFile (in: hFile=0x1f4, lpBuffer=0x2609980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2609980*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.371] WriteFile (in: hFile=0x1f4, lpBuffer=0x2609980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2609980*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.372] WriteFile (in: hFile=0x1f4, lpBuffer=0x2609980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2609980*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.372] WriteFile (in: hFile=0x1f4, lpBuffer=0x2609980*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2609980*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.373] WriteFile (in: hFile=0x1f4, lpBuffer=0x2609980*, nNumberOfBytesToWrite=0xf08, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2609980*, lpNumberOfBytesWritten=0x14ec28*=0xf08, lpOverlapped=0x0) returned 1 [0221.373] CloseHandle (hObject=0x1f4) returned 1 [0221.375] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf", lpFilePart=0x0) returned 0x37 [0221.375] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf.ampkcz", lpFilePart=0x0) returned 0x3e [0221.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0221.376] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\l4-0_ nb.pdf"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7d36250, ftCreationTime.dwHighDateTime=0x1d81f9f, ftLastAccessTime.dwLowDateTime=0x157f2730, ftLastAccessTime.dwHighDateTime=0x1d82547, ftLastWriteTime.dwLowDateTime=0x7259e42a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xef08)) returned 1 [0221.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0221.376] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\l4-0_ nb.pdf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\L4-0_ nb.pdf.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\l4-0_ nb.pdf.ampkcz")) returned 1 [0221.381] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx", lpFilePart=0x0) returned 0x33 [0221.381] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx", lpFilePart=0x0) returned 0x33 [0221.381] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx", dwFileAttributes=0x80) returned 1 [0221.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0221.382] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\tsq.docx"), fInfoLevelId=0x0, lpFileInformation=0x260d778 | out: lpFileInformation=0x260d778*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x9f1f9540, ftCreationTime.dwHighDateTime=0x1d81f0e, ftLastAccessTime.dwLowDateTime=0x17c56e40, ftLastAccessTime.dwHighDateTime=0x1d82827, ftLastWriteTime.dwLowDateTime=0x17c56e40, ftLastWriteTime.dwHighDateTime=0x1d82827, nFileSizeHigh=0x0, nFileSizeLow=0x9210)) returned 1 [0221.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0221.382] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx", lpFilePart=0x0) returned 0x33 [0221.382] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0221.382] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\tsq.docx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0221.382] GetFileType (hFile=0x1f4) returned 0x1 [0221.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0221.382] GetFileType (hFile=0x1f4) returned 0x1 [0221.382] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x9210 [0221.382] ReadFile (in: hFile=0x1f4, lpBuffer=0x260dbe8, nNumberOfBytesToRead=0x9210, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x260dbe8*, lpNumberOfBytesRead=0x14ed68*=0x9210, lpOverlapped=0x0) returned 1 [0221.383] CloseHandle (hObject=0x1f4) returned 1 [0221.688] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx", lpFilePart=0x0) returned 0x33 [0221.688] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0221.688] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\tsq.docx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0221.689] GetFileType (hFile=0x1f4) returned 0x1 [0221.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0221.690] GetFileType (hFile=0x1f4) returned 0x1 [0221.690] WriteFile (in: hFile=0x1f4, lpBuffer=0x26bdd10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26bdd10*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.691] WriteFile (in: hFile=0x1f4, lpBuffer=0x26bdd10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26bdd10*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.691] WriteFile (in: hFile=0x1f4, lpBuffer=0x26bdd10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26bdd10*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.692] WriteFile (in: hFile=0x1f4, lpBuffer=0x26bdd10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26bdd10*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.692] WriteFile (in: hFile=0x1f4, lpBuffer=0x26bdd10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26bdd10*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.693] WriteFile (in: hFile=0x1f4, lpBuffer=0x26bdd10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26bdd10*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.693] WriteFile (in: hFile=0x1f4, lpBuffer=0x26bdd10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26bdd10*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.693] WriteFile (in: hFile=0x1f4, lpBuffer=0x26bdd10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26bdd10*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.694] WriteFile (in: hFile=0x1f4, lpBuffer=0x26bdd10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26bdd10*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.694] WriteFile (in: hFile=0x1f4, lpBuffer=0x26bdd10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26bdd10*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.694] WriteFile (in: hFile=0x1f4, lpBuffer=0x26bdd10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26bdd10*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0221.694] WriteFile (in: hFile=0x1f4, lpBuffer=0x26bdd10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x26bdd10*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0221.695] WriteFile (in: hFile=0x1f4, lpBuffer=0x26bdd10*, nNumberOfBytesToWrite=0x3a0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26bdd10*, lpNumberOfBytesWritten=0x14ec28*=0x3a0, lpOverlapped=0x0) returned 1 [0221.695] CloseHandle (hObject=0x1f4) returned 1 [0221.697] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx", lpFilePart=0x0) returned 0x33 [0221.698] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx.ampkcz", lpFilePart=0x0) returned 0x3a [0221.698] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0221.698] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\tsq.docx"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9f1f9540, ftCreationTime.dwHighDateTime=0x1d81f0e, ftLastAccessTime.dwLowDateTime=0x17c56e40, ftLastAccessTime.dwHighDateTime=0x1d82827, ftLastWriteTime.dwLowDateTime=0x728b07bf, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc3a0)) returned 1 [0221.698] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0221.698] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\tsq.docx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\tSQ.docx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\tsq.docx.ampkcz")) returned 1 [0221.699] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt", lpFilePart=0x0) returned 0x40 [0221.699] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt", lpFilePart=0x0) returned 0x40 [0221.699] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt", dwFileAttributes=0x80) returned 1 [0221.700] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0221.700] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\v3v2y3hpen0rmfaqo.odt"), fInfoLevelId=0x0, lpFileInformation=0x26bf190 | out: lpFileInformation=0x26bf190*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2805c240, ftCreationTime.dwHighDateTime=0x1d82161, ftLastAccessTime.dwLowDateTime=0x4339c270, ftLastAccessTime.dwHighDateTime=0x1d823f8, ftLastWriteTime.dwLowDateTime=0x4339c270, ftLastWriteTime.dwHighDateTime=0x1d823f8, nFileSizeHigh=0x0, nFileSizeLow=0x14636)) returned 1 [0221.700] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0221.700] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt", lpFilePart=0x0) returned 0x40 [0221.700] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0221.700] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\v3v2y3hpen0rmfaqo.odt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0221.700] GetFileType (hFile=0x1f4) returned 0x1 [0221.700] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0221.701] GetFileType (hFile=0x1f4) returned 0x1 [0221.701] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x14636 [0221.701] ReadFile (in: hFile=0x1f4, lpBuffer=0x26bf690, nNumberOfBytesToRead=0x14636, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x26bf690*, lpNumberOfBytesRead=0x14ed68*=0x14636, lpOverlapped=0x0) returned 1 [0221.702] CloseHandle (hObject=0x1f4) returned 1 [0222.002] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt", lpFilePart=0x0) returned 0x40 [0222.002] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0222.002] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\v3v2y3hpen0rmfaqo.odt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0222.005] GetFileType (hFile=0x1f4) returned 0x1 [0222.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0222.005] GetFileType (hFile=0x1f4) returned 0x1 [0222.005] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.006] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.006] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.007] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.008] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.008] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.009] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.009] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.009] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.010] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.010] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.010] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.011] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.011] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.011] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.012] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.012] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.012] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.013] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.013] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.013] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.015] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.015] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.016] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.016] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.016] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.017] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0222.017] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a26b0*, nNumberOfBytesToWrite=0x3c8, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25a26b0*, lpNumberOfBytesWritten=0x14ec28*=0x3c8, lpOverlapped=0x0) returned 1 [0222.017] CloseHandle (hObject=0x1f4) returned 1 [0222.021] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt", lpFilePart=0x0) returned 0x40 [0222.021] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt.ampkcz", lpFilePart=0x0) returned 0x47 [0222.021] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0222.022] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\v3v2y3hpen0rmfaqo.odt"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2805c240, ftCreationTime.dwHighDateTime=0x1d82161, ftLastAccessTime.dwLowDateTime=0x4339c270, ftLastAccessTime.dwHighDateTime=0x1d823f8, ftLastWriteTime.dwLowDateTime=0x72bc7232, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1b3c8)) returned 1 [0222.022] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0222.022] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\v3v2y3hpen0rmfaqo.odt"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\v3V2Y3Hpen0RMfAQo.odt.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\v3v2y3hpen0rmfaqo.odt.ampkcz")) returned 1 [0222.023] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf", lpFilePart=0x0) returned 0x42 [0222.023] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf", lpFilePart=0x0) returned 0x42 [0222.023] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf", dwFileAttributes=0x80) returned 1 [0222.024] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0222.024] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\ykv-eu9e6_ wxh5sqju.pdf"), fInfoLevelId=0x0, lpFileInformation=0x25a3e28 | out: lpFileInformation=0x25a3e28*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf9e66040, ftCreationTime.dwHighDateTime=0x1d82719, ftLastAccessTime.dwLowDateTime=0x3a707430, ftLastAccessTime.dwHighDateTime=0x1d8282c, ftLastWriteTime.dwLowDateTime=0x3a707430, ftLastWriteTime.dwHighDateTime=0x1d8282c, nFileSizeHigh=0x0, nFileSizeLow=0x64db)) returned 1 [0222.024] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0222.024] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf", lpFilePart=0x0) returned 0x42 [0222.024] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0222.024] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\ykv-eu9e6_ wxh5sqju.pdf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0222.024] GetFileType (hFile=0x1f4) returned 0x1 [0222.024] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0222.024] GetFileType (hFile=0x1f4) returned 0x1 [0222.024] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x64db [0222.024] ReadFile (in: hFile=0x1f4, lpBuffer=0x25a4328, nNumberOfBytesToRead=0x64db, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25a4328*, lpNumberOfBytesRead=0x14ed68*=0x64db, lpOverlapped=0x0) returned 1 [0222.025] CloseHandle (hObject=0x1f4) returned 1 [0222.344] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf", lpFilePart=0x0) returned 0x42 [0222.345] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0222.345] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\ykv-eu9e6_ wxh5sqju.pdf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0222.346] GetFileType (hFile=0x1f4) returned 0x1 [0222.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0222.346] GetFileType (hFile=0x1f4) returned 0x1 [0222.346] WriteFile (in: hFile=0x1f4, lpBuffer=0x26650e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26650e0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.347] WriteFile (in: hFile=0x1f4, lpBuffer=0x26650e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26650e0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.348] WriteFile (in: hFile=0x1f4, lpBuffer=0x26650e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26650e0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.348] WriteFile (in: hFile=0x1f4, lpBuffer=0x26650e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26650e0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.349] WriteFile (in: hFile=0x1f4, lpBuffer=0x26650e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26650e0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.349] WriteFile (in: hFile=0x1f4, lpBuffer=0x26650e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26650e0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.349] WriteFile (in: hFile=0x1f4, lpBuffer=0x26650e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26650e0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.350] WriteFile (in: hFile=0x1f4, lpBuffer=0x26650e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26650e0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0222.350] WriteFile (in: hFile=0x1f4, lpBuffer=0x26650e0*, nNumberOfBytesToWrite=0x748, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26650e0*, lpNumberOfBytesWritten=0x14ec28*=0x748, lpOverlapped=0x0) returned 1 [0222.350] CloseHandle (hObject=0x1f4) returned 1 [0222.353] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf", lpFilePart=0x0) returned 0x42 [0222.353] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf.ampkcz", lpFilePart=0x0) returned 0x49 [0222.353] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0222.353] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\ykv-eu9e6_ wxh5sqju.pdf"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9e66040, ftCreationTime.dwHighDateTime=0x1d82719, ftLastAccessTime.dwLowDateTime=0x3a707430, ftLastAccessTime.dwHighDateTime=0x1d8282c, ftLastWriteTime.dwLowDateTime=0x72ef0329, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8748)) returned 1 [0222.353] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0222.353] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\ykv-eu9e6_ wxh5sqju.pdf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\YKV-eu9e6_ WXh5sqju.pdf.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\documents\\yvp 2zoqn8\\ykv-eu9e6_ wxh5sqju.pdf.ampkcz")) returned 1 [0222.354] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0222.354] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8", lpFilePart=0x0) returned 0x2a [0222.354] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\", lpFilePart=0x0) returned 0x2b [0222.354] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Documents\\Yvp 2zOqN8\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc5c4bc10, ftCreationTime.dwHighDateTime=0x1d81b09, ftLastAccessTime.dwLowDateTime=0x72ef27c9, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x72ef27c9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0222.354] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc5c4bc10, ftCreationTime.dwHighDateTime=0x1d81b09, ftLastAccessTime.dwLowDateTime=0x72ef27c9, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x72ef27c9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0222.355] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x281b56f0, ftCreationTime.dwHighDateTime=0x1d82981, ftLastAccessTime.dwLowDateTime=0x17d234a0, ftLastAccessTime.dwHighDateTime=0x1d82989, ftLastWriteTime.dwLowDateTime=0x7179a44a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x12c74, dwReserved0=0x0, dwReserved1=0x0, cFileName="-K6OWWoFoPzYq-hdIX.pps.ampkcz", cAlternateFileName="-K6OWW~1.AMP")) returned 1 [0222.355] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98474230, ftCreationTime.dwHighDateTime=0x1d81b9a, ftLastAccessTime.dwLowDateTime=0xc9a83af0, ftLastAccessTime.dwHighDateTime=0x1d82806, ftLastWriteTime.dwLowDateTime=0x71b9cb96, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xf0e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3m6IgzrLvSc6-KZCaxw7.rtf.ampkcz", cAlternateFileName="3M6IGZ~1.AMP")) returned 1 [0222.355] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd6c00db0, ftCreationTime.dwHighDateTime=0x1d828b2, ftLastAccessTime.dwLowDateTime=0xc4bd8c10, ftLastAccessTime.dwHighDateTime=0x1d8293d, ftLastWriteTime.dwLowDateTime=0x71f238a7, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1cae0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5mb3rREI7uI1Pp.xls.ampkcz", cAlternateFileName="5MB3RR~1.AMP")) returned 1 [0222.355] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb03fd60, ftCreationTime.dwHighDateTime=0x1d82574, ftLastAccessTime.dwLowDateTime=0x133cae00, ftLastAccessTime.dwHighDateTime=0x1d82878, ftLastWriteTime.dwLowDateTime=0x722745f0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2434, dwReserved0=0x0, dwReserved1=0x0, cFileName="acXYO1yhB7sJfRK.doc.ampkcz", cAlternateFileName="ACXYO1~1.AMP")) returned 1 [0222.355] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc7d36250, ftCreationTime.dwHighDateTime=0x1d81f9f, ftLastAccessTime.dwLowDateTime=0x157f2730, ftLastAccessTime.dwHighDateTime=0x1d82547, ftLastWriteTime.dwLowDateTime=0x7259e42a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xef08, dwReserved0=0x0, dwReserved1=0x0, cFileName="L4-0_ nb.pdf.ampkcz", cAlternateFileName="L4-0_N~1.AMP")) returned 1 [0222.356] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b543b40, ftCreationTime.dwHighDateTime=0x1d82a18, ftLastAccessTime.dwLowDateTime=0xd0118df0, ftLastAccessTime.dwHighDateTime=0x1d82a19, ftLastWriteTime.dwLowDateTime=0xd0118df0, ftLastWriteTime.dwHighDateTime=0x1d82a19, nFileSizeHigh=0x0, nFileSizeLow=0x10f41, dwReserved0=0x0, dwReserved1=0x0, cFileName="oyEU.ots", cAlternateFileName="")) returned 1 [0222.356] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7179df4b, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x7179df4b, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x717a40d2, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0222.356] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9f1f9540, ftCreationTime.dwHighDateTime=0x1d81f0e, ftLastAccessTime.dwLowDateTime=0x17c56e40, ftLastAccessTime.dwHighDateTime=0x1d82827, ftLastWriteTime.dwLowDateTime=0x728b07bf, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc3a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tSQ.docx.ampkcz", cAlternateFileName="TSQDOC~1.AMP")) returned 1 [0222.356] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2805c240, ftCreationTime.dwHighDateTime=0x1d82161, ftLastAccessTime.dwLowDateTime=0x4339c270, ftLastAccessTime.dwHighDateTime=0x1d823f8, ftLastWriteTime.dwLowDateTime=0x72bc7232, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1b3c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="v3V2Y3Hpen0RMfAQo.odt.ampkcz", cAlternateFileName="V3V2Y3~1.AMP")) returned 1 [0222.356] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9e66040, ftCreationTime.dwHighDateTime=0x1d82719, ftLastAccessTime.dwLowDateTime=0x3a707430, ftLastAccessTime.dwHighDateTime=0x1d8282c, ftLastWriteTime.dwLowDateTime=0x72ef0329, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8748, dwReserved0=0x0, dwReserved1=0x0, cFileName="YKV-eu9e6_ WXh5sqju.pdf.ampkcz", cAlternateFileName="YKV-EU~1.AMP")) returned 1 [0222.357] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9e66040, ftCreationTime.dwHighDateTime=0x1d82719, ftLastAccessTime.dwLowDateTime=0x3a707430, ftLastAccessTime.dwHighDateTime=0x1d8282c, ftLastWriteTime.dwLowDateTime=0x72ef0329, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8748, dwReserved0=0x0, dwReserved1=0x0, cFileName="YKV-eu9e6_ WXh5sqju.pdf.ampkcz", cAlternateFileName="YKV-EU~1.AMP")) returned 0 [0222.357] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0222.357] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0222.357] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0222.357] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0222.357] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Downloads", lpFilePart=0x0) returned 0x1f [0222.357] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Downloads\\", lpFilePart=0x0) returned 0x20 [0222.357] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0222.357] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0222.358] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x436bc315, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0222.358] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0222.358] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0222.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0222.358] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0222.360] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x2b [0222.360] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x2b [0222.360] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini", dwFileAttributes=0x80) returned 1 [0222.361] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0222.361] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x2669ba0 | out: lpFileInformation=0x2669ba0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x436bc315, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1 [0222.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0222.361] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x2b [0222.361] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0222.361] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\downloads\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0222.361] GetFileType (hFile=0x1f4) returned 0x1 [0222.361] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0222.361] GetFileType (hFile=0x1f4) returned 0x1 [0222.361] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x11a [0222.361] ReadFile (in: hFile=0x1f4, lpBuffer=0x266a118, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x266a118*, lpNumberOfBytesRead=0x14edd8*=0x11a, lpOverlapped=0x0) returned 1 [0222.362] CloseHandle (hObject=0x1f4) returned 1 [0222.672] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x2b [0222.673] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0222.673] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\downloads\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0222.674] GetFileType (hFile=0x1f4) returned 0x1 [0222.674] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0222.674] GetFileType (hFile=0x1f4) returned 0x1 [0222.674] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e52e8*, nNumberOfBytesToWrite=0x248, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26e52e8*, lpNumberOfBytesWritten=0x14ec98*=0x248, lpOverlapped=0x0) returned 1 [0222.675] CloseHandle (hObject=0x1f4) returned 1 [0222.677] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x2b [0222.677] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini.ampkcz", lpFilePart=0x0) returned 0x32 [0222.677] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0222.677] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\downloads\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x436bc315, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x73207fca, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x248)) returned 1 [0222.677] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0222.678] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\downloads\\desktop.ini"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\desktop.ini.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\downloads\\desktop.ini.ampkcz")) returned 1 [0222.678] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Downloads\\readme.txt", lpFilePart=0x0) returned 0x2a [0222.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0222.678] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\downloads\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0222.679] GetFileType (hFile=0x1f4) returned 0x1 [0222.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0222.679] GetFileType (hFile=0x1f4) returned 0x1 [0222.680] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e84c0*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ed48, lpOverlapped=0x0 | out: lpBuffer=0x26e84c0*, lpNumberOfBytesWritten=0x14ed48*=0x6c6, lpOverlapped=0x0) returned 1 [0222.681] CloseHandle (hObject=0x1f4) returned 1 [0222.681] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0222.681] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Downloads", lpFilePart=0x0) returned 0x1f [0222.681] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Downloads\\", lpFilePart=0x0) returned 0x20 [0222.682] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Downloads\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x73209be3, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7320c350, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0222.682] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x73209be3, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7320c350, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0222.682] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x436bc315, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x73207fca, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x248, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0222.682] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7320c350, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x7320c350, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7321249e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0222.682] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7320c350, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x7320c350, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7321249e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0222.682] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0222.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0222.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0222.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0222.683] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures", lpFilePart=0x0) returned 0x1e [0222.683] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\", lpFilePart=0x0) returned 0x1f [0222.683] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xf272cbee, ftLastAccessTime.dwHighDateTime=0x1d82a28, ftLastWriteTime.dwLowDateTime=0xf272cbee, ftLastWriteTime.dwHighDateTime=0x1d82a28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0222.683] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xf272cbee, ftLastAccessTime.dwHighDateTime=0x1d82a28, ftLastWriteTime.dwLowDateTime=0xf272cbee, ftLastWriteTime.dwHighDateTime=0x1d82a28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0222.683] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x896518c0, ftCreationTime.dwHighDateTime=0x1d825fc, ftLastAccessTime.dwLowDateTime=0x857bf740, ftLastAccessTime.dwHighDateTime=0x1d82676, ftLastWriteTime.dwLowDateTime=0x857bf740, ftLastWriteTime.dwHighDateTime=0x1d82676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2y3wsQSAY8Vuz", cAlternateFileName="2Y3WSQ~1")) returned 1 [0222.683] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8afcd8d0, ftCreationTime.dwHighDateTime=0x1d82264, ftLastAccessTime.dwLowDateTime=0xb556e890, ftLastAccessTime.dwHighDateTime=0x1d82305, ftLastWriteTime.dwLowDateTime=0xb556e890, ftLastWriteTime.dwHighDateTime=0x1d82305, nFileSizeHigh=0x0, nFileSizeLow=0x16443, dwReserved0=0x0, dwReserved1=0x0, cFileName="AjN9y78hVh0UKrhnkL.jpg", cAlternateFileName="AJN9Y7~1.JPG")) returned 1 [0222.684] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Camera Roll", cAlternateFileName="CAMERA~1")) returned 1 [0222.684] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0222.684] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b1b1210, ftCreationTime.dwHighDateTime=0x1d820be, ftLastAccessTime.dwLowDateTime=0x20372dd0, ftLastAccessTime.dwHighDateTime=0x1d823cb, ftLastWriteTime.dwLowDateTime=0x20372dd0, ftLastWriteTime.dwHighDateTime=0x1d823cb, nFileSizeHigh=0x0, nFileSizeLow=0xe739, dwReserved0=0x0, dwReserved1=0x0, cFileName="ejgt1B9nD_k9299.bmp", cAlternateFileName="EJGT1B~1.BMP")) returned 1 [0222.684] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8b83a00, ftCreationTime.dwHighDateTime=0x1d82083, ftLastAccessTime.dwLowDateTime=0x729025e0, ftLastAccessTime.dwHighDateTime=0x1d826e7, ftLastWriteTime.dwLowDateTime=0x729025e0, ftLastWriteTime.dwHighDateTime=0x1d826e7, nFileSizeHigh=0x0, nFileSizeLow=0x12ea3, dwReserved0=0x0, dwReserved1=0x0, cFileName="hVKydaZ1ZP.jpg", cAlternateFileName="HVKYDA~1.JPG")) returned 1 [0222.684] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a6a8350, ftCreationTime.dwHighDateTime=0x1d820e4, ftLastAccessTime.dwLowDateTime=0x89bc26b0, ftLastAccessTime.dwHighDateTime=0x1d8289f, ftLastWriteTime.dwLowDateTime=0x89bc26b0, ftLastWriteTime.dwHighDateTime=0x1d8289f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iLPJWM2Zw-c", cAlternateFileName="ILPJWM~1")) returned 1 [0222.684] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c802ba0, ftCreationTime.dwHighDateTime=0x1d81a00, ftLastAccessTime.dwLowDateTime=0xccb3bac0, ftLastAccessTime.dwHighDateTime=0x1d82528, ftLastWriteTime.dwLowDateTime=0xccb3bac0, ftLastWriteTime.dwHighDateTime=0x1d82528, nFileSizeHigh=0x0, nFileSizeLow=0x14a83, dwReserved0=0x0, dwReserved1=0x0, cFileName="JLVegM9vxb3bekfHf_.jpg", cAlternateFileName="JLVEGM~1.JPG")) returned 1 [0222.685] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55e26470, ftCreationTime.dwHighDateTime=0x1d829d6, ftLastAccessTime.dwLowDateTime=0xb2eca750, ftLastAccessTime.dwHighDateTime=0x1d82a00, ftLastWriteTime.dwLowDateTime=0xb2eca750, ftLastWriteTime.dwHighDateTime=0x1d82a00, nFileSizeHigh=0x0, nFileSizeLow=0x4dc1, dwReserved0=0x0, dwReserved1=0x0, cFileName="k3 kfHWnlQpe4M9v.png", cAlternateFileName="K3KFHW~1.PNG")) returned 1 [0222.685] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb9e8b460, ftCreationTime.dwHighDateTime=0x1d82152, ftLastAccessTime.dwLowDateTime=0x10e171d0, ftLastAccessTime.dwHighDateTime=0x1d82829, ftLastWriteTime.dwLowDateTime=0x10e171d0, ftLastWriteTime.dwHighDateTime=0x1d82829, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LldMOQASD6", cAlternateFileName="LLDMOQ~1")) returned 1 [0222.685] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70296100, ftCreationTime.dwHighDateTime=0x1d81b60, ftLastAccessTime.dwLowDateTime=0x554d57f0, ftLastAccessTime.dwHighDateTime=0x1d829f8, ftLastWriteTime.dwLowDateTime=0x554d57f0, ftLastWriteTime.dwHighDateTime=0x1d829f8, nFileSizeHigh=0x0, nFileSizeLow=0x688b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ol3fbrHp3.png", cAlternateFileName="OL3FBR~1.PNG")) returned 1 [0222.685] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7414910, ftCreationTime.dwHighDateTime=0x1d81f0b, ftLastAccessTime.dwLowDateTime=0x11ab21e0, ftLastAccessTime.dwHighDateTime=0x1d825a1, ftLastWriteTime.dwLowDateTime=0x11ab21e0, ftLastWriteTime.dwHighDateTime=0x1d825a1, nFileSizeHigh=0x0, nFileSizeLow=0xecab, dwReserved0=0x0, dwReserved1=0x0, cFileName="q2vCj7US.gif", cAlternateFileName="")) returned 1 [0222.685] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Saved Pictures", cAlternateFileName="SAVEDP~1")) returned 1 [0222.685] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ed79050, ftCreationTime.dwHighDateTime=0x1d82682, ftLastAccessTime.dwLowDateTime=0xf0d7bb10, ftLastAccessTime.dwHighDateTime=0x1d826ac, ftLastWriteTime.dwLowDateTime=0xf0d7bb10, ftLastWriteTime.dwHighDateTime=0x1d826ac, nFileSizeHigh=0x0, nFileSizeLow=0x482, dwReserved0=0x0, dwReserved1=0x0, cFileName="UEaT.png", cAlternateFileName="")) returned 1 [0222.686] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0bcf580, ftCreationTime.dwHighDateTime=0x1d829b8, ftLastAccessTime.dwLowDateTime=0x71e9a410, ftLastAccessTime.dwHighDateTime=0x1d82a05, ftLastWriteTime.dwLowDateTime=0x71e9a410, ftLastWriteTime.dwHighDateTime=0x1d82a05, nFileSizeHigh=0x0, nFileSizeLow=0xc77a, dwReserved0=0x0, dwReserved1=0x0, cFileName="yvmvXCdl-L2md.png", cAlternateFileName="YVMVXC~1.PNG")) returned 1 [0222.686] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0222.686] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0222.686] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0222.686] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0222.686] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg", lpFilePart=0x0) returned 0x35 [0222.686] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg", lpFilePart=0x0) returned 0x35 [0222.686] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg", dwFileAttributes=0x80) returned 1 [0222.687] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0222.687] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ajn9y78hvh0ukrhnkl.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26ecf70 | out: lpFileInformation=0x26ecf70*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8afcd8d0, ftCreationTime.dwHighDateTime=0x1d82264, ftLastAccessTime.dwLowDateTime=0xb556e890, ftLastAccessTime.dwHighDateTime=0x1d82305, ftLastWriteTime.dwLowDateTime=0xb556e890, ftLastWriteTime.dwHighDateTime=0x1d82305, nFileSizeHigh=0x0, nFileSizeLow=0x16443)) returned 1 [0222.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0222.687] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg", lpFilePart=0x0) returned 0x35 [0222.687] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0222.687] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ajn9y78hvh0ukrhnkl.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0222.687] GetFileType (hFile=0x1f4) returned 0x1 [0222.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0222.687] GetFileType (hFile=0x1f4) returned 0x1 [0222.688] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x16443 [0222.688] ReadFile (in: hFile=0x1f4, lpBuffer=0x127f0030, nNumberOfBytesToRead=0x16443, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x127f0030*, lpNumberOfBytesRead=0x14edd8*=0x16443, lpOverlapped=0x0) returned 1 [0222.691] CloseHandle (hObject=0x1f4) returned 1 [0223.067] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg", lpFilePart=0x0) returned 0x35 [0223.067] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0223.067] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ajn9y78hvh0ukrhnkl.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0223.069] GetFileType (hFile=0x1f4) returned 0x1 [0223.069] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0223.069] GetFileType (hFile=0x1f4) returned 0x1 [0223.069] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.074] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.074] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.074] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.075] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.075] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.075] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.076] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.076] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.076] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.077] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.077] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.077] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.078] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.078] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.078] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.079] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.079] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.079] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.080] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.080] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.080] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.081] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.081] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.081] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.082] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.082] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.082] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.083] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.083] WriteFile (in: hFile=0x1f4, lpBuffer=0x2523e00*, nNumberOfBytesToWrite=0xbe0, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2523e00*, lpNumberOfBytesWritten=0x14ec98*=0xbe0, lpOverlapped=0x0) returned 1 [0223.083] CloseHandle (hObject=0x1f4) returned 1 [0223.091] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg", lpFilePart=0x0) returned 0x35 [0223.091] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg.ampkcz", lpFilePart=0x0) returned 0x3c [0223.091] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0223.091] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ajn9y78hvh0ukrhnkl.jpg"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8afcd8d0, ftCreationTime.dwHighDateTime=0x1d82264, ftLastAccessTime.dwLowDateTime=0xb556e890, ftLastAccessTime.dwHighDateTime=0x1d82305, ftLastWriteTime.dwLowDateTime=0x735f9292, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1dbe0)) returned 1 [0223.091] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0223.091] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ajn9y78hvh0ukrhnkl.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\AjN9y78hVh0UKrhnkL.jpg.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ajn9y78hvh0ukrhnkl.jpg.ampkcz")) returned 1 [0223.092] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\readme.txt", lpFilePart=0x0) returned 0x29 [0223.092] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0223.092] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0223.092] GetFileType (hFile=0x1f4) returned 0x1 [0223.092] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0223.092] GetFileType (hFile=0x1f4) returned 0x1 [0223.093] WriteFile (in: hFile=0x1f4, lpBuffer=0x2527020*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ed48, lpOverlapped=0x0 | out: lpBuffer=0x2527020*, lpNumberOfBytesWritten=0x14ed48*=0x6c6, lpOverlapped=0x0) returned 1 [0223.094] CloseHandle (hObject=0x1f4) returned 1 [0223.096] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini", lpFilePart=0x0) returned 0x2a [0223.096] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini", lpFilePart=0x0) returned 0x2a [0223.096] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini", dwFileAttributes=0x80) returned 1 [0223.097] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0223.097] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x25297c0 | out: lpFileInformation=0x25297c0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0223.097] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0223.097] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini", lpFilePart=0x0) returned 0x2a [0223.097] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0223.097] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0223.097] GetFileType (hFile=0x1f4) returned 0x1 [0223.097] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0223.097] GetFileType (hFile=0x1f4) returned 0x1 [0223.098] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x1f8 [0223.098] ReadFile (in: hFile=0x1f4, lpBuffer=0x2529e10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2529e10*, lpNumberOfBytesRead=0x14edd8*=0x1f8, lpOverlapped=0x0) returned 1 [0223.099] CloseHandle (hObject=0x1f4) returned 1 [0223.399] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini", lpFilePart=0x0) returned 0x2a [0223.399] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0223.399] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0223.401] GetFileType (hFile=0x1f4) returned 0x1 [0223.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0223.401] GetFileType (hFile=0x1f4) returned 0x1 [0223.401] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a58f0*, nNumberOfBytesToWrite=0x374, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25a58f0*, lpNumberOfBytesWritten=0x14ec98*=0x374, lpOverlapped=0x0) returned 1 [0223.403] CloseHandle (hObject=0x1f4) returned 1 [0223.404] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini", lpFilePart=0x0) returned 0x2a [0223.404] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini.ampkcz", lpFilePart=0x0) returned 0x31 [0223.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0223.405] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x738f78f9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x374)) returned 1 [0223.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0223.405] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\desktop.ini"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\desktop.ini.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\desktop.ini.ampkcz")) returned 1 [0223.406] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp", lpFilePart=0x0) returned 0x32 [0223.406] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp", lpFilePart=0x0) returned 0x32 [0223.406] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp", dwFileAttributes=0x80) returned 1 [0223.407] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0223.407] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ejgt1b9nd_k9299.bmp"), fInfoLevelId=0x0, lpFileInformation=0x25a71e8 | out: lpFileInformation=0x25a71e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4b1b1210, ftCreationTime.dwHighDateTime=0x1d820be, ftLastAccessTime.dwLowDateTime=0x20372dd0, ftLastAccessTime.dwHighDateTime=0x1d823cb, ftLastWriteTime.dwLowDateTime=0x20372dd0, ftLastWriteTime.dwHighDateTime=0x1d823cb, nFileSizeHigh=0x0, nFileSizeLow=0xe739)) returned 1 [0223.407] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0223.407] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp", lpFilePart=0x0) returned 0x32 [0223.407] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0223.407] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ejgt1b9nd_k9299.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0223.407] GetFileType (hFile=0x1f4) returned 0x1 [0223.407] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0223.407] GetFileType (hFile=0x1f4) returned 0x1 [0223.407] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0xe739 [0223.407] ReadFile (in: hFile=0x1f4, lpBuffer=0x25a7678, nNumberOfBytesToRead=0xe739, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25a7678*, lpNumberOfBytesRead=0x14edd8*=0xe739, lpOverlapped=0x0) returned 1 [0223.409] CloseHandle (hObject=0x1f4) returned 1 [0223.763] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp", lpFilePart=0x0) returned 0x32 [0223.763] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0223.763] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ejgt1b9nd_k9299.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0223.764] GetFileType (hFile=0x1f4) returned 0x1 [0223.764] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0223.764] GetFileType (hFile=0x1f4) returned 0x1 [0223.764] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.766] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.766] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.766] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.767] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.767] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.767] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.768] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.768] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.769] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.769] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.769] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.770] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.770] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.770] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.770] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.771] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.771] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.771] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0223.772] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a800*, nNumberOfBytesToWrite=0x520, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x265a800*, lpNumberOfBytesWritten=0x14ec98*=0x520, lpOverlapped=0x0) returned 1 [0223.772] CloseHandle (hObject=0x1f4) returned 1 [0223.775] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp", lpFilePart=0x0) returned 0x32 [0223.775] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp.ampkcz", lpFilePart=0x0) returned 0x39 [0223.775] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0223.775] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ejgt1b9nd_k9299.bmp"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b1b1210, ftCreationTime.dwHighDateTime=0x1d820be, ftLastAccessTime.dwLowDateTime=0x20372dd0, ftLastAccessTime.dwHighDateTime=0x1d823cb, ftLastWriteTime.dwLowDateTime=0x73c73da3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x13520)) returned 1 [0223.775] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0223.775] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ejgt1b9nd_k9299.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\ejgt1B9nD_k9299.bmp.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ejgt1b9nd_k9299.bmp.ampkcz")) returned 1 [0223.776] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg", lpFilePart=0x0) returned 0x2d [0223.776] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg", lpFilePart=0x0) returned 0x2d [0223.776] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg", dwFileAttributes=0x80) returned 1 [0223.776] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0223.776] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\hvkydaz1zp.jpg"), fInfoLevelId=0x0, lpFileInformation=0x265bc98 | out: lpFileInformation=0x265bc98*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xa8b83a00, ftCreationTime.dwHighDateTime=0x1d82083, ftLastAccessTime.dwLowDateTime=0x729025e0, ftLastAccessTime.dwHighDateTime=0x1d826e7, ftLastWriteTime.dwLowDateTime=0x729025e0, ftLastWriteTime.dwHighDateTime=0x1d826e7, nFileSizeHigh=0x0, nFileSizeLow=0x12ea3)) returned 1 [0223.779] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0223.779] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg", lpFilePart=0x0) returned 0x2d [0223.779] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0223.779] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\hvkydaz1zp.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0223.780] GetFileType (hFile=0x1f4) returned 0x1 [0223.780] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0223.780] GetFileType (hFile=0x1f4) returned 0x1 [0223.780] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x12ea3 [0223.780] ReadFile (in: hFile=0x1f4, lpBuffer=0x265c100, nNumberOfBytesToRead=0x12ea3, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x265c100*, lpNumberOfBytesRead=0x14edd8*=0x12ea3, lpOverlapped=0x0) returned 1 [0223.781] CloseHandle (hObject=0x1f4) returned 1 [0224.111] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg", lpFilePart=0x0) returned 0x2d [0224.111] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0224.111] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\hvkydaz1zp.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0224.113] GetFileType (hFile=0x1f4) returned 0x1 [0224.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0224.113] GetFileType (hFile=0x1f4) returned 0x1 [0224.118] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.120] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.120] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.120] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.121] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.122] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.122] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.122] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.123] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.123] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.123] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.124] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.124] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.125] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.125] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.125] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.126] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.126] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.127] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.127] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.128] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.128] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.128] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.129] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.129] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.130] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522110*, nNumberOfBytesToWrite=0x460, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2522110*, lpNumberOfBytesWritten=0x14ec98*=0x460, lpOverlapped=0x0) returned 1 [0224.130] CloseHandle (hObject=0x1f4) returned 1 [0224.134] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg", lpFilePart=0x0) returned 0x2d [0224.134] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg.ampkcz", lpFilePart=0x0) returned 0x34 [0224.134] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0224.134] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\hvkydaz1zp.jpg"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8b83a00, ftCreationTime.dwHighDateTime=0x1d82083, ftLastAccessTime.dwLowDateTime=0x729025e0, ftLastAccessTime.dwHighDateTime=0x1d826e7, ftLastWriteTime.dwLowDateTime=0x73fec647, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x19460)) returned 1 [0224.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0224.134] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\hvkydaz1zp.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\hVKydaZ1ZP.jpg.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\hvkydaz1zp.jpg.ampkcz")) returned 1 [0224.135] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg", lpFilePart=0x0) returned 0x35 [0224.135] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg", lpFilePart=0x0) returned 0x35 [0224.135] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg", dwFileAttributes=0x80) returned 1 [0224.135] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0224.135] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\jlvegm9vxb3bekfhf_.jpg"), fInfoLevelId=0x0, lpFileInformation=0x25235a0 | out: lpFileInformation=0x25235a0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4c802ba0, ftCreationTime.dwHighDateTime=0x1d81a00, ftLastAccessTime.dwLowDateTime=0xccb3bac0, ftLastAccessTime.dwHighDateTime=0x1d82528, ftLastWriteTime.dwLowDateTime=0xccb3bac0, ftLastWriteTime.dwHighDateTime=0x1d82528, nFileSizeHigh=0x0, nFileSizeLow=0x14a83)) returned 1 [0224.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0224.136] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg", lpFilePart=0x0) returned 0x35 [0224.136] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0224.136] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\jlvegm9vxb3bekfhf_.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0224.136] GetFileType (hFile=0x1f4) returned 0x1 [0224.136] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0224.136] GetFileType (hFile=0x1f4) returned 0x1 [0224.136] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x14a83 [0224.136] ReadFile (in: hFile=0x1f4, lpBuffer=0x2523a58, nNumberOfBytesToRead=0x14a83, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2523a58*, lpNumberOfBytesRead=0x14edd8*=0x14a83, lpOverlapped=0x0) returned 1 [0224.137] CloseHandle (hObject=0x1f4) returned 1 [0224.444] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg", lpFilePart=0x0) returned 0x35 [0224.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0224.444] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\jlvegm9vxb3bekfhf_.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0224.446] GetFileType (hFile=0x1f4) returned 0x1 [0224.446] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0224.446] GetFileType (hFile=0x1f4) returned 0x1 [0224.447] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.449] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.449] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.449] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.450] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.450] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.450] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.451] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.451] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.451] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.452] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.452] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.452] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.453] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.453] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.453] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.454] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.454] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.455] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.455] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.455] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.455] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.456] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.456] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.457] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.457] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.457] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.457] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef930*, nNumberOfBytesToWrite=0x988, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25ef930*, lpNumberOfBytesWritten=0x14ec98*=0x988, lpOverlapped=0x0) returned 1 [0224.458] CloseHandle (hObject=0x1f4) returned 1 [0224.467] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg", lpFilePart=0x0) returned 0x35 [0224.468] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg.ampkcz", lpFilePart=0x0) returned 0x3c [0224.468] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0224.469] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\jlvegm9vxb3bekfhf_.jpg"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c802ba0, ftCreationTime.dwHighDateTime=0x1d81a00, ftLastAccessTime.dwLowDateTime=0xccb3bac0, ftLastAccessTime.dwHighDateTime=0x1d82528, ftLastWriteTime.dwLowDateTime=0x74318e76, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1b988)) returned 1 [0224.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0224.470] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\jlvegm9vxb3bekfhf_.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\JLVegM9vxb3bekfHf_.jpg.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\jlvegm9vxb3bekfhf_.jpg.ampkcz")) returned 1 [0224.473] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png", lpFilePart=0x0) returned 0x33 [0224.473] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png", lpFilePart=0x0) returned 0x33 [0224.473] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png", dwFileAttributes=0x80) returned 1 [0224.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0224.474] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\k3 kfhwnlqpe4m9v.png"), fInfoLevelId=0x0, lpFileInformation=0x25f0e90 | out: lpFileInformation=0x25f0e90*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x55e26470, ftCreationTime.dwHighDateTime=0x1d829d6, ftLastAccessTime.dwLowDateTime=0xb2eca750, ftLastAccessTime.dwHighDateTime=0x1d82a00, ftLastWriteTime.dwLowDateTime=0xb2eca750, ftLastWriteTime.dwHighDateTime=0x1d82a00, nFileSizeHigh=0x0, nFileSizeLow=0x4dc1)) returned 1 [0224.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0224.474] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png", lpFilePart=0x0) returned 0x33 [0224.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0224.474] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\k3 kfhwnlqpe4m9v.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0224.474] GetFileType (hFile=0x1f4) returned 0x1 [0224.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0224.474] GetFileType (hFile=0x1f4) returned 0x1 [0224.474] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x4dc1 [0224.474] ReadFile (in: hFile=0x1f4, lpBuffer=0x25f1330, nNumberOfBytesToRead=0x4dc1, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25f1330*, lpNumberOfBytesRead=0x14edd8*=0x4dc1, lpOverlapped=0x0) returned 1 [0224.476] CloseHandle (hObject=0x1f4) returned 1 [0224.818] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png", lpFilePart=0x0) returned 0x33 [0224.818] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0224.819] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\k3 kfhwnlqpe4m9v.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0224.820] GetFileType (hFile=0x1f4) returned 0x1 [0224.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0224.820] GetFileType (hFile=0x1f4) returned 0x1 [0224.820] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a1b68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a1b68*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.823] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a1b68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a1b68*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.823] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a1b68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a1b68*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.823] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a1b68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a1b68*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.824] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a1b68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a1b68*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.824] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a1b68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a1b68*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0224.824] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a1b68*, nNumberOfBytesToWrite=0x888, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26a1b68*, lpNumberOfBytesWritten=0x14ec98*=0x888, lpOverlapped=0x0) returned 1 [0224.824] CloseHandle (hObject=0x1f4) returned 1 [0224.826] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png", lpFilePart=0x0) returned 0x33 [0224.826] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png.ampkcz", lpFilePart=0x0) returned 0x3a [0224.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0224.826] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\k3 kfhwnlqpe4m9v.png"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55e26470, ftCreationTime.dwHighDateTime=0x1d829d6, ftLastAccessTime.dwLowDateTime=0xb2eca750, ftLastAccessTime.dwHighDateTime=0x1d82a00, ftLastWriteTime.dwLowDateTime=0x74686d07, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6888)) returned 1 [0224.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0224.827] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\k3 kfhwnlqpe4m9v.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\k3 kfHWnlQpe4M9v.png.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\k3 kfhwnlqpe4m9v.png.ampkcz")) returned 1 [0224.828] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png", lpFilePart=0x0) returned 0x2c [0224.828] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png", lpFilePart=0x0) returned 0x2c [0224.828] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png", dwFileAttributes=0x80) returned 1 [0224.828] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0224.828] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ol3fbrhp3.png"), fInfoLevelId=0x0, lpFileInformation=0x26a30a0 | out: lpFileInformation=0x26a30a0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x70296100, ftCreationTime.dwHighDateTime=0x1d81b60, ftLastAccessTime.dwLowDateTime=0x554d57f0, ftLastAccessTime.dwHighDateTime=0x1d829f8, ftLastWriteTime.dwLowDateTime=0x554d57f0, ftLastWriteTime.dwHighDateTime=0x1d829f8, nFileSizeHigh=0x0, nFileSizeLow=0x688b)) returned 1 [0224.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0224.828] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png", lpFilePart=0x0) returned 0x2c [0224.828] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0224.829] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ol3fbrhp3.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0224.829] GetFileType (hFile=0x1f4) returned 0x1 [0224.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0224.829] GetFileType (hFile=0x1f4) returned 0x1 [0224.829] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x688b [0224.829] ReadFile (in: hFile=0x1f4, lpBuffer=0x26a3508, nNumberOfBytesToRead=0x688b, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x26a3508*, lpNumberOfBytesRead=0x14edd8*=0x688b, lpOverlapped=0x0) returned 1 [0224.830] CloseHandle (hObject=0x1f4) returned 1 [0225.090] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png", lpFilePart=0x0) returned 0x2c [0225.090] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0225.090] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ol3fbrhp3.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0225.092] GetFileType (hFile=0x1f4) returned 0x1 [0225.092] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0225.092] GetFileType (hFile=0x1f4) returned 0x1 [0225.092] WriteFile (in: hFile=0x1f4, lpBuffer=0x2570350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2570350*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.093] WriteFile (in: hFile=0x1f4, lpBuffer=0x2570350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2570350*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.093] WriteFile (in: hFile=0x1f4, lpBuffer=0x2570350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2570350*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.094] WriteFile (in: hFile=0x1f4, lpBuffer=0x2570350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2570350*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.094] WriteFile (in: hFile=0x1f4, lpBuffer=0x2570350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2570350*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.094] WriteFile (in: hFile=0x1f4, lpBuffer=0x2570350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2570350*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.095] WriteFile (in: hFile=0x1f4, lpBuffer=0x2570350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2570350*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.095] WriteFile (in: hFile=0x1f4, lpBuffer=0x2570350*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2570350*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.095] WriteFile (in: hFile=0x1f4, lpBuffer=0x2570350*, nNumberOfBytesToWrite=0xc34, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2570350*, lpNumberOfBytesWritten=0x14ec98*=0xc34, lpOverlapped=0x0) returned 1 [0225.096] CloseHandle (hObject=0x1f4) returned 1 [0225.098] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png", lpFilePart=0x0) returned 0x2c [0225.098] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png.ampkcz", lpFilePart=0x0) returned 0x33 [0225.098] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0225.098] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ol3fbrhp3.png"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70296100, ftCreationTime.dwHighDateTime=0x1d81b60, ftLastAccessTime.dwLowDateTime=0x554d57f0, ftLastAccessTime.dwHighDateTime=0x1d829f8, ftLastWriteTime.dwLowDateTime=0x7491d479, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8c34)) returned 1 [0225.098] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0225.098] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ol3fbrhp3.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Ol3fbrHp3.png.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ol3fbrhp3.png.ampkcz")) returned 1 [0225.101] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif", lpFilePart=0x0) returned 0x2b [0225.101] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif", lpFilePart=0x0) returned 0x2b [0225.101] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif", dwFileAttributes=0x80) returned 1 [0225.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0225.101] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\q2vcj7us.gif"), fInfoLevelId=0x0, lpFileInformation=0x2572800 | out: lpFileInformation=0x2572800*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7414910, ftCreationTime.dwHighDateTime=0x1d81f0b, ftLastAccessTime.dwLowDateTime=0x11ab21e0, ftLastAccessTime.dwHighDateTime=0x1d825a1, ftLastWriteTime.dwLowDateTime=0x11ab21e0, ftLastWriteTime.dwHighDateTime=0x1d825a1, nFileSizeHigh=0x0, nFileSizeLow=0xecab)) returned 1 [0225.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0225.102] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif", lpFilePart=0x0) returned 0x2b [0225.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0225.102] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\q2vcj7us.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0225.102] GetFileType (hFile=0x1f4) returned 0x1 [0225.102] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0225.102] GetFileType (hFile=0x1f4) returned 0x1 [0225.102] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0xecab [0225.102] ReadFile (in: hFile=0x1f4, lpBuffer=0x2572c50, nNumberOfBytesToRead=0xecab, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2572c50*, lpNumberOfBytesRead=0x14edd8*=0xecab, lpOverlapped=0x0) returned 1 [0225.103] CloseHandle (hObject=0x1f4) returned 1 [0225.415] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif", lpFilePart=0x0) returned 0x2b [0225.415] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0225.415] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\q2vcj7us.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0225.419] GetFileType (hFile=0x1f4) returned 0x1 [0225.419] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0225.419] GetFileType (hFile=0x1f4) returned 0x1 [0225.419] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.420] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.420] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.421] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.421] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.421] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.422] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.422] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.422] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.423] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.423] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.423] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.424] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.424] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.424] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.425] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.425] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.425] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.426] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0225.426] WriteFile (in: hFile=0x1f4, lpBuffer=0x2627380*, nNumberOfBytesToWrite=0xc60, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2627380*, lpNumberOfBytesWritten=0x14ec98*=0xc60, lpOverlapped=0x0) returned 1 [0225.426] CloseHandle (hObject=0x1f4) returned 1 [0225.430] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif", lpFilePart=0x0) returned 0x2b [0225.430] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif.ampkcz", lpFilePart=0x0) returned 0x32 [0225.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0225.430] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\q2vcj7us.gif"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7414910, ftCreationTime.dwHighDateTime=0x1d81f0b, ftLastAccessTime.dwLowDateTime=0x11ab21e0, ftLastAccessTime.dwHighDateTime=0x1d825a1, ftLastWriteTime.dwLowDateTime=0x74c480a1, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x13c60)) returned 1 [0225.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0225.430] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\q2vcj7us.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\q2vCj7US.gif.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\q2vcj7us.gif.ampkcz")) returned 1 [0225.431] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png", lpFilePart=0x0) returned 0x27 [0225.432] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png", lpFilePart=0x0) returned 0x27 [0225.432] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png", dwFileAttributes=0x80) returned 1 [0225.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0225.432] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ueat.png"), fInfoLevelId=0x0, lpFileInformation=0x2628880 | out: lpFileInformation=0x2628880*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7ed79050, ftCreationTime.dwHighDateTime=0x1d82682, ftLastAccessTime.dwLowDateTime=0xf0d7bb10, ftLastAccessTime.dwHighDateTime=0x1d826ac, ftLastWriteTime.dwLowDateTime=0xf0d7bb10, ftLastWriteTime.dwHighDateTime=0x1d826ac, nFileSizeHigh=0x0, nFileSizeLow=0x482)) returned 1 [0225.432] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0225.432] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png", lpFilePart=0x0) returned 0x27 [0225.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0225.432] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ueat.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0225.432] GetFileType (hFile=0x1f4) returned 0x1 [0225.433] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0225.433] GetFileType (hFile=0x1f4) returned 0x1 [0225.433] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x482 [0225.433] ReadFile (in: hFile=0x1f4, lpBuffer=0x2629148, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2629148*, lpNumberOfBytesRead=0x14edd8*=0x482, lpOverlapped=0x0) returned 1 [0225.434] CloseHandle (hObject=0x1f4) returned 1 [0225.837] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png", lpFilePart=0x0) returned 0x27 [0225.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0225.837] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ueat.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0225.838] GetFileType (hFile=0x1f4) returned 0x1 [0225.838] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0225.838] GetFileType (hFile=0x1f4) returned 0x1 [0225.838] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a66a8*, nNumberOfBytesToWrite=0x6e0, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26a66a8*, lpNumberOfBytesWritten=0x14ec98*=0x6e0, lpOverlapped=0x0) returned 1 [0225.839] CloseHandle (hObject=0x1f4) returned 1 [0225.841] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png", lpFilePart=0x0) returned 0x27 [0225.841] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png.ampkcz", lpFilePart=0x0) returned 0x2e [0225.841] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0225.841] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ueat.png"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ed79050, ftCreationTime.dwHighDateTime=0x1d82682, ftLastAccessTime.dwLowDateTime=0xf0d7bb10, ftLastAccessTime.dwHighDateTime=0x1d826ac, ftLastWriteTime.dwLowDateTime=0x750342a3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6e0)) returned 1 [0225.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0225.841] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ueat.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\UEaT.png.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ueat.png.ampkcz")) returned 1 [0225.842] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png", lpFilePart=0x0) returned 0x30 [0225.842] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png", lpFilePart=0x0) returned 0x30 [0225.842] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png", dwFileAttributes=0x80) returned 1 [0225.843] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0225.843] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\yvmvxcdl-l2md.png"), fInfoLevelId=0x0, lpFileInformation=0x26a7ba0 | out: lpFileInformation=0x26a7ba0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc0bcf580, ftCreationTime.dwHighDateTime=0x1d829b8, ftLastAccessTime.dwLowDateTime=0x71e9a410, ftLastAccessTime.dwHighDateTime=0x1d82a05, ftLastWriteTime.dwLowDateTime=0x71e9a410, ftLastWriteTime.dwHighDateTime=0x1d82a05, nFileSizeHigh=0x0, nFileSizeLow=0xc77a)) returned 1 [0225.843] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0225.843] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png", lpFilePart=0x0) returned 0x30 [0225.843] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0225.843] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\yvmvxcdl-l2md.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0225.843] GetFileType (hFile=0x1f4) returned 0x1 [0225.843] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0225.843] GetFileType (hFile=0x1f4) returned 0x1 [0225.843] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0xc77a [0225.843] ReadFile (in: hFile=0x1f4, lpBuffer=0x26a8030, nNumberOfBytesToRead=0xc77a, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x26a8030*, lpNumberOfBytesRead=0x14edd8*=0xc77a, lpOverlapped=0x0) returned 1 [0225.845] CloseHandle (hObject=0x1f4) returned 1 [0226.227] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png", lpFilePart=0x0) returned 0x30 [0226.227] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0226.227] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\yvmvxcdl-l2md.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0226.229] GetFileType (hFile=0x1f4) returned 0x1 [0226.229] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0226.229] GetFileType (hFile=0x1f4) returned 0x1 [0226.229] WriteFile (in: hFile=0x1f4, lpBuffer=0x2572800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2572800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0226.230] WriteFile (in: hFile=0x1f4, lpBuffer=0x2572800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2572800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0226.231] WriteFile (in: hFile=0x1f4, lpBuffer=0x2572800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2572800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0226.231] WriteFile (in: hFile=0x1f4, lpBuffer=0x2572800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2572800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0226.231] WriteFile (in: hFile=0x1f4, lpBuffer=0x2572800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2572800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0226.246] WriteFile (in: hFile=0x1f4, lpBuffer=0x2572800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2572800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0226.246] WriteFile (in: hFile=0x1f4, lpBuffer=0x2572800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2572800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0226.247] WriteFile (in: hFile=0x1f4, lpBuffer=0x2572800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2572800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0226.247] WriteFile (in: hFile=0x1f4, lpBuffer=0x2572800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2572800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0226.248] WriteFile (in: hFile=0x1f4, lpBuffer=0x2572800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2572800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0226.248] WriteFile (in: hFile=0x1f4, lpBuffer=0x2572800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2572800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0226.248] WriteFile (in: hFile=0x1f4, lpBuffer=0x2572800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2572800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0226.249] WriteFile (in: hFile=0x1f4, lpBuffer=0x2572800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2572800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0226.249] WriteFile (in: hFile=0x1f4, lpBuffer=0x2572800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2572800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0226.249] WriteFile (in: hFile=0x1f4, lpBuffer=0x2572800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2572800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0226.250] WriteFile (in: hFile=0x1f4, lpBuffer=0x2572800*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2572800*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0226.250] WriteFile (in: hFile=0x1f4, lpBuffer=0x2572800*, nNumberOfBytesToWrite=0xac8, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2572800*, lpNumberOfBytesWritten=0x14ec98*=0xac8, lpOverlapped=0x0) returned 1 [0226.250] CloseHandle (hObject=0x1f4) returned 1 [0226.253] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png", lpFilePart=0x0) returned 0x30 [0226.253] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png.ampkcz", lpFilePart=0x0) returned 0x37 [0226.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0226.253] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\yvmvxcdl-l2md.png"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0bcf580, ftCreationTime.dwHighDateTime=0x1d829b8, ftLastAccessTime.dwLowDateTime=0x71e9a410, ftLastAccessTime.dwHighDateTime=0x1d82a05, ftLastWriteTime.dwLowDateTime=0x75422c14, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x10ac8)) returned 1 [0226.254] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0226.254] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\yvmvxcdl-l2md.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\yvmvXCdl-L2md.png.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\yvmvxcdl-l2md.png.ampkcz")) returned 1 [0226.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0226.254] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures", lpFilePart=0x0) returned 0x1e [0226.254] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\", lpFilePart=0x0) returned 0x1f [0226.255] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x75423dc4, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x75423dc4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0226.255] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x75423dc4, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x75423dc4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.255] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x896518c0, ftCreationTime.dwHighDateTime=0x1d825fc, ftLastAccessTime.dwLowDateTime=0x857bf740, ftLastAccessTime.dwHighDateTime=0x1d82676, ftLastWriteTime.dwLowDateTime=0x857bf740, ftLastWriteTime.dwHighDateTime=0x1d82676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2y3wsQSAY8Vuz", cAlternateFileName="2Y3WSQ~1")) returned 1 [0226.255] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8afcd8d0, ftCreationTime.dwHighDateTime=0x1d82264, ftLastAccessTime.dwLowDateTime=0xb556e890, ftLastAccessTime.dwHighDateTime=0x1d82305, ftLastWriteTime.dwLowDateTime=0x735f9292, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1dbe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AjN9y78hVh0UKrhnkL.jpg.ampkcz", cAlternateFileName="AJN9Y7~1.AMP")) returned 1 [0226.256] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Camera Roll", cAlternateFileName="CAMERA~1")) returned 1 [0226.256] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x435fd682, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x435fd682, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x738f78f9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x374, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0226.256] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4b1b1210, ftCreationTime.dwHighDateTime=0x1d820be, ftLastAccessTime.dwLowDateTime=0x20372dd0, ftLastAccessTime.dwHighDateTime=0x1d823cb, ftLastWriteTime.dwLowDateTime=0x73c73da3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x13520, dwReserved0=0x0, dwReserved1=0x0, cFileName="ejgt1B9nD_k9299.bmp.ampkcz", cAlternateFileName="EJGT1B~1.AMP")) returned 1 [0226.256] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8b83a00, ftCreationTime.dwHighDateTime=0x1d82083, ftLastAccessTime.dwLowDateTime=0x729025e0, ftLastAccessTime.dwHighDateTime=0x1d826e7, ftLastWriteTime.dwLowDateTime=0x73fec647, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x19460, dwReserved0=0x0, dwReserved1=0x0, cFileName="hVKydaZ1ZP.jpg.ampkcz", cAlternateFileName="HVKYDA~1.AMP")) returned 1 [0226.256] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a6a8350, ftCreationTime.dwHighDateTime=0x1d820e4, ftLastAccessTime.dwLowDateTime=0x89bc26b0, ftLastAccessTime.dwHighDateTime=0x1d8289f, ftLastWriteTime.dwLowDateTime=0x89bc26b0, ftLastWriteTime.dwHighDateTime=0x1d8289f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="iLPJWM2Zw-c", cAlternateFileName="ILPJWM~1")) returned 1 [0226.256] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c802ba0, ftCreationTime.dwHighDateTime=0x1d81a00, ftLastAccessTime.dwLowDateTime=0xccb3bac0, ftLastAccessTime.dwHighDateTime=0x1d82528, ftLastWriteTime.dwLowDateTime=0x74318e76, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1b988, dwReserved0=0x0, dwReserved1=0x0, cFileName="JLVegM9vxb3bekfHf_.jpg.ampkcz", cAlternateFileName="JLVEGM~1.AMP")) returned 1 [0226.257] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55e26470, ftCreationTime.dwHighDateTime=0x1d829d6, ftLastAccessTime.dwLowDateTime=0xb2eca750, ftLastAccessTime.dwHighDateTime=0x1d82a00, ftLastWriteTime.dwLowDateTime=0x74686d07, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6888, dwReserved0=0x0, dwReserved1=0x0, cFileName="k3 kfHWnlQpe4M9v.png.ampkcz", cAlternateFileName="K3KFHW~1.AMP")) returned 1 [0226.257] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb9e8b460, ftCreationTime.dwHighDateTime=0x1d82152, ftLastAccessTime.dwLowDateTime=0x10e171d0, ftLastAccessTime.dwHighDateTime=0x1d82829, ftLastWriteTime.dwLowDateTime=0x10e171d0, ftLastWriteTime.dwHighDateTime=0x1d82829, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LldMOQASD6", cAlternateFileName="LLDMOQ~1")) returned 1 [0226.257] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70296100, ftCreationTime.dwHighDateTime=0x1d81b60, ftLastAccessTime.dwLowDateTime=0x554d57f0, ftLastAccessTime.dwHighDateTime=0x1d829f8, ftLastWriteTime.dwLowDateTime=0x7491d479, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8c34, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ol3fbrHp3.png.ampkcz", cAlternateFileName="OL3FBR~1.AMP")) returned 1 [0226.257] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7414910, ftCreationTime.dwHighDateTime=0x1d81f0b, ftLastAccessTime.dwLowDateTime=0x11ab21e0, ftLastAccessTime.dwHighDateTime=0x1d825a1, ftLastWriteTime.dwLowDateTime=0x74c480a1, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x13c60, dwReserved0=0x0, dwReserved1=0x0, cFileName="q2vCj7US.gif.ampkcz", cAlternateFileName="Q2VCJ7~1.AMP")) returned 1 [0226.257] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x735fc458, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x735fc458, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x736024d3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0226.258] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Saved Pictures", cAlternateFileName="SAVEDP~1")) returned 1 [0226.258] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ed79050, ftCreationTime.dwHighDateTime=0x1d82682, ftLastAccessTime.dwLowDateTime=0xf0d7bb10, ftLastAccessTime.dwHighDateTime=0x1d826ac, ftLastWriteTime.dwLowDateTime=0x750342a3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UEaT.png.ampkcz", cAlternateFileName="UEATPN~1.AMP")) returned 1 [0226.258] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0bcf580, ftCreationTime.dwHighDateTime=0x1d829b8, ftLastAccessTime.dwLowDateTime=0x71e9a410, ftLastAccessTime.dwHighDateTime=0x1d82a05, ftLastWriteTime.dwLowDateTime=0x75422c14, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x10ac8, dwReserved0=0x0, dwReserved1=0x0, cFileName="yvmvXCdl-L2md.png.ampkcz", cAlternateFileName="YVMVXC~1.AMP")) returned 1 [0226.258] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0bcf580, ftCreationTime.dwHighDateTime=0x1d829b8, ftLastAccessTime.dwLowDateTime=0x71e9a410, ftLastAccessTime.dwHighDateTime=0x1d82a05, ftLastWriteTime.dwLowDateTime=0x75422c14, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x10ac8, dwReserved0=0x0, dwReserved1=0x0, cFileName="yvmvXCdl-L2md.png.ampkcz", cAlternateFileName="YVMVXC~1.AMP")) returned 0 [0226.258] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0226.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0226.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0226.258] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0226.259] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz", lpFilePart=0x0) returned 0x2c [0226.259] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\", lpFilePart=0x0) returned 0x2d [0226.259] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x896518c0, ftCreationTime.dwHighDateTime=0x1d825fc, ftLastAccessTime.dwLowDateTime=0x857bf740, ftLastAccessTime.dwHighDateTime=0x1d82676, ftLastWriteTime.dwLowDateTime=0x857bf740, ftLastWriteTime.dwHighDateTime=0x1d82676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0226.259] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x896518c0, ftCreationTime.dwHighDateTime=0x1d825fc, ftLastAccessTime.dwLowDateTime=0x857bf740, ftLastAccessTime.dwHighDateTime=0x1d82676, ftLastWriteTime.dwLowDateTime=0x857bf740, ftLastWriteTime.dwHighDateTime=0x1d82676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0226.259] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24db2380, ftCreationTime.dwHighDateTime=0x1d82675, ftLastAccessTime.dwLowDateTime=0x4b184840, ftLastAccessTime.dwHighDateTime=0x1d82998, ftLastWriteTime.dwLowDateTime=0x4b184840, ftLastWriteTime.dwHighDateTime=0x1d82998, nFileSizeHigh=0x0, nFileSizeLow=0x13962, dwReserved0=0x0, dwReserved1=0x0, cFileName="3avUxb1B L_1g12oSkH5.png", cAlternateFileName="3AVUXB~1.PNG")) returned 1 [0226.259] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b327000, ftCreationTime.dwHighDateTime=0x1d81ba1, ftLastAccessTime.dwLowDateTime=0xc5dc40b0, ftLastAccessTime.dwHighDateTime=0x1d82978, ftLastWriteTime.dwLowDateTime=0xc5dc40b0, ftLastWriteTime.dwHighDateTime=0x1d82978, nFileSizeHigh=0x0, nFileSizeLow=0x133af, dwReserved0=0x0, dwReserved1=0x0, cFileName="82EsZ7p-5diz.bmp", cAlternateFileName="82ESZ7~1.BMP")) returned 1 [0226.260] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65850f60, ftCreationTime.dwHighDateTime=0x1d824b1, ftLastAccessTime.dwLowDateTime=0x89158e10, ftLastAccessTime.dwHighDateTime=0x1d8258c, ftLastWriteTime.dwLowDateTime=0x89158e10, ftLastWriteTime.dwHighDateTime=0x1d8258c, nFileSizeHigh=0x0, nFileSizeLow=0x22a2, dwReserved0=0x0, dwReserved1=0x0, cFileName="95XyOZRwahuGE.bmp", cAlternateFileName="95XYOZ~1.BMP")) returned 1 [0226.260] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a8d96b0, ftCreationTime.dwHighDateTime=0x1d8270e, ftLastAccessTime.dwLowDateTime=0x3cc53d10, ftLastAccessTime.dwHighDateTime=0x1d82791, ftLastWriteTime.dwLowDateTime=0x3cc53d10, ftLastWriteTime.dwHighDateTime=0x1d82791, nFileSizeHigh=0x0, nFileSizeLow=0x14dce, dwReserved0=0x0, dwReserved1=0x0, cFileName="pybRnums.gif", cAlternateFileName="")) returned 1 [0226.260] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7deb33b0, ftCreationTime.dwHighDateTime=0x1d821d0, ftLastAccessTime.dwLowDateTime=0xd612f850, ftLastAccessTime.dwHighDateTime=0x1d82803, ftLastWriteTime.dwLowDateTime=0xd612f850, ftLastWriteTime.dwHighDateTime=0x1d82803, nFileSizeHigh=0x0, nFileSizeLow=0xd0eb, dwReserved0=0x0, dwReserved1=0x0, cFileName="rC_A9e_Y_besF1X.gif", cAlternateFileName="RC_A9E~1.GIF")) returned 1 [0226.260] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ecdf70, ftCreationTime.dwHighDateTime=0x1d82136, ftLastAccessTime.dwLowDateTime=0x7c3d37d0, ftLastAccessTime.dwHighDateTime=0x1d8286e, ftLastWriteTime.dwLowDateTime=0x7c3d37d0, ftLastWriteTime.dwHighDateTime=0x1d8286e, nFileSizeHigh=0x0, nFileSizeLow=0x8a9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="VxgH4lec2pnD.bmp", cAlternateFileName="VXGH4L~1.BMP")) returned 1 [0226.260] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0226.260] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0226.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0226.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0226.261] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png", lpFilePart=0x0) returned 0x45 [0226.261] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png", lpFilePart=0x0) returned 0x45 [0226.261] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png", dwFileAttributes=0x80) returned 1 [0226.261] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0226.261] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\3avuxb1b l_1g12oskh5.png"), fInfoLevelId=0x0, lpFileInformation=0x2577af0 | out: lpFileInformation=0x2577af0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x24db2380, ftCreationTime.dwHighDateTime=0x1d82675, ftLastAccessTime.dwLowDateTime=0x4b184840, ftLastAccessTime.dwHighDateTime=0x1d82998, ftLastWriteTime.dwLowDateTime=0x4b184840, ftLastWriteTime.dwHighDateTime=0x1d82998, nFileSizeHigh=0x0, nFileSizeLow=0x13962)) returned 1 [0226.261] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0226.261] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png", lpFilePart=0x0) returned 0x45 [0226.261] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0226.262] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\3avuxb1b l_1g12oskh5.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0226.262] GetFileType (hFile=0x1f4) returned 0x1 [0226.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0226.262] GetFileType (hFile=0x1f4) returned 0x1 [0226.262] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x13962 [0226.262] ReadFile (in: hFile=0x1f4, lpBuffer=0x2578018, nNumberOfBytesToRead=0x13962, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2578018*, lpNumberOfBytesRead=0x14ed68*=0x13962, lpOverlapped=0x0) returned 1 [0226.263] CloseHandle (hObject=0x1f4) returned 1 [0226.610] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png", lpFilePart=0x0) returned 0x45 [0226.611] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0226.611] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\3avuxb1b l_1g12oskh5.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0226.612] GetFileType (hFile=0x1f4) returned 0x1 [0226.612] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0226.612] GetFileType (hFile=0x1f4) returned 0x1 [0226.613] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.614] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.614] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.614] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.615] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.615] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.615] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.616] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.616] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.616] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.618] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.619] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.619] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.619] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.620] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.620] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.620] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.621] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.621] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.621] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.622] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.622] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.622] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.623] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.623] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.623] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0226.624] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b180*, nNumberOfBytesToWrite=0x2b4, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x254b180*, lpNumberOfBytesWritten=0x14ec28*=0x2b4, lpOverlapped=0x0) returned 1 [0226.624] CloseHandle (hObject=0x1f4) returned 1 [0226.628] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png", lpFilePart=0x0) returned 0x45 [0226.628] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png.ampkcz", lpFilePart=0x0) returned 0x4c [0226.628] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0226.628] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\3avuxb1b l_1g12oskh5.png"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24db2380, ftCreationTime.dwHighDateTime=0x1d82675, ftLastAccessTime.dwLowDateTime=0x4b184840, ftLastAccessTime.dwHighDateTime=0x1d82998, ftLastWriteTime.dwLowDateTime=0x757b4475, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a2b4)) returned 1 [0226.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0226.628] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\3avuxb1b l_1g12oskh5.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\3avUxb1B L_1g12oSkH5.png.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\3avuxb1b l_1g12oskh5.png.ampkcz")) returned 1 [0226.629] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\readme.txt", lpFilePart=0x0) returned 0x37 [0226.629] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0226.629] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0226.629] GetFileType (hFile=0x1f4) returned 0x1 [0226.629] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0226.629] GetFileType (hFile=0x1f4) returned 0x1 [0226.630] WriteFile (in: hFile=0x1f4, lpBuffer=0x254e430*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x254e430*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0226.631] CloseHandle (hObject=0x1f4) returned 1 [0226.632] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp", lpFilePart=0x0) returned 0x3d [0226.632] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp", lpFilePart=0x0) returned 0x3d [0226.632] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp", dwFileAttributes=0x80) returned 1 [0226.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0226.633] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\82esz7p-5diz.bmp"), fInfoLevelId=0x0, lpFileInformation=0x2550320 | out: lpFileInformation=0x2550320*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2b327000, ftCreationTime.dwHighDateTime=0x1d81ba1, ftLastAccessTime.dwLowDateTime=0xc5dc40b0, ftLastAccessTime.dwHighDateTime=0x1d82978, ftLastWriteTime.dwLowDateTime=0xc5dc40b0, ftLastWriteTime.dwHighDateTime=0x1d82978, nFileSizeHigh=0x0, nFileSizeLow=0x133af)) returned 1 [0226.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0226.633] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp", lpFilePart=0x0) returned 0x3d [0226.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0226.633] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\82esz7p-5diz.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0226.633] GetFileType (hFile=0x1f4) returned 0x1 [0226.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0226.633] GetFileType (hFile=0x1f4) returned 0x1 [0226.633] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x133af [0226.634] ReadFile (in: hFile=0x1f4, lpBuffer=0x25507f8, nNumberOfBytesToRead=0x133af, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25507f8*, lpNumberOfBytesRead=0x14ed68*=0x133af, lpOverlapped=0x0) returned 1 [0226.635] CloseHandle (hObject=0x1f4) returned 1 [0226.951] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp", lpFilePart=0x0) returned 0x3d [0226.951] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0226.951] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\82esz7p-5diz.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0226.956] GetFileType (hFile=0x1f4) returned 0x1 [0226.956] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0226.956] GetFileType (hFile=0x1f4) returned 0x1 [0226.956] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.958] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.958] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.959] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.959] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.959] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.960] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.960] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.960] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.961] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.961] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.961] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.962] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.962] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.963] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.963] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.963] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.963] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.964] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.964] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.965] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.965] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.965] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.966] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.966] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0226.966] WriteFile (in: hFile=0x1f4, lpBuffer=0x2616b58*, nNumberOfBytesToWrite=0xb08, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2616b58*, lpNumberOfBytesWritten=0x14ec28*=0xb08, lpOverlapped=0x0) returned 1 [0226.966] CloseHandle (hObject=0x1f4) returned 1 [0226.970] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp", lpFilePart=0x0) returned 0x3d [0226.970] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp.ampkcz", lpFilePart=0x0) returned 0x44 [0226.971] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0226.971] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\82esz7p-5diz.bmp"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b327000, ftCreationTime.dwHighDateTime=0x1d81ba1, ftLastAccessTime.dwLowDateTime=0xc5dc40b0, ftLastAccessTime.dwHighDateTime=0x1d82978, ftLastWriteTime.dwLowDateTime=0x75af9ed4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x19b08)) returned 1 [0226.971] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0226.971] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\82esz7p-5diz.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\82EsZ7p-5diz.bmp.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\82esz7p-5diz.bmp.ampkcz")) returned 1 [0226.972] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp", lpFilePart=0x0) returned 0x3e [0226.973] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp", lpFilePart=0x0) returned 0x3e [0226.973] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp", dwFileAttributes=0x80) returned 1 [0226.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0226.973] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\95xyozrwahuge.bmp"), fInfoLevelId=0x0, lpFileInformation=0x26184c8 | out: lpFileInformation=0x26184c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x65850f60, ftCreationTime.dwHighDateTime=0x1d824b1, ftLastAccessTime.dwLowDateTime=0x89158e10, ftLastAccessTime.dwHighDateTime=0x1d8258c, ftLastWriteTime.dwLowDateTime=0x89158e10, ftLastWriteTime.dwHighDateTime=0x1d8258c, nFileSizeHigh=0x0, nFileSizeLow=0x22a2)) returned 1 [0226.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0226.973] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp", lpFilePart=0x0) returned 0x3e [0226.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0226.973] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\95xyozrwahuge.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0226.974] GetFileType (hFile=0x1f4) returned 0x1 [0226.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0226.974] GetFileType (hFile=0x1f4) returned 0x1 [0226.974] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x22a2 [0226.974] ReadFile (in: hFile=0x1f4, lpBuffer=0x26189a0, nNumberOfBytesToRead=0x22a2, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x26189a0*, lpNumberOfBytesRead=0x14ed68*=0x22a2, lpOverlapped=0x0) returned 1 [0226.975] CloseHandle (hObject=0x1f4) returned 1 [0227.373] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp", lpFilePart=0x0) returned 0x3e [0227.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0227.373] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\95xyozrwahuge.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0227.375] GetFileType (hFile=0x1f4) returned 0x1 [0227.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0227.375] GetFileType (hFile=0x1f4) returned 0x1 [0227.375] WriteFile (in: hFile=0x1f4, lpBuffer=0x26aa928*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26aa928*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.377] WriteFile (in: hFile=0x1f4, lpBuffer=0x26aa928*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26aa928*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.377] WriteFile (in: hFile=0x1f4, lpBuffer=0x26aa928*, nNumberOfBytesToWrite=0xf08, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26aa928*, lpNumberOfBytesWritten=0x14ec28*=0xf08, lpOverlapped=0x0) returned 1 [0227.377] CloseHandle (hObject=0x1f4) returned 1 [0227.379] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp", lpFilePart=0x0) returned 0x3e [0227.379] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp.ampkcz", lpFilePart=0x0) returned 0x45 [0227.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0227.379] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\95xyozrwahuge.bmp"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65850f60, ftCreationTime.dwHighDateTime=0x1d824b1, ftLastAccessTime.dwLowDateTime=0x89158e10, ftLastAccessTime.dwHighDateTime=0x1d8258c, ftLastWriteTime.dwLowDateTime=0x75edf2de, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2f08)) returned 1 [0227.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0227.379] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\95xyozrwahuge.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\95XyOZRwahuGE.bmp.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\95xyozrwahuge.bmp.ampkcz")) returned 1 [0227.384] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif", lpFilePart=0x0) returned 0x39 [0227.384] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif", lpFilePart=0x0) returned 0x39 [0227.384] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif", dwFileAttributes=0x80) returned 1 [0227.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0227.384] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\pybrnums.gif"), fInfoLevelId=0x0, lpFileInformation=0x26ace48 | out: lpFileInformation=0x26ace48*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8a8d96b0, ftCreationTime.dwHighDateTime=0x1d8270e, ftLastAccessTime.dwLowDateTime=0x3cc53d10, ftLastAccessTime.dwHighDateTime=0x1d82791, ftLastWriteTime.dwLowDateTime=0x3cc53d10, ftLastWriteTime.dwHighDateTime=0x1d82791, nFileSizeHigh=0x0, nFileSizeLow=0x14dce)) returned 1 [0227.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0227.384] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif", lpFilePart=0x0) returned 0x39 [0227.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0227.384] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\pybrnums.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0227.385] GetFileType (hFile=0x1f4) returned 0x1 [0227.385] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0227.385] GetFileType (hFile=0x1f4) returned 0x1 [0227.385] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x14dce [0227.385] ReadFile (in: hFile=0x1f4, lpBuffer=0x12647128, nNumberOfBytesToRead=0x14dce, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x12647128*, lpNumberOfBytesRead=0x14ed68*=0x14dce, lpOverlapped=0x0) returned 1 [0227.387] CloseHandle (hObject=0x1f4) returned 1 [0227.951] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif", lpFilePart=0x0) returned 0x39 [0227.951] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0227.951] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\pybrnums.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0227.952] GetFileType (hFile=0x1f4) returned 0x1 [0227.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0227.952] GetFileType (hFile=0x1f4) returned 0x1 [0227.953] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.954] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.954] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.955] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.955] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.955] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.956] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.956] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.956] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.957] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.957] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.958] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.958] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.958] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.959] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.959] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.959] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.960] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.960] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.960] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.961] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.961] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.961] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.962] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.962] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.962] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.963] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0227.963] WriteFile (in: hFile=0x1f4, lpBuffer=0x2726748*, nNumberOfBytesToWrite=0xde0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2726748*, lpNumberOfBytesWritten=0x14ec28*=0xde0, lpOverlapped=0x0) returned 1 [0227.963] CloseHandle (hObject=0x1f4) returned 1 [0228.001] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif", lpFilePart=0x0) returned 0x39 [0228.001] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif.ampkcz", lpFilePart=0x0) returned 0x40 [0228.001] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0228.001] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\pybrnums.gif"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a8d96b0, ftCreationTime.dwHighDateTime=0x1d8270e, ftLastAccessTime.dwLowDateTime=0x3cc53d10, ftLastAccessTime.dwHighDateTime=0x1d82791, ftLastWriteTime.dwLowDateTime=0x764cc3c9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1bde0)) returned 1 [0228.001] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0228.001] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\pybrnums.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\pybRnums.gif.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\pybrnums.gif.ampkcz")) returned 1 [0228.004] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif", lpFilePart=0x0) returned 0x40 [0228.004] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif", lpFilePart=0x0) returned 0x40 [0228.004] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif", dwFileAttributes=0x80) returned 1 [0228.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0228.005] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\rc_a9e_y_besf1x.gif"), fInfoLevelId=0x0, lpFileInformation=0x2728c58 | out: lpFileInformation=0x2728c58*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7deb33b0, ftCreationTime.dwHighDateTime=0x1d821d0, ftLastAccessTime.dwLowDateTime=0xd612f850, ftLastAccessTime.dwHighDateTime=0x1d82803, ftLastWriteTime.dwLowDateTime=0xd612f850, ftLastWriteTime.dwHighDateTime=0x1d82803, nFileSizeHigh=0x0, nFileSizeLow=0xd0eb)) returned 1 [0228.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0228.005] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif", lpFilePart=0x0) returned 0x40 [0228.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0228.005] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\rc_a9e_y_besf1x.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0228.005] GetFileType (hFile=0x1f4) returned 0x1 [0228.006] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0228.006] GetFileType (hFile=0x1f4) returned 0x1 [0228.006] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xd0eb [0228.006] ReadFile (in: hFile=0x1f4, lpBuffer=0x2729148, nNumberOfBytesToRead=0xd0eb, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2729148*, lpNumberOfBytesRead=0x14ed68*=0xd0eb, lpOverlapped=0x0) returned 1 [0228.007] CloseHandle (hObject=0x1f4) returned 1 [0228.430] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif", lpFilePart=0x0) returned 0x40 [0228.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0228.430] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\rc_a9e_y_besf1x.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0228.436] GetFileType (hFile=0x1f4) returned 0x1 [0228.436] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0228.436] GetFileType (hFile=0x1f4) returned 0x1 [0228.436] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e1b30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e1b30*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.438] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e1b30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e1b30*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.438] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e1b30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e1b30*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.438] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e1b30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e1b30*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.439] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e1b30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e1b30*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.439] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e1b30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e1b30*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.439] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e1b30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e1b30*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.440] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e1b30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e1b30*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.440] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e1b30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e1b30*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.441] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e1b30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e1b30*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.441] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e1b30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e1b30*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.441] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e1b30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e1b30*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.441] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e1b30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e1b30*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.442] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e1b30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e1b30*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.442] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e1b30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e1b30*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.442] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e1b30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e1b30*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.443] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e1b30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25e1b30*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.443] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e1b30*, nNumberOfBytesToWrite=0x760, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25e1b30*, lpNumberOfBytesWritten=0x14ec28*=0x760, lpOverlapped=0x0) returned 1 [0228.443] CloseHandle (hObject=0x1f4) returned 1 [0228.447] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif", lpFilePart=0x0) returned 0x40 [0228.448] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif.ampkcz", lpFilePart=0x0) returned 0x47 [0228.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0228.448] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\rc_a9e_y_besf1x.gif"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7deb33b0, ftCreationTime.dwHighDateTime=0x1d821d0, ftLastAccessTime.dwLowDateTime=0xd612f850, ftLastAccessTime.dwHighDateTime=0x1d82803, ftLastWriteTime.dwLowDateTime=0x7690f80e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x11760)) returned 1 [0228.448] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0228.474] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\rc_a9e_y_besf1x.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\rC_A9e_Y_besF1X.gif.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\rc_a9e_y_besf1x.gif.ampkcz")) returned 1 [0228.476] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp", lpFilePart=0x0) returned 0x3d [0228.476] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp", lpFilePart=0x0) returned 0x3d [0228.476] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp", dwFileAttributes=0x80) returned 1 [0228.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0228.477] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\vxgh4lec2pnd.bmp"), fInfoLevelId=0x0, lpFileInformation=0x25e34a8 | out: lpFileInformation=0x25e34a8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5ecdf70, ftCreationTime.dwHighDateTime=0x1d82136, ftLastAccessTime.dwLowDateTime=0x7c3d37d0, ftLastAccessTime.dwHighDateTime=0x1d8286e, ftLastWriteTime.dwLowDateTime=0x7c3d37d0, ftLastWriteTime.dwHighDateTime=0x1d8286e, nFileSizeHigh=0x0, nFileSizeLow=0x8a9a)) returned 1 [0228.477] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0228.477] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp", lpFilePart=0x0) returned 0x3d [0228.477] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0228.477] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\vxgh4lec2pnd.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0228.477] GetFileType (hFile=0x1f4) returned 0x1 [0228.477] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0228.477] GetFileType (hFile=0x1f4) returned 0x1 [0228.477] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x8a9a [0228.478] ReadFile (in: hFile=0x1f4, lpBuffer=0x25e3980, nNumberOfBytesToRead=0x8a9a, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25e3980*, lpNumberOfBytesRead=0x14ed68*=0x8a9a, lpOverlapped=0x0) returned 1 [0228.479] CloseHandle (hObject=0x1f4) returned 1 [0228.826] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp", lpFilePart=0x0) returned 0x3d [0228.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0228.826] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\vxgh4lec2pnd.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0228.828] GetFileType (hFile=0x1f4) returned 0x1 [0228.828] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0228.828] GetFileType (hFile=0x1f4) returned 0x1 [0228.828] WriteFile (in: hFile=0x1f4, lpBuffer=0x2690dd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2690dd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.829] WriteFile (in: hFile=0x1f4, lpBuffer=0x2690dd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2690dd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.829] WriteFile (in: hFile=0x1f4, lpBuffer=0x2690dd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2690dd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.829] WriteFile (in: hFile=0x1f4, lpBuffer=0x2690dd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2690dd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.830] WriteFile (in: hFile=0x1f4, lpBuffer=0x2690dd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2690dd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.830] WriteFile (in: hFile=0x1f4, lpBuffer=0x2690dd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2690dd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.830] WriteFile (in: hFile=0x1f4, lpBuffer=0x2690dd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2690dd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.831] WriteFile (in: hFile=0x1f4, lpBuffer=0x2690dd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2690dd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.831] WriteFile (in: hFile=0x1f4, lpBuffer=0x2690dd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2690dd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.832] WriteFile (in: hFile=0x1f4, lpBuffer=0x2690dd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2690dd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.832] WriteFile (in: hFile=0x1f4, lpBuffer=0x2690dd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2690dd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0228.832] WriteFile (in: hFile=0x1f4, lpBuffer=0x2690dd8*, nNumberOfBytesToWrite=0x9a0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2690dd8*, lpNumberOfBytesWritten=0x14ec28*=0x9a0, lpOverlapped=0x0) returned 1 [0228.832] CloseHandle (hObject=0x1f4) returned 1 [0228.835] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp", lpFilePart=0x0) returned 0x3d [0228.835] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp.ampkcz", lpFilePart=0x0) returned 0x44 [0228.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0228.835] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\vxgh4lec2pnd.bmp"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ecdf70, ftCreationTime.dwHighDateTime=0x1d82136, ftLastAccessTime.dwLowDateTime=0x7c3d37d0, ftLastAccessTime.dwHighDateTime=0x1d8286e, ftLastWriteTime.dwLowDateTime=0x76cc2615, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xb9a0)) returned 1 [0228.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0228.836] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\vxgh4lec2pnd.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\VxgH4lec2pnD.bmp.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\2y3wsqsay8vuz\\vxgh4lec2pnd.bmp.ampkcz")) returned 1 [0228.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0228.837] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz", lpFilePart=0x0) returned 0x2c [0228.837] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\", lpFilePart=0x0) returned 0x2d [0228.837] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\2y3wsQSAY8Vuz\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x896518c0, ftCreationTime.dwHighDateTime=0x1d825fc, ftLastAccessTime.dwLowDateTime=0x76cc4cda, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x76cc4cda, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0228.837] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x896518c0, ftCreationTime.dwHighDateTime=0x1d825fc, ftLastAccessTime.dwLowDateTime=0x76cc4cda, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x76cc4cda, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.837] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24db2380, ftCreationTime.dwHighDateTime=0x1d82675, ftLastAccessTime.dwLowDateTime=0x4b184840, ftLastAccessTime.dwHighDateTime=0x1d82998, ftLastWriteTime.dwLowDateTime=0x757b4475, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a2b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="3avUxb1B L_1g12oSkH5.png.ampkcz", cAlternateFileName="3AVUXB~1.AMP")) returned 1 [0228.838] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b327000, ftCreationTime.dwHighDateTime=0x1d81ba1, ftLastAccessTime.dwLowDateTime=0xc5dc40b0, ftLastAccessTime.dwHighDateTime=0x1d82978, ftLastWriteTime.dwLowDateTime=0x75af9ed4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x19b08, dwReserved0=0x0, dwReserved1=0x0, cFileName="82EsZ7p-5diz.bmp.ampkcz", cAlternateFileName="82ESZ7~1.AMP")) returned 1 [0228.838] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x65850f60, ftCreationTime.dwHighDateTime=0x1d824b1, ftLastAccessTime.dwLowDateTime=0x89158e10, ftLastAccessTime.dwHighDateTime=0x1d8258c, ftLastWriteTime.dwLowDateTime=0x75edf2de, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2f08, dwReserved0=0x0, dwReserved1=0x0, cFileName="95XyOZRwahuGE.bmp.ampkcz", cAlternateFileName="95XYOZ~1.AMP")) returned 1 [0228.838] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8a8d96b0, ftCreationTime.dwHighDateTime=0x1d8270e, ftLastAccessTime.dwLowDateTime=0x3cc53d10, ftLastAccessTime.dwHighDateTime=0x1d82791, ftLastWriteTime.dwLowDateTime=0x764cc3c9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1bde0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pybRnums.gif.ampkcz", cAlternateFileName="PYBRNU~1.AMP")) returned 1 [0228.838] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7deb33b0, ftCreationTime.dwHighDateTime=0x1d821d0, ftLastAccessTime.dwLowDateTime=0xd612f850, ftLastAccessTime.dwHighDateTime=0x1d82803, ftLastWriteTime.dwLowDateTime=0x7690f80e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x11760, dwReserved0=0x0, dwReserved1=0x0, cFileName="rC_A9e_Y_besF1X.gif.ampkcz", cAlternateFileName="RC_A9E~1.AMP")) returned 1 [0228.838] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x757b8be7, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x757b8be7, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x757bdae5, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0228.838] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ecdf70, ftCreationTime.dwHighDateTime=0x1d82136, ftLastAccessTime.dwLowDateTime=0x7c3d37d0, ftLastAccessTime.dwHighDateTime=0x1d8286e, ftLastWriteTime.dwLowDateTime=0x76cc2615, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xb9a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VxgH4lec2pnD.bmp.ampkcz", cAlternateFileName="VXGH4L~1.AMP")) returned 1 [0228.839] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ecdf70, ftCreationTime.dwHighDateTime=0x1d82136, ftLastAccessTime.dwLowDateTime=0x7c3d37d0, ftLastAccessTime.dwHighDateTime=0x1d8286e, ftLastWriteTime.dwLowDateTime=0x76cc2615, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xb9a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VxgH4lec2pnD.bmp.ampkcz", cAlternateFileName="VXGH4L~1.AMP")) returned 0 [0228.839] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0228.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0228.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0228.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0228.839] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll", lpFilePart=0x0) returned 0x2a [0228.839] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\", lpFilePart=0x0) returned 0x2b [0228.839] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0228.841] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0228.841] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x2b10dbc5, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0228.841] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0228.841] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0228.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0228.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0228.846] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini", lpFilePart=0x0) returned 0x36 [0228.847] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini", lpFilePart=0x0) returned 0x36 [0228.847] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini", dwFileAttributes=0x80) returned 1 [0228.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0228.848] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x26954b0 | out: lpFileInformation=0x26954b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2b10dbc5, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b10dbc5, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0xbe)) returned 1 [0228.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0228.848] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini", lpFilePart=0x0) returned 0x36 [0228.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0228.848] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0228.848] GetFileType (hFile=0x1f4) returned 0x1 [0228.848] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0228.848] GetFileType (hFile=0x1f4) returned 0x1 [0228.848] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xbe [0228.848] ReadFile (in: hFile=0x1f4, lpBuffer=0x2695a10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2695a10*, lpNumberOfBytesRead=0x14ed68*=0xbe, lpOverlapped=0x0) returned 1 [0228.849] CloseHandle (hObject=0x1f4) returned 1 [0229.159] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini", lpFilePart=0x0) returned 0x36 [0229.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0229.160] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0229.161] GetFileType (hFile=0x1f4) returned 0x1 [0229.161] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0229.161] GetFileType (hFile=0x1f4) returned 0x1 [0229.161] WriteFile (in: hFile=0x1f4, lpBuffer=0x27106f0*, nNumberOfBytesToWrite=0x1c8, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x27106f0*, lpNumberOfBytesWritten=0x14ec28*=0x1c8, lpOverlapped=0x0) returned 1 [0229.162] CloseHandle (hObject=0x1f4) returned 1 [0229.163] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini", lpFilePart=0x0) returned 0x36 [0229.163] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini.ampkcz", lpFilePart=0x0) returned 0x3d [0229.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0229.163] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b10dbc5, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x76fe3c66, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1c8)) returned 1 [0229.164] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0229.164] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll\\desktop.ini"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\desktop.ini.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll\\desktop.ini.ampkcz")) returned 1 [0229.164] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\readme.txt", lpFilePart=0x0) returned 0x35 [0229.164] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0229.164] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\camera roll\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0229.165] GetFileType (hFile=0x1f4) returned 0x1 [0229.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0229.165] GetFileType (hFile=0x1f4) returned 0x1 [0229.166] WriteFile (in: hFile=0x1f4, lpBuffer=0x2713940*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x2713940*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0229.167] CloseHandle (hObject=0x1f4) returned 1 [0229.167] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0229.167] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll", lpFilePart=0x0) returned 0x2a [0229.167] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\", lpFilePart=0x0) returned 0x2b [0229.167] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Camera Roll\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x76fe4aa9, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x76fe71b8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0229.168] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b0e752d, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x76fe4aa9, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x76fe71b8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.168] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b10dbc5, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b10dbc5, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x76fe3c66, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0229.168] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76fe71b8, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x76fe71b8, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x76febfb8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0229.168] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x76fe71b8, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x76fe71b8, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x76febfb8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0229.168] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0229.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0229.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0229.168] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0229.169] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c", lpFilePart=0x0) returned 0x2a [0229.169] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\", lpFilePart=0x0) returned 0x2b [0229.169] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a6a8350, ftCreationTime.dwHighDateTime=0x1d820e4, ftLastAccessTime.dwLowDateTime=0x89bc26b0, ftLastAccessTime.dwHighDateTime=0x1d8289f, ftLastWriteTime.dwLowDateTime=0x89bc26b0, ftLastWriteTime.dwHighDateTime=0x1d8289f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0229.169] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a6a8350, ftCreationTime.dwHighDateTime=0x1d820e4, ftLastAccessTime.dwLowDateTime=0x89bc26b0, ftLastAccessTime.dwHighDateTime=0x1d8289f, ftLastWriteTime.dwLowDateTime=0x89bc26b0, ftLastWriteTime.dwHighDateTime=0x1d8289f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0229.169] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x389cfd50, ftCreationTime.dwHighDateTime=0x1d824b6, ftLastAccessTime.dwLowDateTime=0x73715d30, ftLastAccessTime.dwHighDateTime=0x1d8262e, ftLastWriteTime.dwLowDateTime=0x73715d30, ftLastWriteTime.dwHighDateTime=0x1d8262e, nFileSizeHigh=0x0, nFileSizeLow=0x12f01, dwReserved0=0x0, dwReserved1=0x0, cFileName="1vouFPcx5u2EPwdO.jpg", cAlternateFileName="1VOUFP~1.JPG")) returned 1 [0229.169] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf7b74d0, ftCreationTime.dwHighDateTime=0x1d81daa, ftLastAccessTime.dwLowDateTime=0x33863570, ftLastAccessTime.dwHighDateTime=0x1d82a0b, ftLastWriteTime.dwLowDateTime=0x33863570, ftLastWriteTime.dwHighDateTime=0x1d82a0b, nFileSizeHigh=0x0, nFileSizeLow=0x9e89, dwReserved0=0x0, dwReserved1=0x0, cFileName="E AOhji2.bmp", cAlternateFileName="EAOHJI~1.BMP")) returned 1 [0229.170] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e828290, ftCreationTime.dwHighDateTime=0x1d82620, ftLastAccessTime.dwLowDateTime=0xb6eb20f0, ftLastAccessTime.dwHighDateTime=0x1d82a07, ftLastWriteTime.dwLowDateTime=0xb6eb20f0, ftLastWriteTime.dwHighDateTime=0x1d82a07, nFileSizeHigh=0x0, nFileSizeLow=0x950e, dwReserved0=0x0, dwReserved1=0x0, cFileName="fqUC.bmp", cAlternateFileName="")) returned 1 [0229.170] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc8d150, ftCreationTime.dwHighDateTime=0x1d81d85, ftLastAccessTime.dwLowDateTime=0xd447f100, ftLastAccessTime.dwHighDateTime=0x1d8201b, ftLastWriteTime.dwLowDateTime=0xd447f100, ftLastWriteTime.dwHighDateTime=0x1d8201b, nFileSizeHigh=0x0, nFileSizeLow=0xb1bf, dwReserved0=0x0, dwReserved1=0x0, cFileName="kqG3aN.bmp", cAlternateFileName="")) returned 1 [0229.170] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9799ab0, ftCreationTime.dwHighDateTime=0x1d821a7, ftLastAccessTime.dwLowDateTime=0x64d65100, ftLastAccessTime.dwHighDateTime=0x1d8252e, ftLastWriteTime.dwLowDateTime=0x64d65100, ftLastWriteTime.dwHighDateTime=0x1d8252e, nFileSizeHigh=0x0, nFileSizeLow=0x2b07, dwReserved0=0x0, dwReserved1=0x0, cFileName="Q_Ekrnom6M-AaivdFcPZ.gif", cAlternateFileName="Q_EKRN~1.GIF")) returned 1 [0229.170] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa12a66c0, ftCreationTime.dwHighDateTime=0x1d81ec9, ftLastAccessTime.dwLowDateTime=0xd64b36f0, ftLastAccessTime.dwHighDateTime=0x1d826b1, ftLastWriteTime.dwLowDateTime=0xd64b36f0, ftLastWriteTime.dwHighDateTime=0x1d826b1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="slPu", cAlternateFileName="")) returned 1 [0229.170] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b6be700, ftCreationTime.dwHighDateTime=0x1d81e48, ftLastAccessTime.dwLowDateTime=0xeb24a070, ftLastAccessTime.dwHighDateTime=0x1d82751, ftLastWriteTime.dwLowDateTime=0xeb24a070, ftLastWriteTime.dwHighDateTime=0x1d82751, nFileSizeHigh=0x0, nFileSizeLow=0x12fad, dwReserved0=0x0, dwReserved1=0x0, cFileName="U4hfL3Yd9m.bmp", cAlternateFileName="U4HFL3~1.BMP")) returned 1 [0229.170] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a3ab70, ftCreationTime.dwHighDateTime=0x1d8259d, ftLastAccessTime.dwLowDateTime=0x3e7adb50, ftLastAccessTime.dwHighDateTime=0x1d8279c, ftLastWriteTime.dwLowDateTime=0x3e7adb50, ftLastWriteTime.dwHighDateTime=0x1d8279c, nFileSizeHigh=0x0, nFileSizeLow=0xf333, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZIvJ2tjP.gif", cAlternateFileName="")) returned 1 [0229.170] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0229.171] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0229.171] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0229.171] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0229.171] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg", lpFilePart=0x0) returned 0x3f [0229.171] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg", lpFilePart=0x0) returned 0x3f [0229.171] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg", dwFileAttributes=0x80) returned 1 [0229.175] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0229.175] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\1voufpcx5u2epwdo.jpg"), fInfoLevelId=0x0, lpFileInformation=0x2717b68 | out: lpFileInformation=0x2717b68*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x389cfd50, ftCreationTime.dwHighDateTime=0x1d824b6, ftLastAccessTime.dwLowDateTime=0x73715d30, ftLastAccessTime.dwHighDateTime=0x1d8262e, ftLastWriteTime.dwLowDateTime=0x73715d30, ftLastWriteTime.dwHighDateTime=0x1d8262e, nFileSizeHigh=0x0, nFileSizeLow=0x12f01)) returned 1 [0229.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0229.175] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg", lpFilePart=0x0) returned 0x3f [0229.175] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0229.175] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\1voufpcx5u2epwdo.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0229.175] GetFileType (hFile=0x1f4) returned 0x1 [0229.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0229.175] GetFileType (hFile=0x1f4) returned 0x1 [0229.175] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x12f01 [0229.175] ReadFile (in: hFile=0x1f4, lpBuffer=0x2718050, nNumberOfBytesToRead=0x12f01, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2718050*, lpNumberOfBytesRead=0x14ed68*=0x12f01, lpOverlapped=0x0) returned 1 [0229.177] CloseHandle (hObject=0x1f4) returned 1 [0229.618] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg", lpFilePart=0x0) returned 0x3f [0229.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0229.618] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\1voufpcx5u2epwdo.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0229.620] GetFileType (hFile=0x1f4) returned 0x1 [0229.620] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0229.620] GetFileType (hFile=0x1f4) returned 0x1 [0229.620] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.621] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.622] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.622] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.622] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.623] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.623] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.623] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.624] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.624] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.624] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.625] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.625] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.626] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.626] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.626] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.626] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.627] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.627] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.627] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.628] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.628] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.628] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.629] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.629] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.629] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef6b8*, nNumberOfBytesToWrite=0x4e0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25ef6b8*, lpNumberOfBytesWritten=0x14ec28*=0x4e0, lpOverlapped=0x0) returned 1 [0229.629] CloseHandle (hObject=0x1f4) returned 1 [0229.632] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg", lpFilePart=0x0) returned 0x3f [0229.633] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg.ampkcz", lpFilePart=0x0) returned 0x46 [0229.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0229.633] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\1voufpcx5u2epwdo.jpg"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x389cfd50, ftCreationTime.dwHighDateTime=0x1d824b6, ftLastAccessTime.dwLowDateTime=0x73715d30, ftLastAccessTime.dwHighDateTime=0x1d8262e, ftLastWriteTime.dwLowDateTime=0x7744d04c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x194e0)) returned 1 [0229.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0229.633] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\1voufpcx5u2epwdo.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\1vouFPcx5u2EPwdO.jpg.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\1voufpcx5u2epwdo.jpg.ampkcz")) returned 1 [0229.633] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\readme.txt", lpFilePart=0x0) returned 0x35 [0229.634] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0229.634] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0229.635] GetFileType (hFile=0x1f4) returned 0x1 [0229.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0229.635] GetFileType (hFile=0x1f4) returned 0x1 [0229.636] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f2938*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x25f2938*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0229.637] CloseHandle (hObject=0x1f4) returned 1 [0229.641] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp", lpFilePart=0x0) returned 0x37 [0229.641] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp", lpFilePart=0x0) returned 0x37 [0229.641] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp", dwFileAttributes=0x80) returned 1 [0229.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0229.641] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\e aohji2.bmp"), fInfoLevelId=0x0, lpFileInformation=0x25f4820 | out: lpFileInformation=0x25f4820*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcf7b74d0, ftCreationTime.dwHighDateTime=0x1d81daa, ftLastAccessTime.dwLowDateTime=0x33863570, ftLastAccessTime.dwHighDateTime=0x1d82a0b, ftLastWriteTime.dwLowDateTime=0x33863570, ftLastWriteTime.dwHighDateTime=0x1d82a0b, nFileSizeHigh=0x0, nFileSizeLow=0x9e89)) returned 1 [0229.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0229.641] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp", lpFilePart=0x0) returned 0x37 [0229.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0229.642] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\e aohji2.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0229.642] GetFileType (hFile=0x1f4) returned 0x1 [0229.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0229.642] GetFileType (hFile=0x1f4) returned 0x1 [0229.642] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x9e89 [0229.642] ReadFile (in: hFile=0x1f4, lpBuffer=0x25f4cb8, nNumberOfBytesToRead=0x9e89, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25f4cb8*, lpNumberOfBytesRead=0x14ed68*=0x9e89, lpOverlapped=0x0) returned 1 [0229.643] CloseHandle (hObject=0x1f4) returned 1 [0229.989] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp", lpFilePart=0x0) returned 0x37 [0229.989] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0229.990] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\e aohji2.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0229.992] GetFileType (hFile=0x1f4) returned 0x1 [0229.992] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0229.992] GetFileType (hFile=0x1f4) returned 0x1 [0229.992] WriteFile (in: hFile=0x1f4, lpBuffer=0x252bbd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x252bbd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.994] WriteFile (in: hFile=0x1f4, lpBuffer=0x252bbd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x252bbd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.994] WriteFile (in: hFile=0x1f4, lpBuffer=0x252bbd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x252bbd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.994] WriteFile (in: hFile=0x1f4, lpBuffer=0x252bbd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x252bbd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.995] WriteFile (in: hFile=0x1f4, lpBuffer=0x252bbd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x252bbd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.995] WriteFile (in: hFile=0x1f4, lpBuffer=0x252bbd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x252bbd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.995] WriteFile (in: hFile=0x1f4, lpBuffer=0x252bbd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x252bbd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.996] WriteFile (in: hFile=0x1f4, lpBuffer=0x252bbd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x252bbd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.996] WriteFile (in: hFile=0x1f4, lpBuffer=0x252bbd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x252bbd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0229.996] WriteFile (in: hFile=0x1f4, lpBuffer=0x252bbd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x252bbd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.001] WriteFile (in: hFile=0x1f4, lpBuffer=0x252bbd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x252bbd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.001] WriteFile (in: hFile=0x1f4, lpBuffer=0x252bbd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x252bbd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.002] WriteFile (in: hFile=0x1f4, lpBuffer=0x252bbd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x252bbd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.002] WriteFile (in: hFile=0x1f4, lpBuffer=0x252bbd0*, nNumberOfBytesToWrite=0x434, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x252bbd0*, lpNumberOfBytesWritten=0x14ec28*=0x434, lpOverlapped=0x0) returned 1 [0230.002] CloseHandle (hObject=0x1f4) returned 1 [0230.005] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp", lpFilePart=0x0) returned 0x37 [0230.005] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp.ampkcz", lpFilePart=0x0) returned 0x3e [0230.005] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0230.005] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\e aohji2.bmp"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf7b74d0, ftCreationTime.dwHighDateTime=0x1d81daa, ftLastAccessTime.dwLowDateTime=0x33863570, ftLastAccessTime.dwHighDateTime=0x1d82a0b, ftLastWriteTime.dwLowDateTime=0x777ea529, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd434)) returned 1 [0230.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0230.005] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\e aohji2.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\E AOhji2.bmp.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\e aohji2.bmp.ampkcz")) returned 1 [0230.007] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp", lpFilePart=0x0) returned 0x33 [0230.008] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp", lpFilePart=0x0) returned 0x33 [0230.008] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp", dwFileAttributes=0x80) returned 1 [0230.008] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0230.008] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\fquc.bmp"), fInfoLevelId=0x0, lpFileInformation=0x252d500 | out: lpFileInformation=0x252d500*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5e828290, ftCreationTime.dwHighDateTime=0x1d82620, ftLastAccessTime.dwLowDateTime=0xb6eb20f0, ftLastAccessTime.dwHighDateTime=0x1d82a07, ftLastWriteTime.dwLowDateTime=0xb6eb20f0, ftLastWriteTime.dwHighDateTime=0x1d82a07, nFileSizeHigh=0x0, nFileSizeLow=0x950e)) returned 1 [0230.008] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0230.008] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp", lpFilePart=0x0) returned 0x33 [0230.008] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0230.008] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\fquc.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0230.009] GetFileType (hFile=0x1f4) returned 0x1 [0230.009] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0230.009] GetFileType (hFile=0x1f4) returned 0x1 [0230.009] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x950e [0230.009] ReadFile (in: hFile=0x1f4, lpBuffer=0x252d970, nNumberOfBytesToRead=0x950e, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x252d970*, lpNumberOfBytesRead=0x14ed68*=0x950e, lpOverlapped=0x0) returned 1 [0230.010] CloseHandle (hObject=0x1f4) returned 1 [0230.361] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp", lpFilePart=0x0) returned 0x33 [0230.361] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0230.361] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\fquc.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0230.363] GetFileType (hFile=0x1f4) returned 0x1 [0230.363] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0230.363] GetFileType (hFile=0x1f4) returned 0x1 [0230.363] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dec40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dec40*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.364] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dec40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dec40*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.364] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dec40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dec40*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.365] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dec40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dec40*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.365] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dec40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dec40*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.366] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dec40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dec40*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.366] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dec40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dec40*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.366] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dec40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dec40*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.367] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dec40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dec40*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.367] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dec40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dec40*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.367] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dec40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dec40*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.368] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dec40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dec40*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.368] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dec40*, nNumberOfBytesToWrite=0x788, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25dec40*, lpNumberOfBytesWritten=0x14ec28*=0x788, lpOverlapped=0x0) returned 1 [0230.368] CloseHandle (hObject=0x1f4) returned 1 [0230.371] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp", lpFilePart=0x0) returned 0x33 [0230.371] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp.ampkcz", lpFilePart=0x0) returned 0x3a [0230.371] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0230.371] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\fquc.bmp"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e828290, ftCreationTime.dwHighDateTime=0x1d82620, ftLastAccessTime.dwLowDateTime=0xb6eb20f0, ftLastAccessTime.dwHighDateTime=0x1d82a07, ftLastWriteTime.dwLowDateTime=0x77b67117, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc788)) returned 1 [0230.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0230.371] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\fquc.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\fqUC.bmp.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\fquc.bmp.ampkcz")) returned 1 [0230.372] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp", lpFilePart=0x0) returned 0x35 [0230.372] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp", lpFilePart=0x0) returned 0x35 [0230.373] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp", dwFileAttributes=0x80) returned 1 [0230.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0230.373] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\kqg3an.bmp"), fInfoLevelId=0x0, lpFileInformation=0x25e0558 | out: lpFileInformation=0x25e0558*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcfc8d150, ftCreationTime.dwHighDateTime=0x1d81d85, ftLastAccessTime.dwLowDateTime=0xd447f100, ftLastAccessTime.dwHighDateTime=0x1d8201b, ftLastWriteTime.dwLowDateTime=0xd447f100, ftLastWriteTime.dwHighDateTime=0x1d8201b, nFileSizeHigh=0x0, nFileSizeLow=0xb1bf)) returned 1 [0230.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0230.373] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp", lpFilePart=0x0) returned 0x35 [0230.373] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0230.373] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\kqg3an.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0230.373] GetFileType (hFile=0x1f4) returned 0x1 [0230.373] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0230.373] GetFileType (hFile=0x1f4) returned 0x1 [0230.373] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xb1bf [0230.373] ReadFile (in: hFile=0x1f4, lpBuffer=0x25e09e0, nNumberOfBytesToRead=0xb1bf, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25e09e0*, lpNumberOfBytesRead=0x14ed68*=0xb1bf, lpOverlapped=0x0) returned 1 [0230.375] CloseHandle (hObject=0x1f4) returned 1 [0230.728] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp", lpFilePart=0x0) returned 0x35 [0230.728] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0230.728] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\kqg3an.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0230.750] GetFileType (hFile=0x1f4) returned 0x1 [0230.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0230.750] GetFileType (hFile=0x1f4) returned 0x1 [0230.751] WriteFile (in: hFile=0x1f4, lpBuffer=0x2686560*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2686560*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.752] WriteFile (in: hFile=0x1f4, lpBuffer=0x2686560*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2686560*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.752] WriteFile (in: hFile=0x1f4, lpBuffer=0x2686560*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2686560*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.752] WriteFile (in: hFile=0x1f4, lpBuffer=0x2686560*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2686560*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.753] WriteFile (in: hFile=0x1f4, lpBuffer=0x2686560*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2686560*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.753] WriteFile (in: hFile=0x1f4, lpBuffer=0x2686560*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2686560*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.754] WriteFile (in: hFile=0x1f4, lpBuffer=0x2686560*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2686560*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.754] WriteFile (in: hFile=0x1f4, lpBuffer=0x2686560*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2686560*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.754] WriteFile (in: hFile=0x1f4, lpBuffer=0x2686560*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2686560*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.755] WriteFile (in: hFile=0x1f4, lpBuffer=0x2686560*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2686560*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.755] WriteFile (in: hFile=0x1f4, lpBuffer=0x2686560*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2686560*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.756] WriteFile (in: hFile=0x1f4, lpBuffer=0x2686560*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2686560*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.757] WriteFile (in: hFile=0x1f4, lpBuffer=0x2686560*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2686560*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.757] WriteFile (in: hFile=0x1f4, lpBuffer=0x2686560*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2686560*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0230.758] WriteFile (in: hFile=0x1f4, lpBuffer=0x2686560*, nNumberOfBytesToWrite=0xdc8, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2686560*, lpNumberOfBytesWritten=0x14ec28*=0xdc8, lpOverlapped=0x0) returned 1 [0230.758] CloseHandle (hObject=0x1f4) returned 1 [0230.761] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp", lpFilePart=0x0) returned 0x35 [0230.761] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp.ampkcz", lpFilePart=0x0) returned 0x3c [0230.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0230.761] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\kqg3an.bmp"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc8d150, ftCreationTime.dwHighDateTime=0x1d81d85, ftLastAccessTime.dwLowDateTime=0xd447f100, ftLastAccessTime.dwHighDateTime=0x1d8201b, ftLastWriteTime.dwLowDateTime=0x77f1f39c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xedc8)) returned 1 [0230.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0230.761] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\kqg3an.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\kqG3aN.bmp.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\kqg3an.bmp.ampkcz")) returned 1 [0230.765] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif", lpFilePart=0x0) returned 0x43 [0230.765] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif", lpFilePart=0x0) returned 0x43 [0230.765] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif", dwFileAttributes=0x80) returned 1 [0230.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0230.767] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\q_ekrnom6m-aaivdfcpz.gif"), fInfoLevelId=0x0, lpFileInformation=0x2688a68 | out: lpFileInformation=0x2688a68*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd9799ab0, ftCreationTime.dwHighDateTime=0x1d821a7, ftLastAccessTime.dwLowDateTime=0x64d65100, ftLastAccessTime.dwHighDateTime=0x1d8252e, ftLastWriteTime.dwLowDateTime=0x64d65100, ftLastWriteTime.dwHighDateTime=0x1d8252e, nFileSizeHigh=0x0, nFileSizeLow=0x2b07)) returned 1 [0230.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0230.767] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif", lpFilePart=0x0) returned 0x43 [0230.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0230.768] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\q_ekrnom6m-aaivdfcpz.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0230.768] GetFileType (hFile=0x1f4) returned 0x1 [0230.768] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0230.768] GetFileType (hFile=0x1f4) returned 0x1 [0230.768] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x2b07 [0230.768] ReadFile (in: hFile=0x1f4, lpBuffer=0x2688f78, nNumberOfBytesToRead=0x2b07, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2688f78*, lpNumberOfBytesRead=0x14ed68*=0x2b07, lpOverlapped=0x0) returned 1 [0230.769] CloseHandle (hObject=0x1f4) returned 1 [0231.182] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif", lpFilePart=0x0) returned 0x43 [0231.182] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0231.183] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\q_ekrnom6m-aaivdfcpz.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0231.185] GetFileType (hFile=0x1f4) returned 0x1 [0231.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0231.185] GetFileType (hFile=0x1f4) returned 0x1 [0231.185] WriteFile (in: hFile=0x1f4, lpBuffer=0x2720e08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2720e08*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.186] WriteFile (in: hFile=0x1f4, lpBuffer=0x2720e08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2720e08*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.193] WriteFile (in: hFile=0x1f4, lpBuffer=0x2720e08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2720e08*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.193] WriteFile (in: hFile=0x1f4, lpBuffer=0x2720e08*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2720e08*, lpNumberOfBytesWritten=0x14ec28*=0xa34, lpOverlapped=0x0) returned 1 [0231.193] CloseHandle (hObject=0x1f4) returned 1 [0231.196] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif", lpFilePart=0x0) returned 0x43 [0231.196] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif.ampkcz", lpFilePart=0x0) returned 0x4a [0231.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0231.196] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\q_ekrnom6m-aaivdfcpz.gif"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9799ab0, ftCreationTime.dwHighDateTime=0x1d821a7, ftLastAccessTime.dwLowDateTime=0x64d65100, ftLastAccessTime.dwHighDateTime=0x1d8252e, ftLastWriteTime.dwLowDateTime=0x78344ca8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x3a34)) returned 1 [0231.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0231.196] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\q_ekrnom6m-aaivdfcpz.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\Q_Ekrnom6M-AaivdFcPZ.gif.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\q_ekrnom6m-aaivdfcpz.gif.ampkcz")) returned 1 [0231.197] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp", lpFilePart=0x0) returned 0x39 [0231.197] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp", lpFilePart=0x0) returned 0x39 [0231.197] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp", dwFileAttributes=0x80) returned 1 [0231.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0231.198] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\u4hfl3yd9m.bmp"), fInfoLevelId=0x0, lpFileInformation=0x2722788 | out: lpFileInformation=0x2722788*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2b6be700, ftCreationTime.dwHighDateTime=0x1d81e48, ftLastAccessTime.dwLowDateTime=0xeb24a070, ftLastAccessTime.dwHighDateTime=0x1d82751, ftLastWriteTime.dwLowDateTime=0xeb24a070, ftLastWriteTime.dwHighDateTime=0x1d82751, nFileSizeHigh=0x0, nFileSizeLow=0x12fad)) returned 1 [0231.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0231.198] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp", lpFilePart=0x0) returned 0x39 [0231.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0231.198] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\u4hfl3yd9m.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0231.198] GetFileType (hFile=0x1f4) returned 0x1 [0231.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0231.198] GetFileType (hFile=0x1f4) returned 0x1 [0231.198] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x12fad [0231.199] ReadFile (in: hFile=0x1f4, lpBuffer=0x2722c38, nNumberOfBytesToRead=0x12fad, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2722c38*, lpNumberOfBytesRead=0x14ed68*=0x12fad, lpOverlapped=0x0) returned 1 [0231.200] CloseHandle (hObject=0x1f4) returned 1 [0231.568] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp", lpFilePart=0x0) returned 0x39 [0231.568] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0231.568] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\u4hfl3yd9m.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0231.570] GetFileType (hFile=0x1f4) returned 0x1 [0231.570] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0231.570] GetFileType (hFile=0x1f4) returned 0x1 [0231.570] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.571] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.571] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.572] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.572] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.572] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.573] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.573] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.574] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.574] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.574] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.575] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.575] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.575] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.576] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.576] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.576] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.577] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.577] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.577] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.578] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.578] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.579] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.579] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.579] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.580] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ef4a8*, nNumberOfBytesToWrite=0x5b4, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25ef4a8*, lpNumberOfBytesWritten=0x14ec28*=0x5b4, lpOverlapped=0x0) returned 1 [0231.580] CloseHandle (hObject=0x1f4) returned 1 [0231.584] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp", lpFilePart=0x0) returned 0x39 [0231.584] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp.ampkcz", lpFilePart=0x0) returned 0x40 [0231.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0231.584] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\u4hfl3yd9m.bmp"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b6be700, ftCreationTime.dwHighDateTime=0x1d81e48, ftLastAccessTime.dwLowDateTime=0xeb24a070, ftLastAccessTime.dwHighDateTime=0x1d82751, ftLastWriteTime.dwLowDateTime=0x786f8851, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x195b4)) returned 1 [0231.584] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0231.584] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\u4hfl3yd9m.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\U4hfL3Yd9m.bmp.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\u4hfl3yd9m.bmp.ampkcz")) returned 1 [0231.595] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif", lpFilePart=0x0) returned 0x37 [0231.595] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif", lpFilePart=0x0) returned 0x37 [0231.595] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif", dwFileAttributes=0x80) returned 1 [0231.595] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0231.595] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\zivj2tjp.gif"), fInfoLevelId=0x0, lpFileInformation=0x25f19b0 | out: lpFileInformation=0x25f19b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0a3ab70, ftCreationTime.dwHighDateTime=0x1d8259d, ftLastAccessTime.dwLowDateTime=0x3e7adb50, ftLastAccessTime.dwHighDateTime=0x1d8279c, ftLastWriteTime.dwLowDateTime=0x3e7adb50, ftLastWriteTime.dwHighDateTime=0x1d8279c, nFileSizeHigh=0x0, nFileSizeLow=0xf333)) returned 1 [0231.595] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0231.595] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif", lpFilePart=0x0) returned 0x37 [0231.595] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0231.596] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\zivj2tjp.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0231.596] GetFileType (hFile=0x1f4) returned 0x1 [0231.596] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0231.596] GetFileType (hFile=0x1f4) returned 0x1 [0231.596] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xf333 [0231.596] ReadFile (in: hFile=0x1f4, lpBuffer=0x25f1e48, nNumberOfBytesToRead=0xf333, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25f1e48*, lpNumberOfBytesRead=0x14ed68*=0xf333, lpOverlapped=0x0) returned 1 [0231.598] CloseHandle (hObject=0x1f4) returned 1 [0231.913] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif", lpFilePart=0x0) returned 0x37 [0231.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0231.913] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\zivj2tjp.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0231.914] GetFileType (hFile=0x1f4) returned 0x1 [0231.914] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0231.914] GetFileType (hFile=0x1f4) returned 0x1 [0231.915] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.915] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.916] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.916] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.916] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.917] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.919] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.920] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.920] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.921] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.921] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.921] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.922] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.922] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.922] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.922] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.923] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.923] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.923] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.924] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0231.924] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a7fd0*, nNumberOfBytesToWrite=0x520, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26a7fd0*, lpNumberOfBytesWritten=0x14ec28*=0x520, lpOverlapped=0x0) returned 1 [0231.924] CloseHandle (hObject=0x1f4) returned 1 [0231.928] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif", lpFilePart=0x0) returned 0x37 [0231.928] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif.ampkcz", lpFilePart=0x0) returned 0x3e [0231.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0231.928] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\zivj2tjp.gif"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a3ab70, ftCreationTime.dwHighDateTime=0x1d8259d, ftLastAccessTime.dwLowDateTime=0x3e7adb50, ftLastAccessTime.dwHighDateTime=0x1d8279c, ftLastWriteTime.dwLowDateTime=0x78a409f0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x14520)) returned 1 [0231.928] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0231.928] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\zivj2tjp.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\ZIvJ2tjP.gif.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\zivj2tjp.gif.ampkcz")) returned 1 [0231.929] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0231.929] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c", lpFilePart=0x0) returned 0x2a [0231.929] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\", lpFilePart=0x0) returned 0x2b [0231.929] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a6a8350, ftCreationTime.dwHighDateTime=0x1d820e4, ftLastAccessTime.dwLowDateTime=0x78a42eff, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x78a42eff, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0231.930] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a6a8350, ftCreationTime.dwHighDateTime=0x1d820e4, ftLastAccessTime.dwLowDateTime=0x78a42eff, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x78a42eff, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0231.930] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x389cfd50, ftCreationTime.dwHighDateTime=0x1d824b6, ftLastAccessTime.dwLowDateTime=0x73715d30, ftLastAccessTime.dwHighDateTime=0x1d8262e, ftLastWriteTime.dwLowDateTime=0x7744d04c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x194e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1vouFPcx5u2EPwdO.jpg.ampkcz", cAlternateFileName="1VOUFP~1.AMP")) returned 1 [0231.930] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcf7b74d0, ftCreationTime.dwHighDateTime=0x1d81daa, ftLastAccessTime.dwLowDateTime=0x33863570, ftLastAccessTime.dwHighDateTime=0x1d82a0b, ftLastWriteTime.dwLowDateTime=0x777ea529, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd434, dwReserved0=0x0, dwReserved1=0x0, cFileName="E AOhji2.bmp.ampkcz", cAlternateFileName="EAOHJI~1.AMP")) returned 1 [0231.930] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5e828290, ftCreationTime.dwHighDateTime=0x1d82620, ftLastAccessTime.dwLowDateTime=0xb6eb20f0, ftLastAccessTime.dwHighDateTime=0x1d82a07, ftLastWriteTime.dwLowDateTime=0x77b67117, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc788, dwReserved0=0x0, dwReserved1=0x0, cFileName="fqUC.bmp.ampkcz", cAlternateFileName="FQUCBM~1.AMP")) returned 1 [0231.931] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcfc8d150, ftCreationTime.dwHighDateTime=0x1d81d85, ftLastAccessTime.dwLowDateTime=0xd447f100, ftLastAccessTime.dwHighDateTime=0x1d8201b, ftLastWriteTime.dwLowDateTime=0x77f1f39c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xedc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="kqG3aN.bmp.ampkcz", cAlternateFileName="KQG3AN~1.AMP")) returned 1 [0231.931] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9799ab0, ftCreationTime.dwHighDateTime=0x1d821a7, ftLastAccessTime.dwLowDateTime=0x64d65100, ftLastAccessTime.dwHighDateTime=0x1d8252e, ftLastWriteTime.dwLowDateTime=0x78344ca8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x3a34, dwReserved0=0x0, dwReserved1=0x0, cFileName="Q_Ekrnom6M-AaivdFcPZ.gif.ampkcz", cAlternateFileName="Q_EKRN~1.AMP")) returned 1 [0231.931] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7744d04c, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x7744d04c, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x774691c1, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0231.931] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa12a66c0, ftCreationTime.dwHighDateTime=0x1d81ec9, ftLastAccessTime.dwLowDateTime=0xd64b36f0, ftLastAccessTime.dwHighDateTime=0x1d826b1, ftLastWriteTime.dwLowDateTime=0xd64b36f0, ftLastWriteTime.dwHighDateTime=0x1d826b1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="slPu", cAlternateFileName="")) returned 1 [0231.931] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b6be700, ftCreationTime.dwHighDateTime=0x1d81e48, ftLastAccessTime.dwLowDateTime=0xeb24a070, ftLastAccessTime.dwHighDateTime=0x1d82751, ftLastWriteTime.dwLowDateTime=0x786f8851, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x195b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="U4hfL3Yd9m.bmp.ampkcz", cAlternateFileName="U4HFL3~1.AMP")) returned 1 [0231.931] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a3ab70, ftCreationTime.dwHighDateTime=0x1d8259d, ftLastAccessTime.dwLowDateTime=0x3e7adb50, ftLastAccessTime.dwHighDateTime=0x1d8279c, ftLastWriteTime.dwLowDateTime=0x78a409f0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x14520, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZIvJ2tjP.gif.ampkcz", cAlternateFileName="ZIVJ2T~1.AMP")) returned 1 [0231.932] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0a3ab70, ftCreationTime.dwHighDateTime=0x1d8259d, ftLastAccessTime.dwLowDateTime=0x3e7adb50, ftLastAccessTime.dwHighDateTime=0x1d8279c, ftLastWriteTime.dwLowDateTime=0x78a409f0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x14520, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZIvJ2tjP.gif.ampkcz", cAlternateFileName="ZIVJ2T~1.AMP")) returned 0 [0231.932] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0231.932] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0231.932] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0231.932] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0231.932] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu", lpFilePart=0x0) returned 0x2f [0231.932] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\", lpFilePart=0x0) returned 0x30 [0231.932] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa12a66c0, ftCreationTime.dwHighDateTime=0x1d81ec9, ftLastAccessTime.dwLowDateTime=0xd64b36f0, ftLastAccessTime.dwHighDateTime=0x1d826b1, ftLastWriteTime.dwLowDateTime=0xd64b36f0, ftLastWriteTime.dwHighDateTime=0x1d826b1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0231.933] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa12a66c0, ftCreationTime.dwHighDateTime=0x1d81ec9, ftLastAccessTime.dwLowDateTime=0xd64b36f0, ftLastAccessTime.dwHighDateTime=0x1d826b1, ftLastWriteTime.dwLowDateTime=0xd64b36f0, ftLastWriteTime.dwHighDateTime=0x1d826b1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0231.933] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f967dd0, ftCreationTime.dwHighDateTime=0x1d828a9, ftLastAccessTime.dwLowDateTime=0x28369730, ftLastAccessTime.dwHighDateTime=0x1d8296d, ftLastWriteTime.dwLowDateTime=0x28369730, ftLastWriteTime.dwHighDateTime=0x1d8296d, nFileSizeHigh=0x0, nFileSizeLow=0xc86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Asuu1.gif", cAlternateFileName="")) returned 1 [0231.933] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b9451c0, ftCreationTime.dwHighDateTime=0x1d825d0, ftLastAccessTime.dwLowDateTime=0xa5fa53d0, ftLastAccessTime.dwHighDateTime=0x1d82668, ftLastWriteTime.dwLowDateTime=0xa5fa53d0, ftLastWriteTime.dwHighDateTime=0x1d82668, nFileSizeHigh=0x0, nFileSizeLow=0x155d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="c5qjp_9.png", cAlternateFileName="")) returned 1 [0231.933] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1f76160, ftCreationTime.dwHighDateTime=0x1d81fb9, ftLastAccessTime.dwLowDateTime=0xd7400930, ftLastAccessTime.dwHighDateTime=0x1d825eb, ftLastWriteTime.dwLowDateTime=0xd7400930, ftLastWriteTime.dwHighDateTime=0x1d825eb, nFileSizeHigh=0x0, nFileSizeLow=0x12d4f, dwReserved0=0x0, dwReserved1=0x0, cFileName="i_HjOI0Pvfw-v.jpg", cAlternateFileName="I_HJOI~1.JPG")) returned 1 [0231.933] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x534ef2d0, ftCreationTime.dwHighDateTime=0x1d82348, ftLastAccessTime.dwLowDateTime=0xde844f60, ftLastAccessTime.dwHighDateTime=0x1d826ec, ftLastWriteTime.dwLowDateTime=0xde844f60, ftLastWriteTime.dwHighDateTime=0x1d826ec, nFileSizeHigh=0x0, nFileSizeLow=0x274b, dwReserved0=0x0, dwReserved1=0x0, cFileName="JGhfvZ7zWuY0.bmp", cAlternateFileName="JGHFVZ~1.BMP")) returned 1 [0231.933] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x266ef490, ftCreationTime.dwHighDateTime=0x1d81d4e, ftLastAccessTime.dwLowDateTime=0x751cab40, ftLastAccessTime.dwHighDateTime=0x1d81fe3, ftLastWriteTime.dwLowDateTime=0x751cab40, ftLastWriteTime.dwHighDateTime=0x1d81fe3, nFileSizeHigh=0x0, nFileSizeLow=0x183ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="NbFcv7r.png", cAlternateFileName="")) returned 1 [0231.934] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x734ff5b0, ftCreationTime.dwHighDateTime=0x1d82632, ftLastAccessTime.dwLowDateTime=0x91b57a90, ftLastAccessTime.dwHighDateTime=0x1d826b7, ftLastWriteTime.dwLowDateTime=0x91b57a90, ftLastWriteTime.dwHighDateTime=0x1d826b7, nFileSizeHigh=0x0, nFileSizeLow=0xb0b3, dwReserved0=0x0, dwReserved1=0x0, cFileName="PeNWmzhlJCX.gif", cAlternateFileName="PENWMZ~1.GIF")) returned 1 [0231.934] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d1756d0, ftCreationTime.dwHighDateTime=0x1d819be, ftLastAccessTime.dwLowDateTime=0xa0a1f860, ftLastAccessTime.dwHighDateTime=0x1d81dc2, ftLastWriteTime.dwLowDateTime=0xa0a1f860, ftLastWriteTime.dwHighDateTime=0x1d81dc2, nFileSizeHigh=0x0, nFileSizeLow=0x3f7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="sNU4ZxXwBcEpxou.gif", cAlternateFileName="SNU4ZX~1.GIF")) returned 1 [0231.934] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22bf7d10, ftCreationTime.dwHighDateTime=0x1d81e3e, ftLastAccessTime.dwLowDateTime=0x67d4ce0, ftLastAccessTime.dwHighDateTime=0x1d828bb, ftLastWriteTime.dwLowDateTime=0x67d4ce0, ftLastWriteTime.dwHighDateTime=0x1d828bb, nFileSizeHigh=0x0, nFileSizeLow=0x140d7, dwReserved0=0x0, dwReserved1=0x0, cFileName="yeL3pqI1j.bmp", cAlternateFileName="YEL3PQ~1.BMP")) returned 1 [0231.934] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0231.934] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0231.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0231.934] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0231.937] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif", lpFilePart=0x0) returned 0x39 [0231.937] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif", lpFilePart=0x0) returned 0x39 [0231.937] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif", dwFileAttributes=0x80) returned 1 [0231.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0231.937] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\asuu1.gif"), fInfoLevelId=0x0, lpFileInformation=0x26adbb0 | out: lpFileInformation=0x26adbb0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1f967dd0, ftCreationTime.dwHighDateTime=0x1d828a9, ftLastAccessTime.dwLowDateTime=0x28369730, ftLastAccessTime.dwHighDateTime=0x1d8296d, ftLastWriteTime.dwLowDateTime=0x28369730, ftLastWriteTime.dwHighDateTime=0x1d8296d, nFileSizeHigh=0x0, nFileSizeLow=0xc86)) returned 1 [0231.937] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0231.937] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif", lpFilePart=0x0) returned 0x39 [0231.937] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0231.937] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\asuu1.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0231.938] GetFileType (hFile=0x1f4) returned 0x1 [0231.938] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0231.938] GetFileType (hFile=0x1f4) returned 0x1 [0231.938] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0xc86 [0231.938] ReadFile (in: hFile=0x1f4, lpBuffer=0x26aecf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x26aecf0*, lpNumberOfBytesRead=0x14ecf8*=0xc86, lpOverlapped=0x0) returned 1 [0231.939] CloseHandle (hObject=0x1f4) returned 1 [0232.290] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif", lpFilePart=0x0) returned 0x39 [0232.290] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0232.290] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\asuu1.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0232.291] GetFileType (hFile=0x1f4) returned 0x1 [0232.291] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0232.291] GetFileType (hFile=0x1f4) returned 0x1 [0232.292] WriteFile (in: hFile=0x1f4, lpBuffer=0x2731518*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebd8, lpOverlapped=0x0 | out: lpBuffer=0x2731518*, lpNumberOfBytesWritten=0x14ebd8*=0x1000, lpOverlapped=0x0) returned 1 [0232.293] WriteFile (in: hFile=0x1f4, lpBuffer=0x2731518*, nNumberOfBytesToWrite=0x188, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x2731518*, lpNumberOfBytesWritten=0x14ebb8*=0x188, lpOverlapped=0x0) returned 1 [0232.293] CloseHandle (hObject=0x1f4) returned 1 [0232.295] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif", lpFilePart=0x0) returned 0x39 [0232.295] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif.ampkcz", lpFilePart=0x0) returned 0x40 [0232.295] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0232.295] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\asuu1.gif"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f967dd0, ftCreationTime.dwHighDateTime=0x1d828a9, ftLastAccessTime.dwLowDateTime=0x28369730, ftLastAccessTime.dwHighDateTime=0x1d8296d, ftLastWriteTime.dwLowDateTime=0x78dc1d19, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1188)) returned 1 [0232.296] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0232.296] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\asuu1.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\Asuu1.gif.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\asuu1.gif.ampkcz")) returned 1 [0232.299] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\readme.txt", lpFilePart=0x0) returned 0x3a [0232.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0232.299] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0232.300] GetFileType (hFile=0x1f4) returned 0x1 [0232.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0232.300] GetFileType (hFile=0x1f4) returned 0x1 [0232.301] WriteFile (in: hFile=0x1f4, lpBuffer=0x2734790*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ec68, lpOverlapped=0x0 | out: lpBuffer=0x2734790*, lpNumberOfBytesWritten=0x14ec68*=0x6c6, lpOverlapped=0x0) returned 1 [0232.302] CloseHandle (hObject=0x1f4) returned 1 [0232.302] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png", lpFilePart=0x0) returned 0x3b [0232.302] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png", lpFilePart=0x0) returned 0x3b [0232.302] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png", dwFileAttributes=0x80) returned 1 [0232.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0232.303] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\c5qjp_9.png"), fInfoLevelId=0x0, lpFileInformation=0x2736288 | out: lpFileInformation=0x2736288*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1b9451c0, ftCreationTime.dwHighDateTime=0x1d825d0, ftLastAccessTime.dwLowDateTime=0xa5fa53d0, ftLastAccessTime.dwHighDateTime=0x1d82668, ftLastWriteTime.dwLowDateTime=0xa5fa53d0, ftLastWriteTime.dwHighDateTime=0x1d82668, nFileSizeHigh=0x0, nFileSizeLow=0x155d5)) returned 1 [0232.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0232.303] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png", lpFilePart=0x0) returned 0x3b [0232.303] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0232.303] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\c5qjp_9.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0232.303] GetFileType (hFile=0x1f4) returned 0x1 [0232.303] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0232.303] GetFileType (hFile=0x1f4) returned 0x1 [0232.303] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x155d5 [0232.304] ReadFile (in: hFile=0x1f4, lpBuffer=0x126dd7a0, nNumberOfBytesToRead=0x155d5, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x126dd7a0*, lpNumberOfBytesRead=0x14ecf8*=0x155d5, lpOverlapped=0x0) returned 1 [0232.306] CloseHandle (hObject=0x1f4) returned 1 [0232.692] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png", lpFilePart=0x0) returned 0x3b [0232.692] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0232.692] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\c5qjp_9.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0232.694] GetFileType (hFile=0x1f4) returned 0x1 [0232.694] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0232.694] GetFileType (hFile=0x1f4) returned 0x1 [0232.695] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.696] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.696] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.696] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.697] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.697] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.697] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.698] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.698] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.698] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.699] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.699] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.699] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.700] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.700] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.700] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.700] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.701] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.702] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.702] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.702] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.703] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.703] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.704] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.704] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.704] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.705] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.705] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0232.705] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b07b8*, nNumberOfBytesToWrite=0x8a0, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x25b07b8*, lpNumberOfBytesWritten=0x14ebb8*=0x8a0, lpOverlapped=0x0) returned 1 [0232.705] CloseHandle (hObject=0x1f4) returned 1 [0232.709] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png", lpFilePart=0x0) returned 0x3b [0232.709] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png.ampkcz", lpFilePart=0x0) returned 0x42 [0232.709] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0232.709] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\c5qjp_9.png"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b9451c0, ftCreationTime.dwHighDateTime=0x1d825d0, ftLastAccessTime.dwLowDateTime=0xa5fa53d0, ftLastAccessTime.dwHighDateTime=0x1d82668, ftLastWriteTime.dwLowDateTime=0x791b4a55, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1c8a0)) returned 1 [0232.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0232.710] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\c5qjp_9.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\c5qjp_9.png.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\c5qjp_9.png.ampkcz")) returned 1 [0232.711] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg", lpFilePart=0x0) returned 0x41 [0232.711] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg", lpFilePart=0x0) returned 0x41 [0232.711] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg", dwFileAttributes=0x80) returned 1 [0232.711] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0232.711] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\i_hjoi0pvfw-v.jpg"), fInfoLevelId=0x0, lpFileInformation=0x25b1c88 | out: lpFileInformation=0x25b1c88*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xb1f76160, ftCreationTime.dwHighDateTime=0x1d81fb9, ftLastAccessTime.dwLowDateTime=0xd7400930, ftLastAccessTime.dwHighDateTime=0x1d825eb, ftLastWriteTime.dwLowDateTime=0xd7400930, ftLastWriteTime.dwHighDateTime=0x1d825eb, nFileSizeHigh=0x0, nFileSizeLow=0x12d4f)) returned 1 [0232.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0232.712] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg", lpFilePart=0x0) returned 0x41 [0232.712] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0232.712] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\i_hjoi0pvfw-v.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0232.712] GetFileType (hFile=0x1f4) returned 0x1 [0232.712] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0232.712] GetFileType (hFile=0x1f4) returned 0x1 [0232.712] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x12d4f [0232.713] ReadFile (in: hFile=0x1f4, lpBuffer=0x25b2178, nNumberOfBytesToRead=0x12d4f, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x25b2178*, lpNumberOfBytesRead=0x14ecf8*=0x12d4f, lpOverlapped=0x0) returned 1 [0232.714] CloseHandle (hObject=0x1f4) returned 1 [0233.085] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg", lpFilePart=0x0) returned 0x41 [0233.085] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0233.085] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\i_hjoi0pvfw-v.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0233.087] GetFileType (hFile=0x1f4) returned 0x1 [0233.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0233.087] GetFileType (hFile=0x1f4) returned 0x1 [0233.087] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.088] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.089] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.089] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.089] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.089] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.090] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.090] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.090] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.091] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.091] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.091] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.092] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.092] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.092] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.093] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.093] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.093] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.094] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.094] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.094] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.095] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.095] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.095] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.096] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebd8, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ebd8*=0x1000, lpOverlapped=0x0) returned 1 [0233.096] WriteFile (in: hFile=0x1f4, lpBuffer=0x2676b60*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x2676b60*, lpNumberOfBytesWritten=0x14ebb8*=0x288, lpOverlapped=0x0) returned 1 [0233.096] CloseHandle (hObject=0x1f4) returned 1 [0233.100] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg", lpFilePart=0x0) returned 0x41 [0233.100] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg.ampkcz", lpFilePart=0x0) returned 0x48 [0233.100] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0233.100] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\i_hjoi0pvfw-v.jpg"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1f76160, ftCreationTime.dwHighDateTime=0x1d81fb9, ftLastAccessTime.dwLowDateTime=0xd7400930, ftLastAccessTime.dwHighDateTime=0x1d825eb, ftLastWriteTime.dwLowDateTime=0x7956da67, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x19288)) returned 1 [0233.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0233.100] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\i_hjoi0pvfw-v.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\i_HjOI0Pvfw-v.jpg.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\i_hjoi0pvfw-v.jpg.ampkcz")) returned 1 [0233.102] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp", lpFilePart=0x0) returned 0x40 [0233.102] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp", lpFilePart=0x0) returned 0x40 [0233.102] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp", dwFileAttributes=0x80) returned 1 [0233.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0233.102] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\jghfvz7zwuy0.bmp"), fInfoLevelId=0x0, lpFileInformation=0x26784e8 | out: lpFileInformation=0x26784e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x534ef2d0, ftCreationTime.dwHighDateTime=0x1d82348, ftLastAccessTime.dwLowDateTime=0xde844f60, ftLastAccessTime.dwHighDateTime=0x1d826ec, ftLastWriteTime.dwLowDateTime=0xde844f60, ftLastWriteTime.dwHighDateTime=0x1d826ec, nFileSizeHigh=0x0, nFileSizeLow=0x274b)) returned 1 [0233.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0233.103] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp", lpFilePart=0x0) returned 0x40 [0233.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0233.103] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\jghfvz7zwuy0.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0233.103] GetFileType (hFile=0x1f4) returned 0x1 [0233.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0233.103] GetFileType (hFile=0x1f4) returned 0x1 [0233.103] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x274b [0233.103] ReadFile (in: hFile=0x1f4, lpBuffer=0x26789d8, nNumberOfBytesToRead=0x274b, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x26789d8*, lpNumberOfBytesRead=0x14ecf8*=0x274b, lpOverlapped=0x0) returned 1 [0233.104] CloseHandle (hObject=0x1f4) returned 1 [0233.424] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp", lpFilePart=0x0) returned 0x40 [0233.424] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0233.424] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\jghfvz7zwuy0.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0233.425] GetFileType (hFile=0x1f4) returned 0x1 [0233.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0233.425] GetFileType (hFile=0x1f4) returned 0x1 [0233.426] WriteFile (in: hFile=0x1f4, lpBuffer=0x270ddd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x270ddd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.427] WriteFile (in: hFile=0x1f4, lpBuffer=0x270ddd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x270ddd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.428] WriteFile (in: hFile=0x1f4, lpBuffer=0x270ddd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x270ddd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.429] WriteFile (in: hFile=0x1f4, lpBuffer=0x270ddd8*, nNumberOfBytesToWrite=0x534, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x270ddd8*, lpNumberOfBytesWritten=0x14ebb8*=0x534, lpOverlapped=0x0) returned 1 [0233.429] CloseHandle (hObject=0x1f4) returned 1 [0233.431] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp", lpFilePart=0x0) returned 0x40 [0233.431] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp.ampkcz", lpFilePart=0x0) returned 0x47 [0233.431] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0233.431] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\jghfvz7zwuy0.bmp"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x534ef2d0, ftCreationTime.dwHighDateTime=0x1d82348, ftLastAccessTime.dwLowDateTime=0xde844f60, ftLastAccessTime.dwHighDateTime=0x1d826ec, ftLastWriteTime.dwLowDateTime=0x79896502, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x3534)) returned 1 [0233.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0233.431] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\jghfvz7zwuy0.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\JGhfvZ7zWuY0.bmp.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\jghfvz7zwuy0.bmp.ampkcz")) returned 1 [0233.432] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png", lpFilePart=0x0) returned 0x3b [0233.432] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png", lpFilePart=0x0) returned 0x3b [0233.432] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png", dwFileAttributes=0x80) returned 1 [0233.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0233.433] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\nbfcv7r.png"), fInfoLevelId=0x0, lpFileInformation=0x270f358 | out: lpFileInformation=0x270f358*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x266ef490, ftCreationTime.dwHighDateTime=0x1d81d4e, ftLastAccessTime.dwLowDateTime=0x751cab40, ftLastAccessTime.dwHighDateTime=0x1d81fe3, ftLastWriteTime.dwLowDateTime=0x751cab40, ftLastWriteTime.dwHighDateTime=0x1d81fe3, nFileSizeHigh=0x0, nFileSizeLow=0x183ff)) returned 1 [0233.433] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0233.433] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png", lpFilePart=0x0) returned 0x3b [0233.433] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0233.433] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\nbfcv7r.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0233.433] GetFileType (hFile=0x1f4) returned 0x1 [0233.433] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0233.433] GetFileType (hFile=0x1f4) returned 0x1 [0233.433] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x183ff [0233.453] ReadFile (in: hFile=0x1f4, lpBuffer=0x1252a1e8, nNumberOfBytesToRead=0x183ff, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x1252a1e8*, lpNumberOfBytesRead=0x14ecf8*=0x183ff, lpOverlapped=0x0) returned 1 [0233.455] CloseHandle (hObject=0x1f4) returned 1 [0233.791] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png", lpFilePart=0x0) returned 0x3b [0233.791] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0233.792] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\nbfcv7r.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0233.794] GetFileType (hFile=0x1f4) returned 0x1 [0233.794] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0233.794] GetFileType (hFile=0x1f4) returned 0x1 [0233.795] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.796] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.796] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.797] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.797] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.797] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.798] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.798] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.799] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.800] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.800] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.801] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.801] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.801] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.802] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.802] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.802] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.803] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.803] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.803] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.804] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.804] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.805] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.805] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.805] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.806] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.806] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.806] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.807] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.807] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.807] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.808] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0233.808] WriteFile (in: hFile=0x1f4, lpBuffer=0x2599bd8*, nNumberOfBytesToWrite=0x620, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x2599bd8*, lpNumberOfBytesWritten=0x14ebb8*=0x620, lpOverlapped=0x0) returned 1 [0233.808] CloseHandle (hObject=0x1f4) returned 1 [0233.813] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png", lpFilePart=0x0) returned 0x3b [0233.813] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png.ampkcz", lpFilePart=0x0) returned 0x42 [0233.813] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0233.813] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\nbfcv7r.png"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x266ef490, ftCreationTime.dwHighDateTime=0x1d81d4e, ftLastAccessTime.dwLowDateTime=0x751cab40, ftLastAccessTime.dwHighDateTime=0x1d81fe3, ftLastWriteTime.dwLowDateTime=0x79c3af0e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x20620)) returned 1 [0233.813] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0233.813] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\nbfcv7r.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\NbFcv7r.png.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\nbfcv7r.png.ampkcz")) returned 1 [0233.817] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif", lpFilePart=0x0) returned 0x3f [0233.817] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif", lpFilePart=0x0) returned 0x3f [0233.817] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif", dwFileAttributes=0x80) returned 1 [0233.817] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0233.817] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\penwmzhljcx.gif"), fInfoLevelId=0x0, lpFileInformation=0x259c0e0 | out: lpFileInformation=0x259c0e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x734ff5b0, ftCreationTime.dwHighDateTime=0x1d82632, ftLastAccessTime.dwLowDateTime=0x91b57a90, ftLastAccessTime.dwHighDateTime=0x1d826b7, ftLastWriteTime.dwLowDateTime=0x91b57a90, ftLastWriteTime.dwHighDateTime=0x1d826b7, nFileSizeHigh=0x0, nFileSizeLow=0xb0b3)) returned 1 [0233.817] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0233.818] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif", lpFilePart=0x0) returned 0x3f [0233.818] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0233.818] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\penwmzhljcx.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0233.818] GetFileType (hFile=0x1f4) returned 0x1 [0233.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0233.818] GetFileType (hFile=0x1f4) returned 0x1 [0233.818] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0xb0b3 [0233.818] ReadFile (in: hFile=0x1f4, lpBuffer=0x259c5a8, nNumberOfBytesToRead=0xb0b3, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x259c5a8*, lpNumberOfBytesRead=0x14ecf8*=0xb0b3, lpOverlapped=0x0) returned 1 [0233.819] CloseHandle (hObject=0x1f4) returned 1 [0234.120] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif", lpFilePart=0x0) returned 0x3f [0234.120] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0234.120] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\penwmzhljcx.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0234.122] GetFileType (hFile=0x1f4) returned 0x1 [0234.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0234.122] GetFileType (hFile=0x1f4) returned 0x1 [0234.122] WriteFile (in: hFile=0x1f4, lpBuffer=0x2641d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2641d40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.123] WriteFile (in: hFile=0x1f4, lpBuffer=0x2641d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2641d40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.124] WriteFile (in: hFile=0x1f4, lpBuffer=0x2641d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2641d40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.125] WriteFile (in: hFile=0x1f4, lpBuffer=0x2641d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2641d40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.125] WriteFile (in: hFile=0x1f4, lpBuffer=0x2641d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2641d40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.125] WriteFile (in: hFile=0x1f4, lpBuffer=0x2641d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2641d40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.126] WriteFile (in: hFile=0x1f4, lpBuffer=0x2641d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2641d40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.126] WriteFile (in: hFile=0x1f4, lpBuffer=0x2641d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2641d40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.126] WriteFile (in: hFile=0x1f4, lpBuffer=0x2641d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2641d40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.127] WriteFile (in: hFile=0x1f4, lpBuffer=0x2641d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2641d40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.127] WriteFile (in: hFile=0x1f4, lpBuffer=0x2641d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2641d40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.127] WriteFile (in: hFile=0x1f4, lpBuffer=0x2641d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2641d40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.128] WriteFile (in: hFile=0x1f4, lpBuffer=0x2641d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2641d40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.128] WriteFile (in: hFile=0x1f4, lpBuffer=0x2641d40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2641d40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.128] WriteFile (in: hFile=0x1f4, lpBuffer=0x2641d40*, nNumberOfBytesToWrite=0xc74, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x2641d40*, lpNumberOfBytesWritten=0x14ebb8*=0xc74, lpOverlapped=0x0) returned 1 [0234.129] CloseHandle (hObject=0x1f4) returned 1 [0234.131] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif", lpFilePart=0x0) returned 0x3f [0234.131] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif.ampkcz", lpFilePart=0x0) returned 0x46 [0234.131] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0234.131] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\penwmzhljcx.gif"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x734ff5b0, ftCreationTime.dwHighDateTime=0x1d82632, ftLastAccessTime.dwLowDateTime=0x91b57a90, ftLastAccessTime.dwHighDateTime=0x1d826b7, ftLastWriteTime.dwLowDateTime=0x79f44509, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xec74)) returned 1 [0234.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0234.134] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\penwmzhljcx.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\PeNWmzhlJCX.gif.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\penwmzhljcx.gif.ampkcz")) returned 1 [0234.137] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif", lpFilePart=0x0) returned 0x43 [0234.137] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif", lpFilePart=0x0) returned 0x43 [0234.137] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif", dwFileAttributes=0x80) returned 1 [0234.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0234.138] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\snu4zxxwbcepxou.gif"), fInfoLevelId=0x0, lpFileInformation=0x2644268 | out: lpFileInformation=0x2644268*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x3d1756d0, ftCreationTime.dwHighDateTime=0x1d819be, ftLastAccessTime.dwLowDateTime=0xa0a1f860, ftLastAccessTime.dwHighDateTime=0x1d81dc2, ftLastWriteTime.dwLowDateTime=0xa0a1f860, ftLastWriteTime.dwHighDateTime=0x1d81dc2, nFileSizeHigh=0x0, nFileSizeLow=0x3f7c)) returned 1 [0234.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0234.138] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif", lpFilePart=0x0) returned 0x43 [0234.138] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0234.138] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\snu4zxxwbcepxou.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0234.138] GetFileType (hFile=0x1f4) returned 0x1 [0234.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0234.138] GetFileType (hFile=0x1f4) returned 0x1 [0234.138] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x3f7c [0234.138] ReadFile (in: hFile=0x1f4, lpBuffer=0x2644758, nNumberOfBytesToRead=0x3f7c, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x2644758*, lpNumberOfBytesRead=0x14ecf8*=0x3f7c, lpOverlapped=0x0) returned 1 [0234.139] CloseHandle (hObject=0x1f4) returned 1 [0234.546] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif", lpFilePart=0x0) returned 0x43 [0234.546] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0234.546] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\snu4zxxwbcepxou.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0234.547] GetFileType (hFile=0x1f4) returned 0x1 [0234.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0234.547] GetFileType (hFile=0x1f4) returned 0x1 [0234.548] WriteFile (in: hFile=0x1f4, lpBuffer=0x26ead78*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26ead78*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.549] WriteFile (in: hFile=0x1f4, lpBuffer=0x26ead78*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26ead78*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.549] WriteFile (in: hFile=0x1f4, lpBuffer=0x26ead78*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26ead78*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.550] WriteFile (in: hFile=0x1f4, lpBuffer=0x26ead78*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26ead78*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.550] WriteFile (in: hFile=0x1f4, lpBuffer=0x26ead78*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26ead78*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.550] WriteFile (in: hFile=0x1f4, lpBuffer=0x26ead78*, nNumberOfBytesToWrite=0x574, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x26ead78*, lpNumberOfBytesWritten=0x14ebb8*=0x574, lpOverlapped=0x0) returned 1 [0234.550] CloseHandle (hObject=0x1f4) returned 1 [0234.553] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif", lpFilePart=0x0) returned 0x43 [0234.553] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif.ampkcz", lpFilePart=0x0) returned 0x4a [0234.553] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0234.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\snu4zxxwbcepxou.gif"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d1756d0, ftCreationTime.dwHighDateTime=0x1d819be, ftLastAccessTime.dwLowDateTime=0xa0a1f860, ftLastAccessTime.dwHighDateTime=0x1d81dc2, ftLastWriteTime.dwLowDateTime=0x7a3494cf, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x5574)) returned 1 [0234.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0234.553] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\snu4zxxwbcepxou.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\sNU4ZxXwBcEpxou.gif.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\snu4zxxwbcepxou.gif.ampkcz")) returned 1 [0234.555] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp", lpFilePart=0x0) returned 0x3d [0234.555] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp", lpFilePart=0x0) returned 0x3d [0234.555] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp", dwFileAttributes=0x80) returned 1 [0234.555] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0234.555] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\yel3pqi1j.bmp"), fInfoLevelId=0x0, lpFileInformation=0x26ec6f8 | out: lpFileInformation=0x26ec6f8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x22bf7d10, ftCreationTime.dwHighDateTime=0x1d81e3e, ftLastAccessTime.dwLowDateTime=0x67d4ce0, ftLastAccessTime.dwHighDateTime=0x1d828bb, ftLastWriteTime.dwLowDateTime=0x67d4ce0, ftLastWriteTime.dwHighDateTime=0x1d828bb, nFileSizeHigh=0x0, nFileSizeLow=0x140d7)) returned 1 [0234.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0234.556] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp", lpFilePart=0x0) returned 0x3d [0234.556] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0234.556] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\yel3pqi1j.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0234.556] GetFileType (hFile=0x1f4) returned 0x1 [0234.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0234.556] GetFileType (hFile=0x1f4) returned 0x1 [0234.556] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x140d7 [0234.556] ReadFile (in: hFile=0x1f4, lpBuffer=0x26ecbc0, nNumberOfBytesToRead=0x140d7, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x26ecbc0*, lpNumberOfBytesRead=0x14ecf8*=0x140d7, lpOverlapped=0x0) returned 1 [0234.558] CloseHandle (hObject=0x1f4) returned 1 [0234.885] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp", lpFilePart=0x0) returned 0x3d [0234.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0234.885] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\yel3pqi1j.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0234.888] GetFileType (hFile=0x1f4) returned 0x1 [0234.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0234.888] GetFileType (hFile=0x1f4) returned 0x1 [0234.888] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.890] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.890] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.891] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.891] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.891] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.892] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.892] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.892] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.893] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.893] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.893] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.894] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.894] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.894] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.895] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.895] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.895] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.896] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.896] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.897] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.897] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.897] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.898] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.899] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.899] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0234.899] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cab08*, nNumberOfBytesToWrite=0xca0, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x25cab08*, lpNumberOfBytesWritten=0x14ebb8*=0xca0, lpOverlapped=0x0) returned 1 [0234.899] CloseHandle (hObject=0x1f4) returned 1 [0234.905] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp", lpFilePart=0x0) returned 0x3d [0234.905] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp.ampkcz", lpFilePart=0x0) returned 0x44 [0234.905] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0234.905] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\yel3pqi1j.bmp"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22bf7d10, ftCreationTime.dwHighDateTime=0x1d81e3e, ftLastAccessTime.dwLowDateTime=0x67d4ce0, ftLastAccessTime.dwHighDateTime=0x1d828bb, ftLastWriteTime.dwLowDateTime=0x7a6a55a8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1aca0)) returned 1 [0234.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0234.906] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\yel3pqi1j.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\yeL3pqI1j.bmp.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\ilpjwm2zw-c\\slpu\\yel3pqi1j.bmp.ampkcz")) returned 1 [0234.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0234.907] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu", lpFilePart=0x0) returned 0x2f [0234.907] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\", lpFilePart=0x0) returned 0x30 [0234.907] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\iLPJWM2Zw-c\\slPu\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa12a66c0, ftCreationTime.dwHighDateTime=0x1d81ec9, ftLastAccessTime.dwLowDateTime=0x7a6a8fc8, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7a6a8fc8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0234.908] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa12a66c0, ftCreationTime.dwHighDateTime=0x1d81ec9, ftLastAccessTime.dwLowDateTime=0x7a6a8fc8, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7a6a8fc8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.908] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f967dd0, ftCreationTime.dwHighDateTime=0x1d828a9, ftLastAccessTime.dwLowDateTime=0x28369730, ftLastAccessTime.dwHighDateTime=0x1d8296d, ftLastWriteTime.dwLowDateTime=0x78dc1d19, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1188, dwReserved0=0x0, dwReserved1=0x0, cFileName="Asuu1.gif.ampkcz", cAlternateFileName="ASUU1G~1.AMP")) returned 1 [0234.908] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b9451c0, ftCreationTime.dwHighDateTime=0x1d825d0, ftLastAccessTime.dwLowDateTime=0xa5fa53d0, ftLastAccessTime.dwHighDateTime=0x1d82668, ftLastWriteTime.dwLowDateTime=0x791b4a55, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1c8a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="c5qjp_9.png.ampkcz", cAlternateFileName="C5QJP_~1.AMP")) returned 1 [0234.909] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1f76160, ftCreationTime.dwHighDateTime=0x1d81fb9, ftLastAccessTime.dwLowDateTime=0xd7400930, ftLastAccessTime.dwHighDateTime=0x1d825eb, ftLastWriteTime.dwLowDateTime=0x7956da67, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x19288, dwReserved0=0x0, dwReserved1=0x0, cFileName="i_HjOI0Pvfw-v.jpg.ampkcz", cAlternateFileName="I_HJOI~1.AMP")) returned 1 [0234.909] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x534ef2d0, ftCreationTime.dwHighDateTime=0x1d82348, ftLastAccessTime.dwLowDateTime=0xde844f60, ftLastAccessTime.dwHighDateTime=0x1d826ec, ftLastWriteTime.dwLowDateTime=0x79896502, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x3534, dwReserved0=0x0, dwReserved1=0x0, cFileName="JGhfvZ7zWuY0.bmp.ampkcz", cAlternateFileName="JGHFVZ~1.AMP")) returned 1 [0234.909] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x266ef490, ftCreationTime.dwHighDateTime=0x1d81d4e, ftLastAccessTime.dwLowDateTime=0x751cab40, ftLastAccessTime.dwHighDateTime=0x1d81fe3, ftLastWriteTime.dwLowDateTime=0x79c3af0e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x20620, dwReserved0=0x0, dwReserved1=0x0, cFileName="NbFcv7r.png.ampkcz", cAlternateFileName="NBFCV7~1.AMP")) returned 1 [0234.909] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x734ff5b0, ftCreationTime.dwHighDateTime=0x1d82632, ftLastAccessTime.dwLowDateTime=0x91b57a90, ftLastAccessTime.dwHighDateTime=0x1d826b7, ftLastWriteTime.dwLowDateTime=0x79f44509, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xec74, dwReserved0=0x0, dwReserved1=0x0, cFileName="PeNWmzhlJCX.gif.ampkcz", cAlternateFileName="PENWMZ~1.AMP")) returned 1 [0234.909] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78dcb7fc, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x78dcb7fc, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x78dd1996, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0234.910] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d1756d0, ftCreationTime.dwHighDateTime=0x1d819be, ftLastAccessTime.dwLowDateTime=0xa0a1f860, ftLastAccessTime.dwHighDateTime=0x1d81dc2, ftLastWriteTime.dwLowDateTime=0x7a3494cf, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x5574, dwReserved0=0x0, dwReserved1=0x0, cFileName="sNU4ZxXwBcEpxou.gif.ampkcz", cAlternateFileName="SNU4ZX~1.AMP")) returned 1 [0234.910] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22bf7d10, ftCreationTime.dwHighDateTime=0x1d81e3e, ftLastAccessTime.dwLowDateTime=0x67d4ce0, ftLastAccessTime.dwHighDateTime=0x1d828bb, ftLastWriteTime.dwLowDateTime=0x7a6a55a8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1aca0, dwReserved0=0x0, dwReserved1=0x0, cFileName="yeL3pqI1j.bmp.ampkcz", cAlternateFileName="YEL3PQ~1.AMP")) returned 1 [0234.910] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x22bf7d10, ftCreationTime.dwHighDateTime=0x1d81e3e, ftLastAccessTime.dwLowDateTime=0x67d4ce0, ftLastAccessTime.dwHighDateTime=0x1d828bb, ftLastWriteTime.dwLowDateTime=0x7a6a55a8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1aca0, dwReserved0=0x0, dwReserved1=0x0, cFileName="yeL3pqI1j.bmp.ampkcz", cAlternateFileName="YEL3PQ~1.AMP")) returned 0 [0234.910] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0234.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0234.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0234.910] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0234.910] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6", lpFilePart=0x0) returned 0x29 [0234.910] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\", lpFilePart=0x0) returned 0x2a [0234.910] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb9e8b460, ftCreationTime.dwHighDateTime=0x1d82152, ftLastAccessTime.dwLowDateTime=0x10e171d0, ftLastAccessTime.dwHighDateTime=0x1d82829, ftLastWriteTime.dwLowDateTime=0x10e171d0, ftLastWriteTime.dwHighDateTime=0x1d82829, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0234.911] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb9e8b460, ftCreationTime.dwHighDateTime=0x1d82152, ftLastAccessTime.dwLowDateTime=0x10e171d0, ftLastAccessTime.dwHighDateTime=0x1d82829, ftLastWriteTime.dwLowDateTime=0x10e171d0, ftLastWriteTime.dwHighDateTime=0x1d82829, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0234.911] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d63d5f0, ftCreationTime.dwHighDateTime=0x1d81ed6, ftLastAccessTime.dwLowDateTime=0x28e15230, ftLastAccessTime.dwHighDateTime=0x1d82182, ftLastWriteTime.dwLowDateTime=0x28e15230, ftLastWriteTime.dwHighDateTime=0x1d82182, nFileSizeHigh=0x0, nFileSizeLow=0x97c4, dwReserved0=0x0, dwReserved1=0x0, cFileName="2Clz54JvlW _N1L.png", cAlternateFileName="2CLZ54~1.PNG")) returned 1 [0234.911] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1bba7d00, ftCreationTime.dwHighDateTime=0x1d81df1, ftLastAccessTime.dwLowDateTime=0x1db4c0c0, ftLastAccessTime.dwHighDateTime=0x1d825d0, ftLastWriteTime.dwLowDateTime=0x1db4c0c0, ftLastWriteTime.dwHighDateTime=0x1d825d0, nFileSizeHigh=0x0, nFileSizeLow=0x5d29, dwReserved0=0x0, dwReserved1=0x0, cFileName="VXDZKI.jpg", cAlternateFileName="")) returned 1 [0234.911] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x700f46a0, ftCreationTime.dwHighDateTime=0x1d81f00, ftLastAccessTime.dwLowDateTime=0xc4eba720, ftLastAccessTime.dwHighDateTime=0x1d81f5c, ftLastWriteTime.dwLowDateTime=0xc4eba720, ftLastWriteTime.dwHighDateTime=0x1d81f5c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XlKnK1gfJe4zFhGoRY_F", cAlternateFileName="XLKNK1~1")) returned 1 [0234.911] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x700f46a0, ftCreationTime.dwHighDateTime=0x1d81f00, ftLastAccessTime.dwLowDateTime=0xc4eba720, ftLastAccessTime.dwHighDateTime=0x1d81f5c, ftLastWriteTime.dwLowDateTime=0xc4eba720, ftLastWriteTime.dwHighDateTime=0x1d81f5c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XlKnK1gfJe4zFhGoRY_F", cAlternateFileName="XLKNK1~1")) returned 0 [0234.912] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0234.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0234.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0234.912] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png", lpFilePart=0x0) returned 0x3d [0234.912] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png", lpFilePart=0x0) returned 0x3d [0234.912] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png", dwFileAttributes=0x80) returned 1 [0234.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0234.913] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\2clz54jvlw _n1l.png"), fInfoLevelId=0x0, lpFileInformation=0x25ced98 | out: lpFileInformation=0x25ced98*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x9d63d5f0, ftCreationTime.dwHighDateTime=0x1d81ed6, ftLastAccessTime.dwLowDateTime=0x28e15230, ftLastAccessTime.dwHighDateTime=0x1d82182, ftLastWriteTime.dwLowDateTime=0x28e15230, ftLastWriteTime.dwHighDateTime=0x1d82182, nFileSizeHigh=0x0, nFileSizeLow=0x97c4)) returned 1 [0234.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0234.913] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png", lpFilePart=0x0) returned 0x3d [0234.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0234.913] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\2clz54jvlw _n1l.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0234.913] GetFileType (hFile=0x1f4) returned 0x1 [0234.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0234.913] GetFileType (hFile=0x1f4) returned 0x1 [0234.913] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x97c4 [0234.913] ReadFile (in: hFile=0x1f4, lpBuffer=0x25cf270, nNumberOfBytesToRead=0x97c4, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25cf270*, lpNumberOfBytesRead=0x14ed68*=0x97c4, lpOverlapped=0x0) returned 1 [0234.915] CloseHandle (hObject=0x1f4) returned 1 [0235.221] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png", lpFilePart=0x0) returned 0x3d [0235.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0235.221] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\2clz54jvlw _n1l.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0235.223] GetFileType (hFile=0x1f4) returned 0x1 [0235.223] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0235.223] GetFileType (hFile=0x1f4) returned 0x1 [0235.223] WriteFile (in: hFile=0x1f4, lpBuffer=0x26815e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26815e8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.224] WriteFile (in: hFile=0x1f4, lpBuffer=0x26815e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26815e8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.225] WriteFile (in: hFile=0x1f4, lpBuffer=0x26815e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26815e8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.225] WriteFile (in: hFile=0x1f4, lpBuffer=0x26815e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26815e8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.226] WriteFile (in: hFile=0x1f4, lpBuffer=0x26815e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26815e8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.226] WriteFile (in: hFile=0x1f4, lpBuffer=0x26815e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26815e8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.226] WriteFile (in: hFile=0x1f4, lpBuffer=0x26815e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26815e8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.227] WriteFile (in: hFile=0x1f4, lpBuffer=0x26815e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26815e8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.227] WriteFile (in: hFile=0x1f4, lpBuffer=0x26815e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26815e8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.228] WriteFile (in: hFile=0x1f4, lpBuffer=0x26815e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26815e8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.228] WriteFile (in: hFile=0x1f4, lpBuffer=0x26815e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26815e8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.228] WriteFile (in: hFile=0x1f4, lpBuffer=0x26815e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26815e8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.229] WriteFile (in: hFile=0x1f4, lpBuffer=0x26815e8*, nNumberOfBytesToWrite=0xb34, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26815e8*, lpNumberOfBytesWritten=0x14ec28*=0xb34, lpOverlapped=0x0) returned 1 [0235.229] CloseHandle (hObject=0x1f4) returned 1 [0235.232] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png", lpFilePart=0x0) returned 0x3d [0235.232] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png.ampkcz", lpFilePart=0x0) returned 0x44 [0235.232] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0235.232] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\2clz54jvlw _n1l.png"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d63d5f0, ftCreationTime.dwHighDateTime=0x1d81ed6, ftLastAccessTime.dwLowDateTime=0x28e15230, ftLastAccessTime.dwHighDateTime=0x1d82182, ftLastWriteTime.dwLowDateTime=0x7a9c4864, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xcb34)) returned 1 [0235.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0235.233] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\2clz54jvlw _n1l.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\2Clz54JvlW _N1L.png.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\2clz54jvlw _n1l.png.ampkcz")) returned 1 [0235.234] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\readme.txt", lpFilePart=0x0) returned 0x34 [0235.234] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0235.234] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0235.235] GetFileType (hFile=0x1f4) returned 0x1 [0235.235] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0235.235] GetFileType (hFile=0x1f4) returned 0x1 [0235.236] WriteFile (in: hFile=0x1f4, lpBuffer=0x2684868*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x2684868*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0235.237] CloseHandle (hObject=0x1f4) returned 1 [0235.237] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg", lpFilePart=0x0) returned 0x34 [0235.237] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg", lpFilePart=0x0) returned 0x34 [0235.237] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg", dwFileAttributes=0x80) returned 1 [0235.238] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0235.238] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\vxdzki.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26862c0 | out: lpFileInformation=0x26862c0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1bba7d00, ftCreationTime.dwHighDateTime=0x1d81df1, ftLastAccessTime.dwLowDateTime=0x1db4c0c0, ftLastAccessTime.dwHighDateTime=0x1d825d0, ftLastWriteTime.dwLowDateTime=0x1db4c0c0, ftLastWriteTime.dwHighDateTime=0x1d825d0, nFileSizeHigh=0x0, nFileSizeLow=0x5d29)) returned 1 [0235.238] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0235.238] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg", lpFilePart=0x0) returned 0x34 [0235.238] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0235.238] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\vxdzki.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0235.238] GetFileType (hFile=0x1f4) returned 0x1 [0235.238] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0235.238] GetFileType (hFile=0x1f4) returned 0x1 [0235.238] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x5d29 [0235.239] ReadFile (in: hFile=0x1f4, lpBuffer=0x2686748, nNumberOfBytesToRead=0x5d29, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2686748*, lpNumberOfBytesRead=0x14ed68*=0x5d29, lpOverlapped=0x0) returned 1 [0235.240] CloseHandle (hObject=0x1f4) returned 1 [0235.622] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg", lpFilePart=0x0) returned 0x34 [0235.622] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0235.622] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\vxdzki.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0235.623] GetFileType (hFile=0x1f4) returned 0x1 [0235.623] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0235.623] GetFileType (hFile=0x1f4) returned 0x1 [0235.629] WriteFile (in: hFile=0x1f4, lpBuffer=0x25461c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25461c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.630] WriteFile (in: hFile=0x1f4, lpBuffer=0x25461c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25461c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.630] WriteFile (in: hFile=0x1f4, lpBuffer=0x25461c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25461c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.631] WriteFile (in: hFile=0x1f4, lpBuffer=0x25461c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25461c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.631] WriteFile (in: hFile=0x1f4, lpBuffer=0x25461c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25461c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.632] WriteFile (in: hFile=0x1f4, lpBuffer=0x25461c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25461c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.632] WriteFile (in: hFile=0x1f4, lpBuffer=0x25461c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25461c8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0235.633] WriteFile (in: hFile=0x1f4, lpBuffer=0x25461c8*, nNumberOfBytesToWrite=0xd08, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25461c8*, lpNumberOfBytesWritten=0x14ec28*=0xd08, lpOverlapped=0x0) returned 1 [0235.633] CloseHandle (hObject=0x1f4) returned 1 [0235.635] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg", lpFilePart=0x0) returned 0x34 [0235.635] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg.ampkcz", lpFilePart=0x0) returned 0x3b [0235.635] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0235.635] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\vxdzki.jpg"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1bba7d00, ftCreationTime.dwHighDateTime=0x1d81df1, ftLastAccessTime.dwLowDateTime=0x1db4c0c0, ftLastAccessTime.dwHighDateTime=0x1d825d0, ftLastWriteTime.dwLowDateTime=0x7ad9bf2a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x7d08)) returned 1 [0235.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0235.635] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\vxdzki.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\VXDZKI.jpg.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\vxdzki.jpg.ampkcz")) returned 1 [0235.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0235.636] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6", lpFilePart=0x0) returned 0x29 [0235.636] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\", lpFilePart=0x0) returned 0x2a [0235.636] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb9e8b460, ftCreationTime.dwHighDateTime=0x1d82152, ftLastAccessTime.dwLowDateTime=0x7ad9da17, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7ad9da17, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0235.637] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb9e8b460, ftCreationTime.dwHighDateTime=0x1d82152, ftLastAccessTime.dwLowDateTime=0x7ad9da17, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7ad9da17, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.637] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d63d5f0, ftCreationTime.dwHighDateTime=0x1d81ed6, ftLastAccessTime.dwLowDateTime=0x28e15230, ftLastAccessTime.dwHighDateTime=0x1d82182, ftLastWriteTime.dwLowDateTime=0x7a9c4864, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xcb34, dwReserved0=0x0, dwReserved1=0x0, cFileName="2Clz54JvlW _N1L.png.ampkcz", cAlternateFileName="2CLZ54~1.AMP")) returned 1 [0235.637] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7a9ca0a5, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x7a9ca0a5, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7a9ceebf, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0235.637] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1bba7d00, ftCreationTime.dwHighDateTime=0x1d81df1, ftLastAccessTime.dwLowDateTime=0x1db4c0c0, ftLastAccessTime.dwHighDateTime=0x1d825d0, ftLastWriteTime.dwLowDateTime=0x7ad9bf2a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x7d08, dwReserved0=0x0, dwReserved1=0x0, cFileName="VXDZKI.jpg.ampkcz", cAlternateFileName="VXDZKI~1.AMP")) returned 1 [0235.638] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x700f46a0, ftCreationTime.dwHighDateTime=0x1d81f00, ftLastAccessTime.dwLowDateTime=0xc4eba720, ftLastAccessTime.dwHighDateTime=0x1d81f5c, ftLastWriteTime.dwLowDateTime=0xc4eba720, ftLastWriteTime.dwHighDateTime=0x1d81f5c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XlKnK1gfJe4zFhGoRY_F", cAlternateFileName="XLKNK1~1")) returned 1 [0235.638] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0235.638] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0235.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0235.638] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0235.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0235.638] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F", lpFilePart=0x0) returned 0x3e [0235.638] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\", lpFilePart=0x0) returned 0x3f [0235.638] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x700f46a0, ftCreationTime.dwHighDateTime=0x1d81f00, ftLastAccessTime.dwLowDateTime=0xc4eba720, ftLastAccessTime.dwHighDateTime=0x1d81f5c, ftLastWriteTime.dwLowDateTime=0xc4eba720, ftLastWriteTime.dwHighDateTime=0x1d81f5c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0235.639] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x700f46a0, ftCreationTime.dwHighDateTime=0x1d81f00, ftLastAccessTime.dwLowDateTime=0xc4eba720, ftLastAccessTime.dwHighDateTime=0x1d81f5c, ftLastWriteTime.dwLowDateTime=0xc4eba720, ftLastWriteTime.dwHighDateTime=0x1d81f5c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0235.639] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7fce0a10, ftCreationTime.dwHighDateTime=0x1d82368, ftLastAccessTime.dwLowDateTime=0x88a871a0, ftLastAccessTime.dwHighDateTime=0x1d8250e, ftLastWriteTime.dwLowDateTime=0x88a871a0, ftLastWriteTime.dwHighDateTime=0x1d8250e, nFileSizeHigh=0x0, nFileSizeLow=0xa017, dwReserved0=0x0, dwReserved1=0x0, cFileName="AKzD1IY.png", cAlternateFileName="")) returned 1 [0235.639] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7966c40, ftCreationTime.dwHighDateTime=0x1d81d48, ftLastAccessTime.dwLowDateTime=0x7d24f420, ftLastAccessTime.dwHighDateTime=0x1d821e9, ftLastWriteTime.dwLowDateTime=0x7d24f420, ftLastWriteTime.dwHighDateTime=0x1d821e9, nFileSizeHigh=0x0, nFileSizeLow=0x18d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="QIc4be.bmp", cAlternateFileName="")) returned 1 [0235.639] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12b37120, ftCreationTime.dwHighDateTime=0x1d82554, ftLastAccessTime.dwLowDateTime=0x5580d630, ftLastAccessTime.dwHighDateTime=0x1d82957, ftLastWriteTime.dwLowDateTime=0x5580d630, ftLastWriteTime.dwHighDateTime=0x1d82957, nFileSizeHigh=0x0, nFileSizeLow=0x8f84, dwReserved0=0x0, dwReserved1=0x0, cFileName="r5DQrDCs.gif", cAlternateFileName="")) returned 1 [0235.639] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x731b9cf0, ftCreationTime.dwHighDateTime=0x1d827ab, ftLastAccessTime.dwLowDateTime=0xc5c49570, ftLastAccessTime.dwHighDateTime=0x1d82935, ftLastWriteTime.dwLowDateTime=0xc5c49570, ftLastWriteTime.dwHighDateTime=0x1d82935, nFileSizeHigh=0x0, nFileSizeLow=0x9610, dwReserved0=0x0, dwReserved1=0x0, cFileName="uOS_JODxfeSPDsu.png", cAlternateFileName="UOS_JO~1.PNG")) returned 1 [0235.639] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38798d40, ftCreationTime.dwHighDateTime=0x1d82239, ftLastAccessTime.dwLowDateTime=0x1a6aa340, ftLastAccessTime.dwHighDateTime=0x1d8279b, ftLastWriteTime.dwLowDateTime=0x1a6aa340, ftLastWriteTime.dwHighDateTime=0x1d8279b, nFileSizeHigh=0x0, nFileSizeLow=0x1762c, dwReserved0=0x0, dwReserved1=0x0, cFileName="uXWtciW8Mz.png", cAlternateFileName="UXWTCI~1.PNG")) returned 1 [0235.639] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x102c9b50, ftCreationTime.dwHighDateTime=0x1d81a34, ftLastAccessTime.dwLowDateTime=0xcc78b8c0, ftLastAccessTime.dwHighDateTime=0x1d81b10, ftLastWriteTime.dwLowDateTime=0xcc78b8c0, ftLastWriteTime.dwHighDateTime=0x1d81b10, nFileSizeHigh=0x0, nFileSizeLow=0x533a, dwReserved0=0x0, dwReserved1=0x0, cFileName="xLsjiwCf3AooR.jpg", cAlternateFileName="XLSJIW~1.JPG")) returned 1 [0235.640] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3aac4040, ftCreationTime.dwHighDateTime=0x1d81c9d, ftLastAccessTime.dwLowDateTime=0x25e425c0, ftLastAccessTime.dwHighDateTime=0x1d820e8, ftLastWriteTime.dwLowDateTime=0x25e425c0, ftLastWriteTime.dwHighDateTime=0x1d820e8, nFileSizeHigh=0x0, nFileSizeLow=0x18b22, dwReserved0=0x0, dwReserved1=0x0, cFileName="YGxlk.png", cAlternateFileName="")) returned 1 [0235.640] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0235.640] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0235.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0235.640] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0235.640] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png", lpFilePart=0x0) returned 0x4a [0235.641] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png", lpFilePart=0x0) returned 0x4a [0235.641] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png", dwFileAttributes=0x80) returned 1 [0235.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0235.641] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\akzd1iy.png"), fInfoLevelId=0x0, lpFileInformation=0x254a540 | out: lpFileInformation=0x254a540*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7fce0a10, ftCreationTime.dwHighDateTime=0x1d82368, ftLastAccessTime.dwLowDateTime=0x88a871a0, ftLastAccessTime.dwHighDateTime=0x1d8250e, ftLastWriteTime.dwLowDateTime=0x88a871a0, ftLastWriteTime.dwHighDateTime=0x1d8250e, nFileSizeHigh=0x0, nFileSizeLow=0xa017)) returned 1 [0235.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0235.641] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png", lpFilePart=0x0) returned 0x4a [0235.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0235.641] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\akzd1iy.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0235.641] GetFileType (hFile=0x1f4) returned 0x1 [0235.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0235.642] GetFileType (hFile=0x1f4) returned 0x1 [0235.642] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0xa017 [0235.642] ReadFile (in: hFile=0x1f4, lpBuffer=0x254aa40, nNumberOfBytesToRead=0xa017, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x254aa40*, lpNumberOfBytesRead=0x14ecf8*=0xa017, lpOverlapped=0x0) returned 1 [0235.643] CloseHandle (hObject=0x1f4) returned 1 [0235.955] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png", lpFilePart=0x0) returned 0x4a [0235.955] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0235.955] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\akzd1iy.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0235.956] GetFileType (hFile=0x1f4) returned 0x1 [0235.956] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0235.956] GetFileType (hFile=0x1f4) returned 0x1 [0235.957] WriteFile (in: hFile=0x1f4, lpBuffer=0x25fffa0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25fffa0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0235.958] WriteFile (in: hFile=0x1f4, lpBuffer=0x25fffa0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25fffa0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0235.958] WriteFile (in: hFile=0x1f4, lpBuffer=0x25fffa0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25fffa0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0235.958] WriteFile (in: hFile=0x1f4, lpBuffer=0x25fffa0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25fffa0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0235.959] WriteFile (in: hFile=0x1f4, lpBuffer=0x25fffa0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25fffa0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0235.959] WriteFile (in: hFile=0x1f4, lpBuffer=0x25fffa0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25fffa0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0235.959] WriteFile (in: hFile=0x1f4, lpBuffer=0x25fffa0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25fffa0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0235.960] WriteFile (in: hFile=0x1f4, lpBuffer=0x25fffa0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25fffa0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0235.960] WriteFile (in: hFile=0x1f4, lpBuffer=0x25fffa0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25fffa0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0235.960] WriteFile (in: hFile=0x1f4, lpBuffer=0x25fffa0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25fffa0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0235.961] WriteFile (in: hFile=0x1f4, lpBuffer=0x25fffa0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25fffa0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0235.961] WriteFile (in: hFile=0x1f4, lpBuffer=0x25fffa0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25fffa0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0235.961] WriteFile (in: hFile=0x1f4, lpBuffer=0x25fffa0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25fffa0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0235.962] WriteFile (in: hFile=0x1f4, lpBuffer=0x25fffa0*, nNumberOfBytesToWrite=0x648, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x25fffa0*, lpNumberOfBytesWritten=0x14ebb8*=0x648, lpOverlapped=0x0) returned 1 [0235.964] CloseHandle (hObject=0x1f4) returned 1 [0235.967] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png", lpFilePart=0x0) returned 0x4a [0235.967] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png.ampkcz", lpFilePart=0x0) returned 0x51 [0235.967] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0235.968] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\akzd1iy.png"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7fce0a10, ftCreationTime.dwHighDateTime=0x1d82368, ftLastAccessTime.dwLowDateTime=0x88a871a0, ftLastAccessTime.dwHighDateTime=0x1d8250e, ftLastWriteTime.dwLowDateTime=0x7b0c6838, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd648)) returned 1 [0235.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0235.968] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\akzd1iy.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\AKzD1IY.png.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\akzd1iy.png.ampkcz")) returned 1 [0235.969] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\readme.txt", lpFilePart=0x0) returned 0x49 [0235.969] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0235.969] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0235.969] GetFileType (hFile=0x1f4) returned 0x1 [0235.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0235.969] GetFileType (hFile=0x1f4) returned 0x1 [0235.970] WriteFile (in: hFile=0x1f4, lpBuffer=0x26032b8*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ec68, lpOverlapped=0x0 | out: lpBuffer=0x26032b8*, lpNumberOfBytesWritten=0x14ec68*=0x6c6, lpOverlapped=0x0) returned 1 [0235.971] CloseHandle (hObject=0x1f4) returned 1 [0235.972] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp", lpFilePart=0x0) returned 0x49 [0235.972] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp", lpFilePart=0x0) returned 0x49 [0235.972] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp", dwFileAttributes=0x80) returned 1 [0235.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0235.973] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\qic4be.bmp"), fInfoLevelId=0x0, lpFileInformation=0x2605198 | out: lpFileInformation=0x2605198*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd7966c40, ftCreationTime.dwHighDateTime=0x1d81d48, ftLastAccessTime.dwLowDateTime=0x7d24f420, ftLastAccessTime.dwHighDateTime=0x1d821e9, ftLastWriteTime.dwLowDateTime=0x7d24f420, ftLastWriteTime.dwHighDateTime=0x1d821e9, nFileSizeHigh=0x0, nFileSizeLow=0x18d2)) returned 1 [0235.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0235.973] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp", lpFilePart=0x0) returned 0x49 [0235.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0235.973] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\qic4be.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0235.973] GetFileType (hFile=0x1f4) returned 0x1 [0235.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0235.973] GetFileType (hFile=0x1f4) returned 0x1 [0235.973] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x18d2 [0235.974] ReadFile (in: hFile=0x1f4, lpBuffer=0x2605698, nNumberOfBytesToRead=0x18d2, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x2605698*, lpNumberOfBytesRead=0x14ecf8*=0x18d2, lpOverlapped=0x0) returned 1 [0235.974] CloseHandle (hObject=0x1f4) returned 1 [0236.337] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp", lpFilePart=0x0) returned 0x49 [0236.337] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0236.337] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\qic4be.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0236.340] GetFileType (hFile=0x1f4) returned 0x1 [0236.340] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0236.341] GetFileType (hFile=0x1f4) returned 0x1 [0236.341] WriteFile (in: hFile=0x1f4, lpBuffer=0x26906f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26906f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0236.343] WriteFile (in: hFile=0x1f4, lpBuffer=0x26906f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebd8, lpOverlapped=0x0 | out: lpBuffer=0x26906f8*, lpNumberOfBytesWritten=0x14ebd8*=0x1000, lpOverlapped=0x0) returned 1 [0236.343] WriteFile (in: hFile=0x1f4, lpBuffer=0x26906f8*, nNumberOfBytesToWrite=0x1f4, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x26906f8*, lpNumberOfBytesWritten=0x14ebb8*=0x1f4, lpOverlapped=0x0) returned 1 [0236.343] CloseHandle (hObject=0x1f4) returned 1 [0236.345] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp", lpFilePart=0x0) returned 0x49 [0236.345] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp.ampkcz", lpFilePart=0x0) returned 0x50 [0236.345] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0236.345] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\qic4be.bmp"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7966c40, ftCreationTime.dwHighDateTime=0x1d81d48, ftLastAccessTime.dwLowDateTime=0x7d24f420, ftLastAccessTime.dwHighDateTime=0x1d821e9, ftLastWriteTime.dwLowDateTime=0x7b460aeb, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x21f4)) returned 1 [0236.345] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0236.345] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\qic4be.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\QIc4be.bmp.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\qic4be.bmp.ampkcz")) returned 1 [0236.350] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif", lpFilePart=0x0) returned 0x4b [0236.350] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif", lpFilePart=0x0) returned 0x4b [0236.350] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif", dwFileAttributes=0x80) returned 1 [0236.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0236.351] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\r5dqrdcs.gif"), fInfoLevelId=0x0, lpFileInformation=0x2692c60 | out: lpFileInformation=0x2692c60*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x12b37120, ftCreationTime.dwHighDateTime=0x1d82554, ftLastAccessTime.dwLowDateTime=0x5580d630, ftLastAccessTime.dwHighDateTime=0x1d82957, ftLastWriteTime.dwLowDateTime=0x5580d630, ftLastWriteTime.dwHighDateTime=0x1d82957, nFileSizeHigh=0x0, nFileSizeLow=0x8f84)) returned 1 [0236.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0236.351] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif", lpFilePart=0x0) returned 0x4b [0236.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0236.351] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\r5dqrdcs.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0236.351] GetFileType (hFile=0x1f4) returned 0x1 [0236.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0236.351] GetFileType (hFile=0x1f4) returned 0x1 [0236.351] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x8f84 [0236.352] ReadFile (in: hFile=0x1f4, lpBuffer=0x2693170, nNumberOfBytesToRead=0x8f84, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x2693170*, lpNumberOfBytesRead=0x14ecf8*=0x8f84, lpOverlapped=0x0) returned 1 [0236.353] CloseHandle (hObject=0x1f4) returned 1 [0236.668] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif", lpFilePart=0x0) returned 0x4b [0236.669] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0236.669] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\r5dqrdcs.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0236.670] GetFileType (hFile=0x1f4) returned 0x1 [0236.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0236.670] GetFileType (hFile=0x1f4) returned 0x1 [0236.670] WriteFile (in: hFile=0x1f4, lpBuffer=0x2742378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2742378*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0236.672] WriteFile (in: hFile=0x1f4, lpBuffer=0x2742378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2742378*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0236.672] WriteFile (in: hFile=0x1f4, lpBuffer=0x2742378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2742378*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0236.672] WriteFile (in: hFile=0x1f4, lpBuffer=0x2742378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2742378*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0236.673] WriteFile (in: hFile=0x1f4, lpBuffer=0x2742378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2742378*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0236.673] WriteFile (in: hFile=0x1f4, lpBuffer=0x2742378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2742378*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0236.674] WriteFile (in: hFile=0x1f4, lpBuffer=0x2742378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2742378*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0236.674] WriteFile (in: hFile=0x1f4, lpBuffer=0x2742378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2742378*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0236.674] WriteFile (in: hFile=0x1f4, lpBuffer=0x2742378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2742378*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0236.675] WriteFile (in: hFile=0x1f4, lpBuffer=0x2742378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2742378*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0236.675] WriteFile (in: hFile=0x1f4, lpBuffer=0x2742378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2742378*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0236.675] WriteFile (in: hFile=0x1f4, lpBuffer=0x2742378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebd8, lpOverlapped=0x0 | out: lpBuffer=0x2742378*, lpNumberOfBytesWritten=0x14ebd8*=0x1000, lpOverlapped=0x0) returned 1 [0236.675] WriteFile (in: hFile=0x1f4, lpBuffer=0x2742378*, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x2742378*, lpNumberOfBytesWritten=0x14ebb8*=0x34, lpOverlapped=0x0) returned 1 [0236.676] CloseHandle (hObject=0x1f4) returned 1 [0236.678] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif", lpFilePart=0x0) returned 0x4b [0236.679] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif.ampkcz", lpFilePart=0x0) returned 0x52 [0236.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0236.679] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\r5dqrdcs.gif"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12b37120, ftCreationTime.dwHighDateTime=0x1d82554, ftLastAccessTime.dwLowDateTime=0x5580d630, ftLastAccessTime.dwHighDateTime=0x1d82957, ftLastWriteTime.dwLowDateTime=0x7b78f22a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc034)) returned 1 [0236.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0236.679] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\r5dqrdcs.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\r5DQrDCs.gif.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\r5dqrdcs.gif.ampkcz")) returned 1 [0236.680] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png", lpFilePart=0x0) returned 0x52 [0236.680] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png", lpFilePart=0x0) returned 0x52 [0236.680] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png", dwFileAttributes=0x80) returned 1 [0236.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0236.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\uos_jodxfespdsu.png"), fInfoLevelId=0x0, lpFileInformation=0x2743948 | out: lpFileInformation=0x2743948*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x731b9cf0, ftCreationTime.dwHighDateTime=0x1d827ab, ftLastAccessTime.dwLowDateTime=0xc5c49570, ftLastAccessTime.dwHighDateTime=0x1d82935, ftLastWriteTime.dwLowDateTime=0xc5c49570, ftLastWriteTime.dwHighDateTime=0x1d82935, nFileSizeHigh=0x0, nFileSizeLow=0x9610)) returned 1 [0236.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0236.705] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png", lpFilePart=0x0) returned 0x52 [0236.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0236.705] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\uos_jodxfespdsu.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0236.706] GetFileType (hFile=0x1f4) returned 0x1 [0236.706] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0236.706] GetFileType (hFile=0x1f4) returned 0x1 [0236.706] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x9610 [0236.706] ReadFile (in: hFile=0x1f4, lpBuffer=0x2743e98, nNumberOfBytesToRead=0x9610, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x2743e98*, lpNumberOfBytesRead=0x14ecf8*=0x9610, lpOverlapped=0x0) returned 1 [0236.707] CloseHandle (hObject=0x1f4) returned 1 [0237.036] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png", lpFilePart=0x0) returned 0x52 [0237.036] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0237.036] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\uos_jodxfespdsu.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0237.038] GetFileType (hFile=0x1f4) returned 0x1 [0237.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0237.038] GetFileType (hFile=0x1f4) returned 0x1 [0237.038] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25f7cd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.039] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25f7cd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.040] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25f7cd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.040] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25f7cd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.040] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25f7cd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.041] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25f7cd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.041] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25f7cd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.042] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25f7cd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.042] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25f7cd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.042] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25f7cd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.043] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25f7cd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.043] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25f7cd8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.043] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7cd8*, nNumberOfBytesToWrite=0x8f4, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x25f7cd8*, lpNumberOfBytesWritten=0x14ebb8*=0x8f4, lpOverlapped=0x0) returned 1 [0237.044] CloseHandle (hObject=0x1f4) returned 1 [0237.046] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png", lpFilePart=0x0) returned 0x52 [0237.046] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png.ampkcz", lpFilePart=0x0) returned 0x59 [0237.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0237.046] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\uos_jodxfespdsu.png"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x731b9cf0, ftCreationTime.dwHighDateTime=0x1d827ab, ftLastAccessTime.dwLowDateTime=0xc5c49570, ftLastAccessTime.dwHighDateTime=0x1d82935, ftLastWriteTime.dwLowDateTime=0x7bb10d00, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc8f4)) returned 1 [0237.047] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0237.047] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\uos_jodxfespdsu.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uOS_JODxfeSPDsu.png.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\uos_jodxfespdsu.png.ampkcz")) returned 1 [0237.048] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png", lpFilePart=0x0) returned 0x4d [0237.048] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png", lpFilePart=0x0) returned 0x4d [0237.048] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png", dwFileAttributes=0x80) returned 1 [0237.048] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0237.048] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\uxwtciw8mz.png"), fInfoLevelId=0x0, lpFileInformation=0x25f92d0 | out: lpFileInformation=0x25f92d0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x38798d40, ftCreationTime.dwHighDateTime=0x1d82239, ftLastAccessTime.dwLowDateTime=0x1a6aa340, ftLastAccessTime.dwHighDateTime=0x1d8279b, ftLastWriteTime.dwLowDateTime=0x1a6aa340, ftLastWriteTime.dwHighDateTime=0x1d8279b, nFileSizeHigh=0x0, nFileSizeLow=0x1762c)) returned 1 [0237.049] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0237.049] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png", lpFilePart=0x0) returned 0x4d [0237.049] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0237.049] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\uxwtciw8mz.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0237.049] GetFileType (hFile=0x1f4) returned 0x1 [0237.049] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0237.049] GetFileType (hFile=0x1f4) returned 0x1 [0237.049] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x1762c [0237.049] ReadFile (in: hFile=0x1f4, lpBuffer=0x127ebe20, nNumberOfBytesToRead=0x1762c, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x127ebe20*, lpNumberOfBytesRead=0x14ecf8*=0x1762c, lpOverlapped=0x0) returned 1 [0237.052] CloseHandle (hObject=0x1f4) returned 1 [0237.409] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png", lpFilePart=0x0) returned 0x4d [0237.409] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0237.409] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\uxwtciw8mz.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0237.414] GetFileType (hFile=0x1f4) returned 0x1 [0237.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0237.414] GetFileType (hFile=0x1f4) returned 0x1 [0237.414] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.415] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.415] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.416] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.416] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.417] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.417] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.417] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.418] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.418] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.419] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.419] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.419] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.420] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.420] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.420] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.421] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.421] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.422] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.422] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.422] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.423] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.423] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.423] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.424] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.424] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.425] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.425] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.425] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.426] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.426] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebd8, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ebd8*=0x1000, lpOverlapped=0x0) returned 1 [0237.426] WriteFile (in: hFile=0x1f4, lpBuffer=0x25240e0*, nNumberOfBytesToWrite=0x3b4, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x25240e0*, lpNumberOfBytesWritten=0x14ebb8*=0x3b4, lpOverlapped=0x0) returned 1 [0237.426] CloseHandle (hObject=0x1f4) returned 1 [0237.432] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png", lpFilePart=0x0) returned 0x4d [0237.432] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png.ampkcz", lpFilePart=0x0) returned 0x54 [0237.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0237.433] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\uxwtciw8mz.png"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38798d40, ftCreationTime.dwHighDateTime=0x1d82239, ftLastAccessTime.dwLowDateTime=0x1a6aa340, ftLastAccessTime.dwHighDateTime=0x1d8279b, ftLastWriteTime.dwLowDateTime=0x7bebf8b0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1f3b4)) returned 1 [0237.433] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0237.433] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\uxwtciw8mz.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\uXWtciW8Mz.png.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\uxwtciw8mz.png.ampkcz")) returned 1 [0237.434] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg", lpFilePart=0x0) returned 0x50 [0237.434] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg", lpFilePart=0x0) returned 0x50 [0237.434] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg", dwFileAttributes=0x80) returned 1 [0237.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0237.434] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\xlsjiwcf3aoor.jpg"), fInfoLevelId=0x0, lpFileInformation=0x2525628 | out: lpFileInformation=0x2525628*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x102c9b50, ftCreationTime.dwHighDateTime=0x1d81a34, ftLastAccessTime.dwLowDateTime=0xcc78b8c0, ftLastAccessTime.dwHighDateTime=0x1d81b10, ftLastWriteTime.dwLowDateTime=0xcc78b8c0, ftLastWriteTime.dwHighDateTime=0x1d81b10, nFileSizeHigh=0x0, nFileSizeLow=0x533a)) returned 1 [0237.434] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0237.434] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg", lpFilePart=0x0) returned 0x50 [0237.435] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0237.435] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\xlsjiwcf3aoor.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0237.435] GetFileType (hFile=0x1f4) returned 0x1 [0237.435] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0237.435] GetFileType (hFile=0x1f4) returned 0x1 [0237.435] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x533a [0237.435] ReadFile (in: hFile=0x1f4, lpBuffer=0x2525b78, nNumberOfBytesToRead=0x533a, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x2525b78*, lpNumberOfBytesRead=0x14ecf8*=0x533a, lpOverlapped=0x0) returned 1 [0237.436] CloseHandle (hObject=0x1f4) returned 1 [0237.909] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg", lpFilePart=0x0) returned 0x50 [0237.909] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0237.909] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\xlsjiwcf3aoor.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0237.910] GetFileType (hFile=0x1f4) returned 0x1 [0237.910] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0237.910] GetFileType (hFile=0x1f4) returned 0x1 [0237.911] WriteFile (in: hFile=0x1f4, lpBuffer=0x25da188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25da188*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.912] WriteFile (in: hFile=0x1f4, lpBuffer=0x25da188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25da188*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.912] WriteFile (in: hFile=0x1f4, lpBuffer=0x25da188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25da188*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.913] WriteFile (in: hFile=0x1f4, lpBuffer=0x25da188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25da188*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.913] WriteFile (in: hFile=0x1f4, lpBuffer=0x25da188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25da188*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.914] WriteFile (in: hFile=0x1f4, lpBuffer=0x25da188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25da188*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0237.914] WriteFile (in: hFile=0x1f4, lpBuffer=0x25da188*, nNumberOfBytesToWrite=0xfc8, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x25da188*, lpNumberOfBytesWritten=0x14ebb8*=0xfc8, lpOverlapped=0x0) returned 1 [0237.914] CloseHandle (hObject=0x1f4) returned 1 [0237.916] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg", lpFilePart=0x0) returned 0x50 [0237.916] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg.ampkcz", lpFilePart=0x0) returned 0x57 [0237.916] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0237.916] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\xlsjiwcf3aoor.jpg"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x102c9b50, ftCreationTime.dwHighDateTime=0x1d81a34, ftLastAccessTime.dwLowDateTime=0xcc78b8c0, ftLastAccessTime.dwHighDateTime=0x1d81b10, ftLastWriteTime.dwLowDateTime=0x7c35cc19, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6fc8)) returned 1 [0237.916] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0237.917] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\xlsjiwcf3aoor.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\xLsjiwCf3AooR.jpg.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\xlsjiwcf3aoor.jpg.ampkcz")) returned 1 [0237.919] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png", lpFilePart=0x0) returned 0x48 [0237.919] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png", lpFilePart=0x0) returned 0x48 [0237.919] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png", dwFileAttributes=0x80) returned 1 [0237.919] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0237.920] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\ygxlk.png"), fInfoLevelId=0x0, lpFileInformation=0x25db768 | out: lpFileInformation=0x25db768*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x3aac4040, ftCreationTime.dwHighDateTime=0x1d81c9d, ftLastAccessTime.dwLowDateTime=0x25e425c0, ftLastAccessTime.dwHighDateTime=0x1d820e8, ftLastWriteTime.dwLowDateTime=0x25e425c0, ftLastWriteTime.dwHighDateTime=0x1d820e8, nFileSizeHigh=0x0, nFileSizeLow=0x18b22)) returned 1 [0237.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0237.920] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png", lpFilePart=0x0) returned 0x48 [0237.920] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0237.920] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\ygxlk.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0237.920] GetFileType (hFile=0x1f4) returned 0x1 [0237.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0237.920] GetFileType (hFile=0x1f4) returned 0x1 [0237.920] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x18b22 [0237.920] ReadFile (in: hFile=0x1f4, lpBuffer=0x125ed288, nNumberOfBytesToRead=0x18b22, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x125ed288*, lpNumberOfBytesRead=0x14ecf8*=0x18b22, lpOverlapped=0x0) returned 1 [0237.922] CloseHandle (hObject=0x1f4) returned 1 [0238.231] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png", lpFilePart=0x0) returned 0x48 [0238.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0238.231] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\ygxlk.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0238.233] GetFileType (hFile=0x1f4) returned 0x1 [0238.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0238.233] GetFileType (hFile=0x1f4) returned 0x1 [0238.233] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.234] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.235] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.235] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.235] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.236] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.236] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.236] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.237] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.237] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.237] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.238] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.238] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.238] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.238] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.239] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.239] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.239] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.240] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.240] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.240] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.241] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.241] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.241] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.242] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.242] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.243] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.243] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.243] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.244] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.244] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.244] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0238.245] WriteFile (in: hFile=0x1f4, lpBuffer=0x26550d8*, nNumberOfBytesToWrite=0xfb4, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x26550d8*, lpNumberOfBytesWritten=0x14ebb8*=0xfb4, lpOverlapped=0x0) returned 1 [0238.245] CloseHandle (hObject=0x1f4) returned 1 [0238.283] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png", lpFilePart=0x0) returned 0x48 [0238.283] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png.ampkcz", lpFilePart=0x0) returned 0x4f [0238.284] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0238.284] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\ygxlk.png"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3aac4040, ftCreationTime.dwHighDateTime=0x1d81c9d, ftLastAccessTime.dwLowDateTime=0x25e425c0, ftLastAccessTime.dwHighDateTime=0x1d820e8, ftLastWriteTime.dwLowDateTime=0x7c6db76d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x20fb4)) returned 1 [0238.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0238.285] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\ygxlk.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\YGxlk.png.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\lldmoqasd6\\xlknk1gfje4zfhgory_f\\ygxlk.png.ampkcz")) returned 1 [0238.287] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0238.288] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F", lpFilePart=0x0) returned 0x3e [0238.288] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\", lpFilePart=0x0) returned 0x3f [0238.289] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\LldMOQASD6\\XlKnK1gfJe4zFhGoRY_F\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x700f46a0, ftCreationTime.dwHighDateTime=0x1d81f00, ftLastAccessTime.dwLowDateTime=0x7c6e2e4b, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7c6e2e4b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0238.290] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x700f46a0, ftCreationTime.dwHighDateTime=0x1d81f00, ftLastAccessTime.dwLowDateTime=0x7c6e2e4b, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7c6e2e4b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0238.292] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7fce0a10, ftCreationTime.dwHighDateTime=0x1d82368, ftLastAccessTime.dwLowDateTime=0x88a871a0, ftLastAccessTime.dwHighDateTime=0x1d8250e, ftLastWriteTime.dwLowDateTime=0x7b0c6838, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd648, dwReserved0=0x0, dwReserved1=0x0, cFileName="AKzD1IY.png.ampkcz", cAlternateFileName="AKZD1I~1.AMP")) returned 1 [0238.293] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7966c40, ftCreationTime.dwHighDateTime=0x1d81d48, ftLastAccessTime.dwLowDateTime=0x7d24f420, ftLastAccessTime.dwHighDateTime=0x1d821e9, ftLastWriteTime.dwLowDateTime=0x7b460aeb, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x21f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="QIc4be.bmp.ampkcz", cAlternateFileName="QIC4BE~1.AMP")) returned 1 [0238.295] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12b37120, ftCreationTime.dwHighDateTime=0x1d82554, ftLastAccessTime.dwLowDateTime=0x5580d630, ftLastAccessTime.dwHighDateTime=0x1d82957, ftLastWriteTime.dwLowDateTime=0x7b78f22a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc034, dwReserved0=0x0, dwReserved1=0x0, cFileName="r5DQrDCs.gif.ampkcz", cAlternateFileName="R5DQRD~1.AMP")) returned 1 [0238.295] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b0cb440, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x7b0cb440, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7b0d023c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0238.296] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x731b9cf0, ftCreationTime.dwHighDateTime=0x1d827ab, ftLastAccessTime.dwLowDateTime=0xc5c49570, ftLastAccessTime.dwHighDateTime=0x1d82935, ftLastWriteTime.dwLowDateTime=0x7bb10d00, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc8f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="uOS_JODxfeSPDsu.png.ampkcz", cAlternateFileName="UOS_JO~1.AMP")) returned 1 [0238.296] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38798d40, ftCreationTime.dwHighDateTime=0x1d82239, ftLastAccessTime.dwLowDateTime=0x1a6aa340, ftLastAccessTime.dwHighDateTime=0x1d8279b, ftLastWriteTime.dwLowDateTime=0x7bebf8b0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1f3b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="uXWtciW8Mz.png.ampkcz", cAlternateFileName="UXWTCI~1.AMP")) returned 1 [0238.296] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x102c9b50, ftCreationTime.dwHighDateTime=0x1d81a34, ftLastAccessTime.dwLowDateTime=0xcc78b8c0, ftLastAccessTime.dwHighDateTime=0x1d81b10, ftLastWriteTime.dwLowDateTime=0x7c35cc19, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6fc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="xLsjiwCf3AooR.jpg.ampkcz", cAlternateFileName="XLSJIW~1.AMP")) returned 1 [0238.296] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3aac4040, ftCreationTime.dwHighDateTime=0x1d81c9d, ftLastAccessTime.dwLowDateTime=0x25e425c0, ftLastAccessTime.dwHighDateTime=0x1d820e8, ftLastWriteTime.dwLowDateTime=0x7c6db76d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x20fb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="YGxlk.png.ampkcz", cAlternateFileName="YGXLKP~1.AMP")) returned 1 [0238.299] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3aac4040, ftCreationTime.dwHighDateTime=0x1d81c9d, ftLastAccessTime.dwLowDateTime=0x25e425c0, ftLastAccessTime.dwHighDateTime=0x1d820e8, ftLastWriteTime.dwLowDateTime=0x7c6db76d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x20fb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="YGxlk.png.ampkcz", cAlternateFileName="YGXLKP~1.AMP")) returned 0 [0238.299] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0238.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0238.300] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0238.300] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0238.300] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures", lpFilePart=0x0) returned 0x2d [0238.300] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\", lpFilePart=0x0) returned 0x2e [0238.300] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0238.302] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0238.302] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0xbe, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0238.302] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0238.302] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0238.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0238.302] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0238.305] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini", lpFilePart=0x0) returned 0x39 [0238.305] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini", lpFilePart=0x0) returned 0x39 [0238.305] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini", dwFileAttributes=0x80) returned 1 [0238.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0238.306] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x2659d98 | out: lpFileInformation=0x2659d98*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x2b1a6533, ftLastWriteTime.dwHighDateTime=0x1d70504, nFileSizeHigh=0x0, nFileSizeLow=0xbe)) returned 1 [0238.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0238.306] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini", lpFilePart=0x0) returned 0x39 [0238.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0238.306] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0238.306] GetFileType (hFile=0x1f4) returned 0x1 [0238.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0238.306] GetFileType (hFile=0x1f4) returned 0x1 [0238.306] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xbe [0238.306] ReadFile (in: hFile=0x1f4, lpBuffer=0x265a310, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x265a310*, lpNumberOfBytesRead=0x14ed68*=0xbe, lpOverlapped=0x0) returned 1 [0238.307] CloseHandle (hObject=0x1f4) returned 1 [0238.638] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini", lpFilePart=0x0) returned 0x39 [0238.638] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0238.638] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0238.639] GetFileType (hFile=0x1f4) returned 0x1 [0238.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0238.639] GetFileType (hFile=0x1f4) returned 0x1 [0238.639] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d4ff8*, nNumberOfBytesToWrite=0x1c8, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26d4ff8*, lpNumberOfBytesWritten=0x14ec28*=0x1c8, lpOverlapped=0x0) returned 1 [0238.646] CloseHandle (hObject=0x1f4) returned 1 [0238.647] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini", lpFilePart=0x0) returned 0x39 [0238.648] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini.ampkcz", lpFilePart=0x0) returned 0x40 [0238.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0238.648] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x7ca56526, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1c8)) returned 1 [0238.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0238.648] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures\\desktop.ini"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\desktop.ini.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures\\desktop.ini.ampkcz")) returned 1 [0238.649] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\readme.txt", lpFilePart=0x0) returned 0x38 [0238.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0238.649] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\pictures\\saved pictures\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0238.650] GetFileType (hFile=0x1f4) returned 0x1 [0238.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0238.650] GetFileType (hFile=0x1f4) returned 0x1 [0238.651] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d8270*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x26d8270*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0238.652] CloseHandle (hObject=0x1f4) returned 1 [0238.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0238.653] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures", lpFilePart=0x0) returned 0x2d [0238.653] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\", lpFilePart=0x0) returned 0x2e [0238.653] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Pictures\\Saved Pictures\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x7ca58a5a, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7ca59dfb, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0238.653] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x7ca58a5a, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7ca59dfb, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0238.653] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b1a6533, ftCreationTime.dwHighDateTime=0x1d70504, ftLastAccessTime.dwLowDateTime=0x2b1a6533, ftLastAccessTime.dwHighDateTime=0x1d70504, ftLastWriteTime.dwLowDateTime=0x7ca56526, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0238.654] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ca59dfb, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x7ca59dfb, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7ca627e5, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0238.654] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ca59dfb, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x7ca59dfb, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7ca627e5, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0238.654] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0238.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0238.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0238.654] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0238.654] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music", lpFilePart=0x0) returned 0x1b [0238.654] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\", lpFilePart=0x0) returned 0x1c [0238.655] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xf26b663f, ftLastAccessTime.dwHighDateTime=0x1d82a28, ftLastWriteTime.dwLowDateTime=0xf26b663f, ftLastWriteTime.dwHighDateTime=0x1d82a28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0238.655] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xf26b663f, ftLastAccessTime.dwHighDateTime=0x1d82a28, ftLastWriteTime.dwLowDateTime=0xf26b663f, ftLastWriteTime.dwHighDateTime=0x1d82a28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0238.655] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x356e2ae0, ftCreationTime.dwHighDateTime=0x1d81c0b, ftLastAccessTime.dwLowDateTime=0xf0ddda10, ftLastAccessTime.dwHighDateTime=0x1d82060, ftLastWriteTime.dwLowDateTime=0xf0ddda10, ftLastWriteTime.dwHighDateTime=0x1d82060, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aOr_0l-_", cAlternateFileName="")) returned 1 [0238.655] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6951a3c0, ftCreationTime.dwHighDateTime=0x1d81b19, ftLastAccessTime.dwLowDateTime=0x68594d00, ftLastAccessTime.dwHighDateTime=0x1d8240c, ftLastWriteTime.dwLowDateTime=0x68594d00, ftLastWriteTime.dwHighDateTime=0x1d8240c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBWVp2uUK", cAlternateFileName="BBWVP2~1")) returned 1 [0238.656] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85d91960, ftCreationTime.dwHighDateTime=0x1d81c18, ftLastAccessTime.dwLowDateTime=0x3eab2ca0, ftLastAccessTime.dwHighDateTime=0x1d82216, ftLastWriteTime.dwLowDateTime=0x3eab2ca0, ftLastWriteTime.dwHighDateTime=0x1d82216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BJUEc", cAlternateFileName="")) returned 1 [0238.656] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43649a85, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43649a85, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0238.656] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c62350, ftCreationTime.dwHighDateTime=0x1d81fa0, ftLastAccessTime.dwLowDateTime=0xa1b9020, ftLastAccessTime.dwHighDateTime=0x1d81fe5, ftLastWriteTime.dwLowDateTime=0xa1b9020, ftLastWriteTime.dwHighDateTime=0x1d81fe5, nFileSizeHigh=0x0, nFileSizeLow=0xba15, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ec AoPKIkYeK4zcxY.m4a", cAlternateFileName="ECAOPK~1.M4A")) returned 1 [0238.656] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc60b2a90, ftCreationTime.dwHighDateTime=0x1d82051, ftLastAccessTime.dwLowDateTime=0xfc2fff40, ftLastAccessTime.dwHighDateTime=0x1d82341, ftLastWriteTime.dwLowDateTime=0xfc2fff40, ftLastWriteTime.dwHighDateTime=0x1d82341, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FlG2xy", cAlternateFileName="")) returned 1 [0238.656] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4417cb90, ftCreationTime.dwHighDateTime=0x1d81a22, ftLastAccessTime.dwLowDateTime=0x23759ba0, ftLastAccessTime.dwHighDateTime=0x1d81ae6, ftLastWriteTime.dwLowDateTime=0x23759ba0, ftLastWriteTime.dwHighDateTime=0x1d81ae6, nFileSizeHigh=0x0, nFileSizeLow=0x2eb9, dwReserved0=0x0, dwReserved1=0x0, cFileName="JWRhu6PW-N_JtHKHctzp.m4a", cAlternateFileName="JWRHU6~1.M4A")) returned 1 [0238.657] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa1a830b0, ftCreationTime.dwHighDateTime=0x1d82779, ftLastAccessTime.dwLowDateTime=0x42552950, ftLastAccessTime.dwHighDateTime=0x1d827de, ftLastWriteTime.dwLowDateTime=0x42552950, ftLastWriteTime.dwHighDateTime=0x1d827de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="l8lZVBLxnO5OrJ wF", cAlternateFileName="L8LZVB~1")) returned 1 [0238.657] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68d2fea0, ftCreationTime.dwHighDateTime=0x1d82571, ftLastAccessTime.dwLowDateTime=0x58f760a0, ftLastAccessTime.dwHighDateTime=0x1d82578, ftLastWriteTime.dwLowDateTime=0x58f760a0, ftLastWriteTime.dwHighDateTime=0x1d82578, nFileSizeHigh=0x0, nFileSizeLow=0x15ff1, dwReserved0=0x0, dwReserved1=0x0, cFileName="lnpwHWei4hMwarh_Gi.m4a", cAlternateFileName="LNPWHW~1.M4A")) returned 1 [0238.657] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91817e40, ftCreationTime.dwHighDateTime=0x1d819fe, ftLastAccessTime.dwLowDateTime=0x4452abe0, ftLastAccessTime.dwHighDateTime=0x1d826be, ftLastWriteTime.dwLowDateTime=0x4452abe0, ftLastWriteTime.dwHighDateTime=0x1d826be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rOJu8omDa5zU4", cAlternateFileName="ROJU8O~1")) returned 1 [0238.657] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91817e40, ftCreationTime.dwHighDateTime=0x1d819fe, ftLastAccessTime.dwLowDateTime=0x4452abe0, ftLastAccessTime.dwHighDateTime=0x1d826be, ftLastWriteTime.dwLowDateTime=0x4452abe0, ftLastWriteTime.dwHighDateTime=0x1d826be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rOJu8omDa5zU4", cAlternateFileName="ROJU8O~1")) returned 0 [0238.658] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0238.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0238.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0238.661] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini", lpFilePart=0x0) returned 0x27 [0238.661] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini", lpFilePart=0x0) returned 0x27 [0238.661] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini", dwFileAttributes=0x80) returned 1 [0238.661] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0238.661] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x26dd0c8 | out: lpFileInformation=0x26dd0c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x43649a85, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43649a85, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436bc315, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0238.661] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0238.662] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini", lpFilePart=0x0) returned 0x27 [0238.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0238.662] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0238.662] GetFileType (hFile=0x1f4) returned 0x1 [0238.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0238.662] GetFileType (hFile=0x1f4) returned 0x1 [0238.662] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x1f8 [0238.662] ReadFile (in: hFile=0x1f4, lpBuffer=0x26dd700, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x26dd700*, lpNumberOfBytesRead=0x14edd8*=0x1f8, lpOverlapped=0x0) returned 1 [0238.662] CloseHandle (hObject=0x1f4) returned 1 [0239.200] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini", lpFilePart=0x0) returned 0x27 [0239.200] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0239.200] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0239.202] GetFileType (hFile=0x1f4) returned 0x1 [0239.202] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0239.202] GetFileType (hFile=0x1f4) returned 0x1 [0239.202] WriteFile (in: hFile=0x1f4, lpBuffer=0x2559c50*, nNumberOfBytesToWrite=0x374, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2559c50*, lpNumberOfBytesWritten=0x14ec98*=0x374, lpOverlapped=0x0) returned 1 [0239.203] CloseHandle (hObject=0x1f4) returned 1 [0239.205] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini", lpFilePart=0x0) returned 0x27 [0239.205] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini.ampkcz", lpFilePart=0x0) returned 0x2e [0239.205] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0239.205] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43649a85, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43649a85, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x7cfa7366, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x374)) returned 1 [0239.205] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0239.205] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\desktop.ini"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\desktop.ini.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\desktop.ini.ampkcz")) returned 1 [0239.206] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\readme.txt", lpFilePart=0x0) returned 0x26 [0239.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0239.206] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0239.207] GetFileType (hFile=0x1f4) returned 0x1 [0239.207] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0239.207] GetFileType (hFile=0x1f4) returned 0x1 [0239.208] WriteFile (in: hFile=0x1f4, lpBuffer=0x255ce00*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ed48, lpOverlapped=0x0 | out: lpBuffer=0x255ce00*, lpNumberOfBytesWritten=0x14ed48*=0x6c6, lpOverlapped=0x0) returned 1 [0239.209] CloseHandle (hObject=0x1f4) returned 1 [0239.211] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a", lpFilePart=0x0) returned 0x31 [0239.211] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a", lpFilePart=0x0) returned 0x31 [0239.211] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a", dwFileAttributes=0x80) returned 1 [0239.211] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0239.211] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\ec aopkikyek4zcxy.m4a"), fInfoLevelId=0x0, lpFileInformation=0x255f310 | out: lpFileInformation=0x255f310*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf9c62350, ftCreationTime.dwHighDateTime=0x1d81fa0, ftLastAccessTime.dwLowDateTime=0xa1b9020, ftLastAccessTime.dwHighDateTime=0x1d81fe5, ftLastWriteTime.dwLowDateTime=0xa1b9020, ftLastWriteTime.dwHighDateTime=0x1d81fe5, nFileSizeHigh=0x0, nFileSizeLow=0xba15)) returned 1 [0239.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0239.211] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a", lpFilePart=0x0) returned 0x31 [0239.211] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0239.211] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\ec aopkikyek4zcxy.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0239.211] GetFileType (hFile=0x1f4) returned 0x1 [0239.211] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0239.211] GetFileType (hFile=0x1f4) returned 0x1 [0239.211] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0xba15 [0239.212] ReadFile (in: hFile=0x1f4, lpBuffer=0x255f7b0, nNumberOfBytesToRead=0xba15, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x255f7b0*, lpNumberOfBytesRead=0x14edd8*=0xba15, lpOverlapped=0x0) returned 1 [0239.213] CloseHandle (hObject=0x1f4) returned 1 [0239.567] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a", lpFilePart=0x0) returned 0x31 [0239.567] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0239.567] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\ec aopkikyek4zcxy.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0239.569] GetFileType (hFile=0x1f4) returned 0x1 [0239.569] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0239.569] GetFileType (hFile=0x1f4) returned 0x1 [0239.569] WriteFile (in: hFile=0x1f4, lpBuffer=0x26074c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26074c0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0239.570] WriteFile (in: hFile=0x1f4, lpBuffer=0x26074c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26074c0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0239.571] WriteFile (in: hFile=0x1f4, lpBuffer=0x26074c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26074c0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0239.571] WriteFile (in: hFile=0x1f4, lpBuffer=0x26074c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26074c0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0239.571] WriteFile (in: hFile=0x1f4, lpBuffer=0x26074c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26074c0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0239.572] WriteFile (in: hFile=0x1f4, lpBuffer=0x26074c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26074c0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0239.572] WriteFile (in: hFile=0x1f4, lpBuffer=0x26074c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26074c0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0239.572] WriteFile (in: hFile=0x1f4, lpBuffer=0x26074c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26074c0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0239.573] WriteFile (in: hFile=0x1f4, lpBuffer=0x26074c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26074c0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0239.573] WriteFile (in: hFile=0x1f4, lpBuffer=0x26074c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26074c0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0239.573] WriteFile (in: hFile=0x1f4, lpBuffer=0x26074c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26074c0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0239.574] WriteFile (in: hFile=0x1f4, lpBuffer=0x26074c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26074c0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0239.574] WriteFile (in: hFile=0x1f4, lpBuffer=0x26074c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26074c0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0239.574] WriteFile (in: hFile=0x1f4, lpBuffer=0x26074c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26074c0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0239.575] WriteFile (in: hFile=0x1f4, lpBuffer=0x26074c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26074c0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0239.575] WriteFile (in: hFile=0x1f4, lpBuffer=0x26074c0*, nNumberOfBytesToWrite=0x8f4, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26074c0*, lpNumberOfBytesWritten=0x14ec98*=0x8f4, lpOverlapped=0x0) returned 1 [0239.575] CloseHandle (hObject=0x1f4) returned 1 [0239.579] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a", lpFilePart=0x0) returned 0x31 [0239.579] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a.ampkcz", lpFilePart=0x0) returned 0x38 [0239.579] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0239.579] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\ec aopkikyek4zcxy.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c62350, ftCreationTime.dwHighDateTime=0x1d81fa0, ftLastAccessTime.dwLowDateTime=0xa1b9020, ftLastAccessTime.dwHighDateTime=0x1d81fe5, ftLastWriteTime.dwLowDateTime=0x7d338611, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xf8f4)) returned 1 [0239.579] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0239.579] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\ec aopkikyek4zcxy.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\Ec AoPKIkYeK4zcxY.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\ec aopkikyek4zcxy.m4a.ampkcz")) returned 1 [0239.582] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a", lpFilePart=0x0) returned 0x34 [0239.582] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a", lpFilePart=0x0) returned 0x34 [0239.582] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a", dwFileAttributes=0x80) returned 1 [0239.582] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0239.582] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\jwrhu6pw-n_jthkhctzp.m4a"), fInfoLevelId=0x0, lpFileInformation=0x2609410 | out: lpFileInformation=0x2609410*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4417cb90, ftCreationTime.dwHighDateTime=0x1d81a22, ftLastAccessTime.dwLowDateTime=0x23759ba0, ftLastAccessTime.dwHighDateTime=0x1d81ae6, ftLastWriteTime.dwLowDateTime=0x23759ba0, ftLastWriteTime.dwHighDateTime=0x1d81ae6, nFileSizeHigh=0x0, nFileSizeLow=0x2eb9)) returned 1 [0239.582] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0239.582] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a", lpFilePart=0x0) returned 0x34 [0239.582] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0239.582] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\jwrhu6pw-n_jthkhctzp.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0239.583] GetFileType (hFile=0x1f4) returned 0x1 [0239.583] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0239.583] GetFileType (hFile=0x1f4) returned 0x1 [0239.583] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x2eb9 [0239.583] ReadFile (in: hFile=0x1f4, lpBuffer=0x26098d8, nNumberOfBytesToRead=0x2eb9, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x26098d8*, lpNumberOfBytesRead=0x14edd8*=0x2eb9, lpOverlapped=0x0) returned 1 [0239.584] CloseHandle (hObject=0x1f4) returned 1 [0239.860] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a", lpFilePart=0x0) returned 0x34 [0239.860] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0239.860] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\jwrhu6pw-n_jthkhctzp.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0239.862] GetFileType (hFile=0x1f4) returned 0x1 [0239.862] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0239.862] GetFileType (hFile=0x1f4) returned 0x1 [0239.862] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4120*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4120*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0239.863] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4120*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4120*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0239.864] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4120*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4120*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0239.874] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4120*, nNumberOfBytesToWrite=0xf20, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26a4120*, lpNumberOfBytesWritten=0x14ec98*=0xf20, lpOverlapped=0x0) returned 1 [0239.874] CloseHandle (hObject=0x1f4) returned 1 [0239.876] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a", lpFilePart=0x0) returned 0x34 [0239.876] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a.ampkcz", lpFilePart=0x0) returned 0x3b [0239.876] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0239.876] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\jwrhu6pw-n_jthkhctzp.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4417cb90, ftCreationTime.dwHighDateTime=0x1d81a22, ftLastAccessTime.dwLowDateTime=0x23759ba0, ftLastAccessTime.dwHighDateTime=0x1d81ae6, ftLastWriteTime.dwLowDateTime=0x7d60db20, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x3f20)) returned 1 [0239.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0239.876] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\jwrhu6pw-n_jthkhctzp.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\JWRhu6PW-N_JtHKHctzp.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\jwrhu6pw-n_jthkhctzp.m4a.ampkcz")) returned 1 [0239.879] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a", lpFilePart=0x0) returned 0x32 [0239.879] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a", lpFilePart=0x0) returned 0x32 [0239.879] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a", dwFileAttributes=0x80) returned 1 [0239.879] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0239.879] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\lnpwhwei4hmwarh_gi.m4a"), fInfoLevelId=0x0, lpFileInformation=0x26a6070 | out: lpFileInformation=0x26a6070*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x68d2fea0, ftCreationTime.dwHighDateTime=0x1d82571, ftLastAccessTime.dwLowDateTime=0x58f760a0, ftLastAccessTime.dwHighDateTime=0x1d82578, ftLastWriteTime.dwLowDateTime=0x58f760a0, ftLastWriteTime.dwHighDateTime=0x1d82578, nFileSizeHigh=0x0, nFileSizeLow=0x15ff1)) returned 1 [0239.879] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0239.879] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a", lpFilePart=0x0) returned 0x32 [0239.879] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0239.879] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\lnpwhwei4hmwarh_gi.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0239.879] GetFileType (hFile=0x1f4) returned 0x1 [0239.880] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0239.880] GetFileType (hFile=0x1f4) returned 0x1 [0239.880] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x15ff1 [0239.880] ReadFile (in: hFile=0x1f4, lpBuffer=0x1275ab50, nNumberOfBytesToRead=0x15ff1, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x1275ab50*, lpNumberOfBytesRead=0x14edd8*=0x15ff1, lpOverlapped=0x0) returned 1 [0239.881] CloseHandle (hObject=0x1f4) returned 1 [0240.316] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a", lpFilePart=0x0) returned 0x32 [0240.317] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0240.317] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\lnpwhwei4hmwarh_gi.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0240.320] GetFileType (hFile=0x1f4) returned 0x1 [0240.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0240.320] GetFileType (hFile=0x1f4) returned 0x1 [0240.320] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.322] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.322] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.323] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.323] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.325] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.325] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.325] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.326] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.326] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.326] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.327] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.327] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.327] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.328] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.328] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.328] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.329] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.329] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.330] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.330] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.330] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.331] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.331] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.331] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.332] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.332] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.332] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.333] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0240.333] WriteFile (in: hFile=0x1f4, lpBuffer=0x271f968*, nNumberOfBytesToWrite=0x620, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x271f968*, lpNumberOfBytesWritten=0x14ec98*=0x620, lpOverlapped=0x0) returned 1 [0240.333] CloseHandle (hObject=0x1f4) returned 1 [0240.338] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a", lpFilePart=0x0) returned 0x32 [0240.338] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a.ampkcz", lpFilePart=0x0) returned 0x39 [0240.338] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0240.338] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\lnpwhwei4hmwarh_gi.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68d2fea0, ftCreationTime.dwHighDateTime=0x1d82571, ftLastAccessTime.dwLowDateTime=0x58f760a0, ftLastAccessTime.dwHighDateTime=0x1d82578, ftLastWriteTime.dwLowDateTime=0x7da75806, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d620)) returned 1 [0240.339] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0240.339] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\lnpwhwei4hmwarh_gi.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\lnpwHWei4hMwarh_Gi.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\lnpwhwei4hmwarh_gi.m4a.ampkcz")) returned 1 [0240.340] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0240.340] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music", lpFilePart=0x0) returned 0x1b [0240.340] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\", lpFilePart=0x0) returned 0x1c [0240.341] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x7da79f70, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7da79f70, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0240.341] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x7da79f70, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7da79f70, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0240.342] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x356e2ae0, ftCreationTime.dwHighDateTime=0x1d81c0b, ftLastAccessTime.dwLowDateTime=0xf0ddda10, ftLastAccessTime.dwHighDateTime=0x1d82060, ftLastWriteTime.dwLowDateTime=0xf0ddda10, ftLastWriteTime.dwHighDateTime=0x1d82060, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aOr_0l-_", cAlternateFileName="")) returned 1 [0240.342] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6951a3c0, ftCreationTime.dwHighDateTime=0x1d81b19, ftLastAccessTime.dwLowDateTime=0x68594d00, ftLastAccessTime.dwHighDateTime=0x1d8240c, ftLastWriteTime.dwLowDateTime=0x68594d00, ftLastWriteTime.dwHighDateTime=0x1d8240c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BBWVp2uUK", cAlternateFileName="BBWVP2~1")) returned 1 [0240.342] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85d91960, ftCreationTime.dwHighDateTime=0x1d81c18, ftLastAccessTime.dwLowDateTime=0x3eab2ca0, ftLastAccessTime.dwHighDateTime=0x1d82216, ftLastWriteTime.dwLowDateTime=0x3eab2ca0, ftLastWriteTime.dwHighDateTime=0x1d82216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="BJUEc", cAlternateFileName="")) returned 1 [0240.372] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43649a85, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43649a85, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x7cfa7366, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x374, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0240.372] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf9c62350, ftCreationTime.dwHighDateTime=0x1d81fa0, ftLastAccessTime.dwLowDateTime=0xa1b9020, ftLastAccessTime.dwHighDateTime=0x1d81fe5, ftLastWriteTime.dwLowDateTime=0x7d338611, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xf8f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ec AoPKIkYeK4zcxY.m4a.ampkcz", cAlternateFileName="ECAOPK~1.AMP")) returned 1 [0240.373] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc60b2a90, ftCreationTime.dwHighDateTime=0x1d82051, ftLastAccessTime.dwLowDateTime=0xfc2fff40, ftLastAccessTime.dwHighDateTime=0x1d82341, ftLastWriteTime.dwLowDateTime=0xfc2fff40, ftLastWriteTime.dwHighDateTime=0x1d82341, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FlG2xy", cAlternateFileName="")) returned 1 [0240.373] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4417cb90, ftCreationTime.dwHighDateTime=0x1d81a22, ftLastAccessTime.dwLowDateTime=0x23759ba0, ftLastAccessTime.dwHighDateTime=0x1d81ae6, ftLastWriteTime.dwLowDateTime=0x7d60db20, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x3f20, dwReserved0=0x0, dwReserved1=0x0, cFileName="JWRhu6PW-N_JtHKHctzp.m4a.ampkcz", cAlternateFileName="JWRHU6~1.AMP")) returned 1 [0240.373] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa1a830b0, ftCreationTime.dwHighDateTime=0x1d82779, ftLastAccessTime.dwLowDateTime=0x42552950, ftLastAccessTime.dwHighDateTime=0x1d827de, ftLastWriteTime.dwLowDateTime=0x42552950, ftLastWriteTime.dwHighDateTime=0x1d827de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="l8lZVBLxnO5OrJ wF", cAlternateFileName="L8LZVB~1")) returned 1 [0240.373] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x68d2fea0, ftCreationTime.dwHighDateTime=0x1d82571, ftLastAccessTime.dwLowDateTime=0x58f760a0, ftLastAccessTime.dwHighDateTime=0x1d82578, ftLastWriteTime.dwLowDateTime=0x7da75806, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d620, dwReserved0=0x0, dwReserved1=0x0, cFileName="lnpwHWei4hMwarh_Gi.m4a.ampkcz", cAlternateFileName="LNPWHW~1.AMP")) returned 1 [0240.374] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7cfab852, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x7cfab852, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7cfb19b6, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0240.374] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91817e40, ftCreationTime.dwHighDateTime=0x1d819fe, ftLastAccessTime.dwLowDateTime=0x4452abe0, ftLastAccessTime.dwHighDateTime=0x1d826be, ftLastWriteTime.dwLowDateTime=0x4452abe0, ftLastWriteTime.dwHighDateTime=0x1d826be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rOJu8omDa5zU4", cAlternateFileName="ROJU8O~1")) returned 1 [0240.374] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0240.374] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0240.374] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0240.374] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0240.374] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0240.374] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_", lpFilePart=0x0) returned 0x24 [0240.374] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\", lpFilePart=0x0) returned 0x25 [0240.375] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x356e2ae0, ftCreationTime.dwHighDateTime=0x1d81c0b, ftLastAccessTime.dwLowDateTime=0xf0ddda10, ftLastAccessTime.dwHighDateTime=0x1d82060, ftLastWriteTime.dwLowDateTime=0xf0ddda10, ftLastWriteTime.dwHighDateTime=0x1d82060, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0240.375] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x356e2ae0, ftCreationTime.dwHighDateTime=0x1d81c0b, ftLastAccessTime.dwLowDateTime=0xf0ddda10, ftLastAccessTime.dwHighDateTime=0x1d82060, ftLastWriteTime.dwLowDateTime=0xf0ddda10, ftLastWriteTime.dwHighDateTime=0x1d82060, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0240.376] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x506c1670, ftCreationTime.dwHighDateTime=0x1d82090, ftLastAccessTime.dwLowDateTime=0x5bdcb140, ftLastAccessTime.dwHighDateTime=0x1d829e1, ftLastWriteTime.dwLowDateTime=0x5bdcb140, ftLastWriteTime.dwHighDateTime=0x1d829e1, nFileSizeHigh=0x0, nFileSizeLow=0x7bfc, dwReserved0=0x0, dwReserved1=0x0, cFileName="2tOwtNlJ rxX6vXCj.m4a", cAlternateFileName="2TOWTN~1.M4A")) returned 1 [0240.376] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xff1ffe20, ftCreationTime.dwHighDateTime=0x1d826c1, ftLastAccessTime.dwLowDateTime=0x837dfc80, ftLastAccessTime.dwHighDateTime=0x1d82a28, ftLastWriteTime.dwLowDateTime=0x837dfc80, ftLastWriteTime.dwHighDateTime=0x1d82a28, nFileSizeHigh=0x0, nFileSizeLow=0x92b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="3lo_eiMEsy9m.m4a", cAlternateFileName="3LO_EI~1.M4A")) returned 1 [0240.376] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd31865c0, ftCreationTime.dwHighDateTime=0x1d81af9, ftLastAccessTime.dwLowDateTime=0x990e4520, ftLastAccessTime.dwHighDateTime=0x1d81d2e, ftLastWriteTime.dwLowDateTime=0x990e4520, ftLastWriteTime.dwHighDateTime=0x1d81d2e, nFileSizeHigh=0x0, nFileSizeLow=0x942f, dwReserved0=0x0, dwReserved1=0x0, cFileName="e-YWv7oeFaCFN6TS.m4a", cAlternateFileName="E-YWV7~1.M4A")) returned 1 [0240.376] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0ed4520, ftCreationTime.dwHighDateTime=0x1d81b92, ftLastAccessTime.dwLowDateTime=0x31d2340, ftLastAccessTime.dwHighDateTime=0x1d8258c, ftLastWriteTime.dwLowDateTime=0x31d2340, ftLastWriteTime.dwHighDateTime=0x1d8258c, nFileSizeHigh=0x0, nFileSizeLow=0x8134, dwReserved0=0x0, dwReserved1=0x0, cFileName="_d9yhw.mp3", cAlternateFileName="")) returned 1 [0240.376] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0240.376] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0240.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0240.376] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0240.378] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a", lpFilePart=0x0) returned 0x3a [0240.378] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a", lpFilePart=0x0) returned 0x3a [0240.378] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a", dwFileAttributes=0x80) returned 1 [0240.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0240.379] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\2towtnlj rxx6vxcj.m4a"), fInfoLevelId=0x0, lpFileInformation=0x2522fa8 | out: lpFileInformation=0x2522fa8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x506c1670, ftCreationTime.dwHighDateTime=0x1d82090, ftLastAccessTime.dwLowDateTime=0x5bdcb140, ftLastAccessTime.dwHighDateTime=0x1d829e1, ftLastWriteTime.dwLowDateTime=0x5bdcb140, ftLastWriteTime.dwHighDateTime=0x1d829e1, nFileSizeHigh=0x0, nFileSizeLow=0x7bfc)) returned 1 [0240.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0240.379] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a", lpFilePart=0x0) returned 0x3a [0240.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0240.379] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\2towtnlj rxx6vxcj.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0240.379] GetFileType (hFile=0x1f4) returned 0x1 [0240.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0240.379] GetFileType (hFile=0x1f4) returned 0x1 [0240.379] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x7bfc [0240.379] ReadFile (in: hFile=0x1f4, lpBuffer=0x2523478, nNumberOfBytesToRead=0x7bfc, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2523478*, lpNumberOfBytesRead=0x14ed68*=0x7bfc, lpOverlapped=0x0) returned 1 [0240.381] CloseHandle (hObject=0x1f4) returned 1 [0240.738] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a", lpFilePart=0x0) returned 0x3a [0240.738] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0240.738] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\2towtnlj rxx6vxcj.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0240.739] GetFileType (hFile=0x1f4) returned 0x1 [0240.739] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0240.739] GetFileType (hFile=0x1f4) returned 0x1 [0240.740] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfbe0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dfbe0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0240.741] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfbe0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dfbe0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0240.741] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfbe0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dfbe0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0240.742] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfbe0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dfbe0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0240.742] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfbe0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dfbe0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0240.742] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfbe0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dfbe0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0240.743] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfbe0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dfbe0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0240.743] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfbe0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dfbe0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0240.743] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfbe0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dfbe0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0240.744] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfbe0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dfbe0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0240.744] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfbe0*, nNumberOfBytesToWrite=0x620, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25dfbe0*, lpNumberOfBytesWritten=0x14ec28*=0x620, lpOverlapped=0x0) returned 1 [0240.744] CloseHandle (hObject=0x1f4) returned 1 [0240.746] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a", lpFilePart=0x0) returned 0x3a [0240.746] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a.ampkcz", lpFilePart=0x0) returned 0x41 [0240.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0240.746] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\2towtnlj rxx6vxcj.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x506c1670, ftCreationTime.dwHighDateTime=0x1d82090, ftLastAccessTime.dwLowDateTime=0x5bdcb140, ftLastAccessTime.dwHighDateTime=0x1d829e1, ftLastWriteTime.dwLowDateTime=0x7de5a30d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xa620)) returned 1 [0240.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0240.747] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\2towtnlj rxx6vxcj.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\2tOwtNlJ rxX6vXCj.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\2towtnlj rxx6vxcj.m4a.ampkcz")) returned 1 [0240.748] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\readme.txt", lpFilePart=0x0) returned 0x2f [0240.748] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0240.748] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0240.748] GetFileType (hFile=0x1f4) returned 0x1 [0240.748] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0240.748] GetFileType (hFile=0x1f4) returned 0x1 [0240.749] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e2e28*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x25e2e28*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0240.751] CloseHandle (hObject=0x1f4) returned 1 [0240.753] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a", lpFilePart=0x0) returned 0x35 [0240.753] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a", lpFilePart=0x0) returned 0x35 [0240.753] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a", dwFileAttributes=0x80) returned 1 [0240.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0240.754] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\3lo_eimesy9m.m4a"), fInfoLevelId=0x0, lpFileInformation=0x25e5330 | out: lpFileInformation=0x25e5330*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xff1ffe20, ftCreationTime.dwHighDateTime=0x1d826c1, ftLastAccessTime.dwLowDateTime=0x837dfc80, ftLastAccessTime.dwHighDateTime=0x1d82a28, ftLastWriteTime.dwLowDateTime=0x837dfc80, ftLastWriteTime.dwHighDateTime=0x1d82a28, nFileSizeHigh=0x0, nFileSizeLow=0x92b8)) returned 1 [0240.754] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0240.754] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a", lpFilePart=0x0) returned 0x35 [0240.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0240.754] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\3lo_eimesy9m.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0240.754] GetFileType (hFile=0x1f4) returned 0x1 [0240.754] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0240.754] GetFileType (hFile=0x1f4) returned 0x1 [0240.754] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x92b8 [0240.754] ReadFile (in: hFile=0x1f4, lpBuffer=0x25e57d8, nNumberOfBytesToRead=0x92b8, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25e57d8*, lpNumberOfBytesRead=0x14ed68*=0x92b8, lpOverlapped=0x0) returned 1 [0240.756] CloseHandle (hObject=0x1f4) returned 1 [0241.144] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a", lpFilePart=0x0) returned 0x35 [0241.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0241.145] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\3lo_eimesy9m.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0241.147] GetFileType (hFile=0x1f4) returned 0x1 [0241.147] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0241.147] GetFileType (hFile=0x1f4) returned 0x1 [0241.147] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695cd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.149] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695cd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.149] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695cd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.149] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695cd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.150] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695cd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.150] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695cd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.150] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695cd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.151] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695cd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.151] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695cd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.151] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695cd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.152] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695cd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.152] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695cd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2695cd8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.152] WriteFile (in: hFile=0x1f4, lpBuffer=0x2695cd8*, nNumberOfBytesToWrite=0x474, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2695cd8*, lpNumberOfBytesWritten=0x14ec28*=0x474, lpOverlapped=0x0) returned 1 [0241.152] CloseHandle (hObject=0x1f4) returned 1 [0241.155] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a", lpFilePart=0x0) returned 0x35 [0241.155] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a.ampkcz", lpFilePart=0x0) returned 0x3c [0241.155] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0241.155] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\3lo_eimesy9m.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xff1ffe20, ftCreationTime.dwHighDateTime=0x1d826c1, ftLastAccessTime.dwLowDateTime=0x837dfc80, ftLastAccessTime.dwHighDateTime=0x1d82a28, ftLastWriteTime.dwLowDateTime=0x7e23fe6a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc474)) returned 1 [0241.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0241.155] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\3lo_eimesy9m.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\3lo_eiMEsy9m.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\3lo_eimesy9m.m4a.ampkcz")) returned 1 [0241.158] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a", lpFilePart=0x0) returned 0x39 [0241.158] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a", lpFilePart=0x0) returned 0x39 [0241.158] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a", dwFileAttributes=0x80) returned 1 [0241.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0241.159] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\e-ywv7oefacfn6ts.m4a"), fInfoLevelId=0x0, lpFileInformation=0x2697c38 | out: lpFileInformation=0x2697c38*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd31865c0, ftCreationTime.dwHighDateTime=0x1d81af9, ftLastAccessTime.dwLowDateTime=0x990e4520, ftLastAccessTime.dwHighDateTime=0x1d81d2e, ftLastWriteTime.dwLowDateTime=0x990e4520, ftLastWriteTime.dwHighDateTime=0x1d81d2e, nFileSizeHigh=0x0, nFileSizeLow=0x942f)) returned 1 [0241.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0241.159] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a", lpFilePart=0x0) returned 0x39 [0241.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0241.159] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\e-ywv7oefacfn6ts.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0241.159] GetFileType (hFile=0x1f4) returned 0x1 [0241.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0241.159] GetFileType (hFile=0x1f4) returned 0x1 [0241.159] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x942f [0241.159] ReadFile (in: hFile=0x1f4, lpBuffer=0x2698108, nNumberOfBytesToRead=0x942f, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2698108*, lpNumberOfBytesRead=0x14ed68*=0x942f, lpOverlapped=0x0) returned 1 [0241.160] CloseHandle (hObject=0x1f4) returned 1 [0241.537] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a", lpFilePart=0x0) returned 0x39 [0241.537] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0241.537] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\e-ywv7oefacfn6ts.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0241.539] GetFileType (hFile=0x1f4) returned 0x1 [0241.539] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0241.539] GetFileType (hFile=0x1f4) returned 0x1 [0241.539] WriteFile (in: hFile=0x1f4, lpBuffer=0x255ba98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x255ba98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.540] WriteFile (in: hFile=0x1f4, lpBuffer=0x255ba98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x255ba98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.541] WriteFile (in: hFile=0x1f4, lpBuffer=0x255ba98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x255ba98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.541] WriteFile (in: hFile=0x1f4, lpBuffer=0x255ba98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x255ba98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.541] WriteFile (in: hFile=0x1f4, lpBuffer=0x255ba98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x255ba98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.542] WriteFile (in: hFile=0x1f4, lpBuffer=0x255ba98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x255ba98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.542] WriteFile (in: hFile=0x1f4, lpBuffer=0x255ba98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x255ba98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.542] WriteFile (in: hFile=0x1f4, lpBuffer=0x255ba98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x255ba98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.543] WriteFile (in: hFile=0x1f4, lpBuffer=0x255ba98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x255ba98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.543] WriteFile (in: hFile=0x1f4, lpBuffer=0x255ba98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x255ba98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.543] WriteFile (in: hFile=0x1f4, lpBuffer=0x255ba98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x255ba98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.544] WriteFile (in: hFile=0x1f4, lpBuffer=0x255ba98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x255ba98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.544] WriteFile (in: hFile=0x1f4, lpBuffer=0x255ba98*, nNumberOfBytesToWrite=0x660, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x255ba98*, lpNumberOfBytesWritten=0x14ec28*=0x660, lpOverlapped=0x0) returned 1 [0241.544] CloseHandle (hObject=0x1f4) returned 1 [0241.547] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a", lpFilePart=0x0) returned 0x39 [0241.547] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a.ampkcz", lpFilePart=0x0) returned 0x40 [0241.547] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0241.547] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\e-ywv7oefacfn6ts.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd31865c0, ftCreationTime.dwHighDateTime=0x1d81af9, ftLastAccessTime.dwLowDateTime=0x990e4520, ftLastAccessTime.dwHighDateTime=0x1d81d2e, ftLastWriteTime.dwLowDateTime=0x7e5fc83f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc660)) returned 1 [0241.547] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0241.547] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\e-ywv7oefacfn6ts.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\e-YWv7oeFaCFN6TS.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\e-ywv7oefacfn6ts.m4a.ampkcz")) returned 1 [0241.549] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3", lpFilePart=0x0) returned 0x2f [0241.549] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3", lpFilePart=0x0) returned 0x2f [0241.549] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3", dwFileAttributes=0x80) returned 1 [0241.549] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0241.549] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\_d9yhw.mp3"), fInfoLevelId=0x0, lpFileInformation=0x255d2c8 | out: lpFileInformation=0x255d2c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc0ed4520, ftCreationTime.dwHighDateTime=0x1d81b92, ftLastAccessTime.dwLowDateTime=0x31d2340, ftLastAccessTime.dwHighDateTime=0x1d8258c, ftLastWriteTime.dwLowDateTime=0x31d2340, ftLastWriteTime.dwHighDateTime=0x1d8258c, nFileSizeHigh=0x0, nFileSizeLow=0x8134)) returned 1 [0241.549] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0241.549] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3", lpFilePart=0x0) returned 0x2f [0241.549] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0241.549] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\_d9yhw.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0241.550] GetFileType (hFile=0x1f4) returned 0x1 [0241.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0241.550] GetFileType (hFile=0x1f4) returned 0x1 [0241.550] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x8134 [0241.550] ReadFile (in: hFile=0x1f4, lpBuffer=0x255d720, nNumberOfBytesToRead=0x8134, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x255d720*, lpNumberOfBytesRead=0x14ed68*=0x8134, lpOverlapped=0x0) returned 1 [0241.551] CloseHandle (hObject=0x1f4) returned 1 [0241.892] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3", lpFilePart=0x0) returned 0x2f [0241.892] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0241.892] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\_d9yhw.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0241.894] GetFileType (hFile=0x1f4) returned 0x1 [0241.894] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0241.894] GetFileType (hFile=0x1f4) returned 0x1 [0241.894] WriteFile (in: hFile=0x1f4, lpBuffer=0x2607308*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2607308*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.895] WriteFile (in: hFile=0x1f4, lpBuffer=0x2607308*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2607308*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.896] WriteFile (in: hFile=0x1f4, lpBuffer=0x2607308*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2607308*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.896] WriteFile (in: hFile=0x1f4, lpBuffer=0x2607308*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2607308*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.897] WriteFile (in: hFile=0x1f4, lpBuffer=0x2607308*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2607308*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.897] WriteFile (in: hFile=0x1f4, lpBuffer=0x2607308*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2607308*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.897] WriteFile (in: hFile=0x1f4, lpBuffer=0x2607308*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2607308*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.898] WriteFile (in: hFile=0x1f4, lpBuffer=0x2607308*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2607308*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.898] WriteFile (in: hFile=0x1f4, lpBuffer=0x2607308*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2607308*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.898] WriteFile (in: hFile=0x1f4, lpBuffer=0x2607308*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2607308*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0241.899] WriteFile (in: hFile=0x1f4, lpBuffer=0x2607308*, nNumberOfBytesToWrite=0xd20, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2607308*, lpNumberOfBytesWritten=0x14ec28*=0xd20, lpOverlapped=0x0) returned 1 [0241.899] CloseHandle (hObject=0x1f4) returned 1 [0241.901] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3", lpFilePart=0x0) returned 0x2f [0241.901] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3.ampkcz", lpFilePart=0x0) returned 0x36 [0241.901] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0241.901] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\_d9yhw.mp3"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0ed4520, ftCreationTime.dwHighDateTime=0x1d81b92, ftLastAccessTime.dwLowDateTime=0x31d2340, ftLastAccessTime.dwHighDateTime=0x1d8258c, ftLastWriteTime.dwLowDateTime=0x7e95cac0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xad20)) returned 1 [0241.901] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0241.901] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\_d9yhw.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\_d9yhw.mp3.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\aor_0l-_\\_d9yhw.mp3.ampkcz")) returned 1 [0241.902] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0241.902] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_", lpFilePart=0x0) returned 0x24 [0241.902] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\", lpFilePart=0x0) returned 0x25 [0241.902] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\aOr_0l-_\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x356e2ae0, ftCreationTime.dwHighDateTime=0x1d81c0b, ftLastAccessTime.dwLowDateTime=0x7e95cac0, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7e95cac0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687cd0 [0241.902] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x356e2ae0, ftCreationTime.dwHighDateTime=0x1d81c0b, ftLastAccessTime.dwLowDateTime=0x7e95cac0, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7e95cac0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0241.902] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x506c1670, ftCreationTime.dwHighDateTime=0x1d82090, ftLastAccessTime.dwLowDateTime=0x5bdcb140, ftLastAccessTime.dwHighDateTime=0x1d829e1, ftLastWriteTime.dwLowDateTime=0x7de5a30d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xa620, dwReserved0=0x0, dwReserved1=0x0, cFileName="2tOwtNlJ rxX6vXCj.m4a.ampkcz", cAlternateFileName="2TOWTN~1.AMP")) returned 1 [0241.903] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xff1ffe20, ftCreationTime.dwHighDateTime=0x1d826c1, ftLastAccessTime.dwLowDateTime=0x837dfc80, ftLastAccessTime.dwHighDateTime=0x1d82a28, ftLastWriteTime.dwLowDateTime=0x7e23fe6a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc474, dwReserved0=0x0, dwReserved1=0x0, cFileName="3lo_eiMEsy9m.m4a.ampkcz", cAlternateFileName="3LO_EI~1.AMP")) returned 1 [0241.903] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd31865c0, ftCreationTime.dwHighDateTime=0x1d81af9, ftLastAccessTime.dwLowDateTime=0x990e4520, ftLastAccessTime.dwHighDateTime=0x1d81d2e, ftLastWriteTime.dwLowDateTime=0x7e5fc83f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc660, dwReserved0=0x0, dwReserved1=0x0, cFileName="e-YWv7oeFaCFN6TS.m4a.ampkcz", cAlternateFileName="E-YWV7~1.AMP")) returned 1 [0241.903] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7de5dc66, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x7de5dc66, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7de664a5, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0241.903] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0ed4520, ftCreationTime.dwHighDateTime=0x1d81b92, ftLastAccessTime.dwLowDateTime=0x31d2340, ftLastAccessTime.dwHighDateTime=0x1d8258c, ftLastWriteTime.dwLowDateTime=0x7e95cac0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xad20, dwReserved0=0x0, dwReserved1=0x0, cFileName="_d9yhw.mp3.ampkcz", cAlternateFileName="_D9YHW~1.AMP")) returned 1 [0241.903] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0ed4520, ftCreationTime.dwHighDateTime=0x1d81b92, ftLastAccessTime.dwLowDateTime=0x31d2340, ftLastAccessTime.dwHighDateTime=0x1d8258c, ftLastWriteTime.dwLowDateTime=0x7e95cac0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xad20, dwReserved0=0x0, dwReserved1=0x0, cFileName="_d9yhw.mp3.ampkcz", cAlternateFileName="_D9YHW~1.AMP")) returned 0 [0241.903] FindClose (in: hFindFile=0x687cd0 | out: hFindFile=0x687cd0) returned 1 [0241.903] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0241.904] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0241.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0241.904] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK", lpFilePart=0x0) returned 0x25 [0241.904] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\", lpFilePart=0x0) returned 0x26 [0241.904] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6951a3c0, ftCreationTime.dwHighDateTime=0x1d81b19, ftLastAccessTime.dwLowDateTime=0x68594d00, ftLastAccessTime.dwHighDateTime=0x1d8240c, ftLastWriteTime.dwLowDateTime=0x68594d00, ftLastWriteTime.dwHighDateTime=0x1d8240c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0241.904] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6951a3c0, ftCreationTime.dwHighDateTime=0x1d81b19, ftLastAccessTime.dwLowDateTime=0x68594d00, ftLastAccessTime.dwHighDateTime=0x1d8240c, ftLastWriteTime.dwLowDateTime=0x68594d00, ftLastWriteTime.dwHighDateTime=0x1d8240c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0241.904] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x226b570, ftCreationTime.dwHighDateTime=0x1d82404, ftLastAccessTime.dwLowDateTime=0x7c571e60, ftLastAccessTime.dwHighDateTime=0x1d829a0, ftLastWriteTime.dwLowDateTime=0x7c571e60, ftLastWriteTime.dwHighDateTime=0x1d829a0, nFileSizeHigh=0x0, nFileSizeLow=0xd0f7, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHnB6iEo1.m4a", cAlternateFileName="CHNB6I~1.M4A")) returned 1 [0241.904] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafc59d60, ftCreationTime.dwHighDateTime=0x1d82745, ftLastAccessTime.dwLowDateTime=0x16670970, ftLastAccessTime.dwHighDateTime=0x1d82a19, ftLastWriteTime.dwLowDateTime=0x16670970, ftLastWriteTime.dwHighDateTime=0x1d82a19, nFileSizeHigh=0x0, nFileSizeLow=0x906f, dwReserved0=0x0, dwReserved1=0x0, cFileName="iIVBnFzvVIz43hp.mp3", cAlternateFileName="IIVBNF~1.MP3")) returned 1 [0241.905] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129313d0, ftCreationTime.dwHighDateTime=0x1d82162, ftLastAccessTime.dwLowDateTime=0xf76ae870, ftLastAccessTime.dwHighDateTime=0x1d82a18, ftLastWriteTime.dwLowDateTime=0xf76ae870, ftLastWriteTime.dwHighDateTime=0x1d82a18, nFileSizeHigh=0x0, nFileSizeLow=0x4c5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="vb5pO7do4QxX.mp3", cAlternateFileName="VB5PO7~1.MP3")) returned 1 [0241.905] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0241.905] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0241.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0241.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0241.906] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a", lpFilePart=0x0) returned 0x33 [0241.906] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a", lpFilePart=0x0) returned 0x33 [0241.907] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a", dwFileAttributes=0x80) returned 1 [0241.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0241.907] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\chnb6ieo1.m4a"), fInfoLevelId=0x0, lpFileInformation=0x260b510 | out: lpFileInformation=0x260b510*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x226b570, ftCreationTime.dwHighDateTime=0x1d82404, ftLastAccessTime.dwLowDateTime=0x7c571e60, ftLastAccessTime.dwHighDateTime=0x1d829a0, ftLastWriteTime.dwLowDateTime=0x7c571e60, ftLastWriteTime.dwHighDateTime=0x1d829a0, nFileSizeHigh=0x0, nFileSizeLow=0xd0f7)) returned 1 [0241.907] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0241.907] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a", lpFilePart=0x0) returned 0x33 [0241.907] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0241.907] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\chnb6ieo1.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0241.908] GetFileType (hFile=0x1f4) returned 0x1 [0241.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0241.908] GetFileType (hFile=0x1f4) returned 0x1 [0241.908] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xd0f7 [0241.908] ReadFile (in: hFile=0x1f4, lpBuffer=0x260b990, nNumberOfBytesToRead=0xd0f7, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x260b990*, lpNumberOfBytesRead=0x14ed68*=0xd0f7, lpOverlapped=0x0) returned 1 [0241.909] CloseHandle (hObject=0x1f4) returned 1 [0242.260] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a", lpFilePart=0x0) returned 0x33 [0242.260] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0242.260] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\chnb6ieo1.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0242.262] GetFileType (hFile=0x1f4) returned 0x1 [0242.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0242.262] GetFileType (hFile=0x1f4) returned 0x1 [0242.262] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b9210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26b9210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.263] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b9210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26b9210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.263] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b9210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26b9210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.264] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b9210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26b9210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.264] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b9210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26b9210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.264] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b9210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26b9210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.265] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b9210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26b9210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.265] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b9210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26b9210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.266] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b9210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26b9210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.266] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b9210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26b9210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.268] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b9210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26b9210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.268] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b9210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26b9210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.269] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b9210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26b9210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.269] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b9210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26b9210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.269] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b9210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26b9210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.270] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b9210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26b9210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.270] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b9210*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26b9210*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.270] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b9210*, nNumberOfBytesToWrite=0x774, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26b9210*, lpNumberOfBytesWritten=0x14ec28*=0x774, lpOverlapped=0x0) returned 1 [0242.271] CloseHandle (hObject=0x1f4) returned 1 [0242.273] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a", lpFilePart=0x0) returned 0x33 [0242.273] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a.ampkcz", lpFilePart=0x0) returned 0x3a [0242.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0242.274] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\chnb6ieo1.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x226b570, ftCreationTime.dwHighDateTime=0x1d82404, ftLastAccessTime.dwLowDateTime=0x7c571e60, ftLastAccessTime.dwHighDateTime=0x1d829a0, ftLastWriteTime.dwLowDateTime=0x7ecea473, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x11774)) returned 1 [0242.274] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0242.274] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\chnb6ieo1.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\CHnB6iEo1.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\chnb6ieo1.m4a.ampkcz")) returned 1 [0242.275] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\readme.txt", lpFilePart=0x0) returned 0x30 [0242.275] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0242.275] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0242.275] GetFileType (hFile=0x1f4) returned 0x1 [0242.275] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0242.275] GetFileType (hFile=0x1f4) returned 0x1 [0242.276] WriteFile (in: hFile=0x1f4, lpBuffer=0x26bc438*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x26bc438*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0242.277] CloseHandle (hObject=0x1f4) returned 1 [0242.278] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3", lpFilePart=0x0) returned 0x39 [0242.278] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3", lpFilePart=0x0) returned 0x39 [0242.278] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3", dwFileAttributes=0x80) returned 1 [0242.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0242.280] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\iivbnfzvviz43hp.mp3"), fInfoLevelId=0x0, lpFileInformation=0x26be210 | out: lpFileInformation=0x26be210*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xafc59d60, ftCreationTime.dwHighDateTime=0x1d82745, ftLastAccessTime.dwLowDateTime=0x16670970, ftLastAccessTime.dwHighDateTime=0x1d82a19, ftLastWriteTime.dwLowDateTime=0x16670970, ftLastWriteTime.dwHighDateTime=0x1d82a19, nFileSizeHigh=0x0, nFileSizeLow=0x906f)) returned 1 [0242.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0242.280] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3", lpFilePart=0x0) returned 0x39 [0242.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0242.280] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\iivbnfzvviz43hp.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0242.280] GetFileType (hFile=0x1f4) returned 0x1 [0242.280] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0242.280] GetFileType (hFile=0x1f4) returned 0x1 [0242.281] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x906f [0242.281] ReadFile (in: hFile=0x1f4, lpBuffer=0x26be6d0, nNumberOfBytesToRead=0x906f, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x26be6d0*, lpNumberOfBytesRead=0x14ed68*=0x906f, lpOverlapped=0x0) returned 1 [0242.282] CloseHandle (hObject=0x1f4) returned 1 [0242.734] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3", lpFilePart=0x0) returned 0x39 [0242.734] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0242.734] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\iivbnfzvviz43hp.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0242.735] GetFileType (hFile=0x1f4) returned 0x1 [0242.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0242.735] GetFileType (hFile=0x1f4) returned 0x1 [0242.736] WriteFile (in: hFile=0x1f4, lpBuffer=0x2589f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2589f08*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.737] WriteFile (in: hFile=0x1f4, lpBuffer=0x2589f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2589f08*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.737] WriteFile (in: hFile=0x1f4, lpBuffer=0x2589f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2589f08*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.738] WriteFile (in: hFile=0x1f4, lpBuffer=0x2589f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2589f08*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.739] WriteFile (in: hFile=0x1f4, lpBuffer=0x2589f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2589f08*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.739] WriteFile (in: hFile=0x1f4, lpBuffer=0x2589f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2589f08*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.740] WriteFile (in: hFile=0x1f4, lpBuffer=0x2589f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2589f08*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.740] WriteFile (in: hFile=0x1f4, lpBuffer=0x2589f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2589f08*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.741] WriteFile (in: hFile=0x1f4, lpBuffer=0x2589f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2589f08*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.741] WriteFile (in: hFile=0x1f4, lpBuffer=0x2589f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2589f08*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.741] WriteFile (in: hFile=0x1f4, lpBuffer=0x2589f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2589f08*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0242.742] WriteFile (in: hFile=0x1f4, lpBuffer=0x2589f08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x2589f08*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0242.742] WriteFile (in: hFile=0x1f4, lpBuffer=0x2589f08*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2589f08*, lpNumberOfBytesWritten=0x14ec28*=0x160, lpOverlapped=0x0) returned 1 [0242.742] CloseHandle (hObject=0x1f4) returned 1 [0242.744] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3", lpFilePart=0x0) returned 0x39 [0242.744] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3.ampkcz", lpFilePart=0x0) returned 0x40 [0242.744] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0242.744] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\iivbnfzvviz43hp.mp3"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafc59d60, ftCreationTime.dwHighDateTime=0x1d82745, ftLastAccessTime.dwLowDateTime=0x16670970, ftLastAccessTime.dwHighDateTime=0x1d82a19, ftLastWriteTime.dwLowDateTime=0x7f1686d4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc160)) returned 1 [0242.745] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0242.745] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\iivbnfzvviz43hp.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\iIVBnFzvVIz43hp.mp3.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\iivbnfzvviz43hp.mp3.ampkcz")) returned 1 [0242.748] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3", lpFilePart=0x0) returned 0x36 [0242.748] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3", lpFilePart=0x0) returned 0x36 [0242.748] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3", dwFileAttributes=0x80) returned 1 [0242.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0242.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\vb5po7do4qxx.mp3"), fInfoLevelId=0x0, lpFileInformation=0x258b748 | out: lpFileInformation=0x258b748*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x129313d0, ftCreationTime.dwHighDateTime=0x1d82162, ftLastAccessTime.dwLowDateTime=0xf76ae870, ftLastAccessTime.dwHighDateTime=0x1d82a18, ftLastWriteTime.dwLowDateTime=0xf76ae870, ftLastWriteTime.dwHighDateTime=0x1d82a18, nFileSizeHigh=0x0, nFileSizeLow=0x4c5b)) returned 1 [0242.749] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0242.749] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3", lpFilePart=0x0) returned 0x36 [0242.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0242.749] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\vb5po7do4qxx.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0242.750] GetFileType (hFile=0x1f4) returned 0x1 [0242.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0242.750] GetFileType (hFile=0x1f4) returned 0x1 [0242.750] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x4c5b [0242.750] ReadFile (in: hFile=0x1f4, lpBuffer=0x258bbf0, nNumberOfBytesToRead=0x4c5b, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x258bbf0*, lpNumberOfBytesRead=0x14ed68*=0x4c5b, lpOverlapped=0x0) returned 1 [0242.751] CloseHandle (hObject=0x1f4) returned 1 [0243.106] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3", lpFilePart=0x0) returned 0x36 [0243.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0243.106] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\vb5po7do4qxx.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0243.107] GetFileType (hFile=0x1f4) returned 0x1 [0243.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0243.107] GetFileType (hFile=0x1f4) returned 0x1 [0243.107] WriteFile (in: hFile=0x1f4, lpBuffer=0x263b3e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x263b3e8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0243.109] WriteFile (in: hFile=0x1f4, lpBuffer=0x263b3e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x263b3e8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0243.109] WriteFile (in: hFile=0x1f4, lpBuffer=0x263b3e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x263b3e8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0243.109] WriteFile (in: hFile=0x1f4, lpBuffer=0x263b3e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x263b3e8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0243.110] WriteFile (in: hFile=0x1f4, lpBuffer=0x263b3e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x263b3e8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0243.110] WriteFile (in: hFile=0x1f4, lpBuffer=0x263b3e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x263b3e8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0243.110] WriteFile (in: hFile=0x1f4, lpBuffer=0x263b3e8*, nNumberOfBytesToWrite=0x6a0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x263b3e8*, lpNumberOfBytesWritten=0x14ec28*=0x6a0, lpOverlapped=0x0) returned 1 [0243.111] CloseHandle (hObject=0x1f4) returned 1 [0243.113] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3", lpFilePart=0x0) returned 0x36 [0243.113] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3.ampkcz", lpFilePart=0x0) returned 0x3d [0243.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0243.113] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\vb5po7do4qxx.mp3"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129313d0, ftCreationTime.dwHighDateTime=0x1d82162, ftLastAccessTime.dwLowDateTime=0xf76ae870, ftLastAccessTime.dwHighDateTime=0x1d82a18, ftLastWriteTime.dwLowDateTime=0x7f4eb5b6, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x66a0)) returned 1 [0243.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0243.113] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\vb5po7do4qxx.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\vb5pO7do4QxX.mp3.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bbwvp2uuk\\vb5po7do4qxx.mp3.ampkcz")) returned 1 [0243.114] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0243.114] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK", lpFilePart=0x0) returned 0x25 [0243.114] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\", lpFilePart=0x0) returned 0x26 [0243.114] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BBWVp2uUK\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6951a3c0, ftCreationTime.dwHighDateTime=0x1d81b19, ftLastAccessTime.dwLowDateTime=0x7f4ed5a3, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7f4ed5a3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0243.114] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6951a3c0, ftCreationTime.dwHighDateTime=0x1d81b19, ftLastAccessTime.dwLowDateTime=0x7f4ed5a3, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7f4ed5a3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0243.115] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x226b570, ftCreationTime.dwHighDateTime=0x1d82404, ftLastAccessTime.dwLowDateTime=0x7c571e60, ftLastAccessTime.dwHighDateTime=0x1d829a0, ftLastWriteTime.dwLowDateTime=0x7ecea473, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x11774, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHnB6iEo1.m4a.ampkcz", cAlternateFileName="CHNB6I~1.AMP")) returned 1 [0243.115] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xafc59d60, ftCreationTime.dwHighDateTime=0x1d82745, ftLastAccessTime.dwLowDateTime=0x16670970, ftLastAccessTime.dwHighDateTime=0x1d82a19, ftLastWriteTime.dwLowDateTime=0x7f1686d4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc160, dwReserved0=0x0, dwReserved1=0x0, cFileName="iIVBnFzvVIz43hp.mp3.ampkcz", cAlternateFileName="IIVBNF~1.AMP")) returned 1 [0243.115] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ecee72b, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x7ecee72b, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7ecf495f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0243.115] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129313d0, ftCreationTime.dwHighDateTime=0x1d82162, ftLastAccessTime.dwLowDateTime=0xf76ae870, ftLastAccessTime.dwHighDateTime=0x1d82a18, ftLastWriteTime.dwLowDateTime=0x7f4eb5b6, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x66a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vb5pO7do4QxX.mp3.ampkcz", cAlternateFileName="VB5PO7~1.AMP")) returned 1 [0243.115] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129313d0, ftCreationTime.dwHighDateTime=0x1d82162, ftLastAccessTime.dwLowDateTime=0xf76ae870, ftLastAccessTime.dwHighDateTime=0x1d82a18, ftLastWriteTime.dwLowDateTime=0x7f4eb5b6, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x66a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vb5pO7do4QxX.mp3.ampkcz", cAlternateFileName="VB5PO7~1.AMP")) returned 0 [0243.115] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0243.116] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0243.116] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0243.116] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0243.116] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc", lpFilePart=0x0) returned 0x21 [0243.116] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\", lpFilePart=0x0) returned 0x22 [0243.116] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85d91960, ftCreationTime.dwHighDateTime=0x1d81c18, ftLastAccessTime.dwLowDateTime=0x3eab2ca0, ftLastAccessTime.dwHighDateTime=0x1d82216, ftLastWriteTime.dwLowDateTime=0x3eab2ca0, ftLastWriteTime.dwHighDateTime=0x1d82216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0243.116] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85d91960, ftCreationTime.dwHighDateTime=0x1d81c18, ftLastAccessTime.dwLowDateTime=0x3eab2ca0, ftLastAccessTime.dwHighDateTime=0x1d82216, ftLastWriteTime.dwLowDateTime=0x3eab2ca0, ftLastWriteTime.dwHighDateTime=0x1d82216, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0243.116] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e1b28e0, ftCreationTime.dwHighDateTime=0x1d81c6f, ftLastAccessTime.dwLowDateTime=0xe1c74f50, ftLastAccessTime.dwHighDateTime=0x1d81fef, ftLastWriteTime.dwLowDateTime=0xe1c74f50, ftLastWriteTime.dwHighDateTime=0x1d81fef, nFileSizeHigh=0x0, nFileSizeLow=0x283f, dwReserved0=0x0, dwReserved1=0x0, cFileName="8e3M.mp3", cAlternateFileName="")) returned 1 [0243.117] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd8681c0, ftCreationTime.dwHighDateTime=0x1d81e9e, ftLastAccessTime.dwLowDateTime=0x92e22e10, ftLastAccessTime.dwHighDateTime=0x1d82372, ftLastWriteTime.dwLowDateTime=0x92e22e10, ftLastWriteTime.dwHighDateTime=0x1d82372, nFileSizeHigh=0x0, nFileSizeLow=0xffb1, dwReserved0=0x0, dwReserved1=0x0, cFileName="8IZQxtBJ3k.m4a", cAlternateFileName="8IZQXT~1.M4A")) returned 1 [0243.117] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32fdc370, ftCreationTime.dwHighDateTime=0x1d8297a, ftLastAccessTime.dwLowDateTime=0xedfd22c0, ftLastAccessTime.dwHighDateTime=0x1d829ec, ftLastWriteTime.dwLowDateTime=0xedfd22c0, ftLastWriteTime.dwHighDateTime=0x1d829ec, nFileSizeHigh=0x0, nFileSizeLow=0x18556, dwReserved0=0x0, dwReserved1=0x0, cFileName="hlrmoAhV8pAxxl5gG.wav", cAlternateFileName="HLRMOA~1.WAV")) returned 1 [0243.117] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc30c9010, ftCreationTime.dwHighDateTime=0x1d82400, ftLastAccessTime.dwLowDateTime=0x3c81a1c0, ftLastAccessTime.dwHighDateTime=0x1d827fc, ftLastWriteTime.dwLowDateTime=0x3c81a1c0, ftLastWriteTime.dwHighDateTime=0x1d827fc, nFileSizeHigh=0x0, nFileSizeLow=0xd633, dwReserved0=0x0, dwReserved1=0x0, cFileName="M7sz9.m4a", cAlternateFileName="")) returned 1 [0243.117] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x44e76ee0, ftCreationTime.dwHighDateTime=0x1d81c57, ftLastAccessTime.dwLowDateTime=0x92daf320, ftLastAccessTime.dwHighDateTime=0x1d82417, ftLastWriteTime.dwLowDateTime=0x92daf320, ftLastWriteTime.dwHighDateTime=0x1d82417, nFileSizeHigh=0x0, nFileSizeLow=0x8634, dwReserved0=0x0, dwReserved1=0x0, cFileName="nwB2YwgFIOb.wav", cAlternateFileName="NWB2YW~1.WAV")) returned 1 [0243.117] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b894430, ftCreationTime.dwHighDateTime=0x1d819e1, ftLastAccessTime.dwLowDateTime=0x40585bb0, ftLastAccessTime.dwHighDateTime=0x1d826dd, ftLastWriteTime.dwLowDateTime=0x40585bb0, ftLastWriteTime.dwHighDateTime=0x1d826dd, nFileSizeHigh=0x0, nFileSizeLow=0x704c, dwReserved0=0x0, dwReserved1=0x0, cFileName="uQneN8cbfg.wav", cAlternateFileName="UQNEN8~1.WAV")) returned 1 [0243.117] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0243.117] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0243.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0243.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0243.118] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3", lpFilePart=0x0) returned 0x2a [0243.118] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3", lpFilePart=0x0) returned 0x2a [0243.118] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3", dwFileAttributes=0x80) returned 1 [0243.120] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0243.120] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\8e3m.mp3"), fInfoLevelId=0x0, lpFileInformation=0x263f210 | out: lpFileInformation=0x263f210*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4e1b28e0, ftCreationTime.dwHighDateTime=0x1d81c6f, ftLastAccessTime.dwLowDateTime=0xe1c74f50, ftLastAccessTime.dwHighDateTime=0x1d81fef, ftLastWriteTime.dwLowDateTime=0xe1c74f50, ftLastWriteTime.dwHighDateTime=0x1d81fef, nFileSizeHigh=0x0, nFileSizeLow=0x283f)) returned 1 [0243.120] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0243.120] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3", lpFilePart=0x0) returned 0x2a [0243.120] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0243.120] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\8e3m.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0243.120] GetFileType (hFile=0x1f4) returned 0x1 [0243.120] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0243.120] GetFileType (hFile=0x1f4) returned 0x1 [0243.120] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x283f [0243.120] ReadFile (in: hFile=0x1f4, lpBuffer=0x263f650, nNumberOfBytesToRead=0x283f, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x263f650*, lpNumberOfBytesRead=0x14ed68*=0x283f, lpOverlapped=0x0) returned 1 [0243.121] CloseHandle (hObject=0x1f4) returned 1 [0243.514] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3", lpFilePart=0x0) returned 0x2a [0243.514] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0243.514] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\8e3m.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0243.516] GetFileType (hFile=0x1f4) returned 0x1 [0243.516] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0243.516] GetFileType (hFile=0x1f4) returned 0x1 [0243.516] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d54b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d54b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0243.517] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d54b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d54b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0243.517] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d54b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26d54b0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0243.518] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d54b0*, nNumberOfBytesToWrite=0x674, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26d54b0*, lpNumberOfBytesWritten=0x14ec28*=0x674, lpOverlapped=0x0) returned 1 [0243.518] CloseHandle (hObject=0x1f4) returned 1 [0243.520] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3", lpFilePart=0x0) returned 0x2a [0243.520] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3.ampkcz", lpFilePart=0x0) returned 0x31 [0243.520] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0243.520] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\8e3m.mp3"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e1b28e0, ftCreationTime.dwHighDateTime=0x1d81c6f, ftLastAccessTime.dwLowDateTime=0xe1c74f50, ftLastAccessTime.dwHighDateTime=0x1d81fef, ftLastWriteTime.dwLowDateTime=0x7f8cd368, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x3674)) returned 1 [0243.520] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0243.520] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\8e3m.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8e3M.mp3.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\8e3m.mp3.ampkcz")) returned 1 [0243.525] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\readme.txt", lpFilePart=0x0) returned 0x2c [0243.525] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0243.525] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0243.526] GetFileType (hFile=0x1f4) returned 0x1 [0243.526] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0243.526] GetFileType (hFile=0x1f4) returned 0x1 [0243.527] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d8698*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x26d8698*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0243.528] CloseHandle (hObject=0x1f4) returned 1 [0243.530] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a", lpFilePart=0x0) returned 0x30 [0243.530] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a", lpFilePart=0x0) returned 0x30 [0243.530] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a", dwFileAttributes=0x80) returned 1 [0243.530] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0243.531] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\8izqxtbj3k.m4a"), fInfoLevelId=0x0, lpFileInformation=0x26dab98 | out: lpFileInformation=0x26dab98*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcd8681c0, ftCreationTime.dwHighDateTime=0x1d81e9e, ftLastAccessTime.dwLowDateTime=0x92e22e10, ftLastAccessTime.dwHighDateTime=0x1d82372, ftLastWriteTime.dwLowDateTime=0x92e22e10, ftLastWriteTime.dwHighDateTime=0x1d82372, nFileSizeHigh=0x0, nFileSizeLow=0xffb1)) returned 1 [0243.531] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0243.531] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a", lpFilePart=0x0) returned 0x30 [0243.531] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0243.531] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\8izqxtbj3k.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0243.531] GetFileType (hFile=0x1f4) returned 0x1 [0243.531] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0243.531] GetFileType (hFile=0x1f4) returned 0x1 [0243.531] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xffb1 [0243.531] ReadFile (in: hFile=0x1f4, lpBuffer=0x26db018, nNumberOfBytesToRead=0xffb1, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x26db018*, lpNumberOfBytesRead=0x14ed68*=0xffb1, lpOverlapped=0x0) returned 1 [0243.533] CloseHandle (hObject=0x1f4) returned 1 [0244.048] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a", lpFilePart=0x0) returned 0x30 [0244.049] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0244.049] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\8izqxtbj3k.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0244.050] GetFileType (hFile=0x1f4) returned 0x1 [0244.051] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0244.051] GetFileType (hFile=0x1f4) returned 0x1 [0244.051] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.052] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.052] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.053] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.053] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.054] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.054] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.054] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.055] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.055] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.055] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.056] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.056] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.057] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.058] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.058] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.058] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.059] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.059] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.059] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.060] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.060] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6e60*, nNumberOfBytesToWrite=0x5c8, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25b6e60*, lpNumberOfBytesWritten=0x14ec28*=0x5c8, lpOverlapped=0x0) returned 1 [0244.060] CloseHandle (hObject=0x1f4) returned 1 [0244.063] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a", lpFilePart=0x0) returned 0x30 [0244.064] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a.ampkcz", lpFilePart=0x0) returned 0x37 [0244.064] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0244.064] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\8izqxtbj3k.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd8681c0, ftCreationTime.dwHighDateTime=0x1d81e9e, ftLastAccessTime.dwLowDateTime=0x92e22e10, ftLastAccessTime.dwHighDateTime=0x1d82372, ftLastWriteTime.dwLowDateTime=0x7fdfcf99, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x155c8)) returned 1 [0244.064] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0244.064] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\8izqxtbj3k.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\8IZQxtBJ3k.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\8izqxtbj3k.m4a.ampkcz")) returned 1 [0244.067] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav", lpFilePart=0x0) returned 0x37 [0244.067] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav", lpFilePart=0x0) returned 0x37 [0244.068] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav", dwFileAttributes=0x80) returned 1 [0244.069] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0244.069] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\hlrmoahv8paxxl5gg.wav"), fInfoLevelId=0x0, lpFileInformation=0x25b90e0 | out: lpFileInformation=0x25b90e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x32fdc370, ftCreationTime.dwHighDateTime=0x1d8297a, ftLastAccessTime.dwLowDateTime=0xedfd22c0, ftLastAccessTime.dwHighDateTime=0x1d829ec, ftLastWriteTime.dwLowDateTime=0xedfd22c0, ftLastWriteTime.dwHighDateTime=0x1d829ec, nFileSizeHigh=0x0, nFileSizeLow=0x18556)) returned 1 [0244.069] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0244.070] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav", lpFilePart=0x0) returned 0x37 [0244.070] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0244.070] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\hlrmoahv8paxxl5gg.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0244.070] GetFileType (hFile=0x1f4) returned 0x1 [0244.070] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0244.070] GetFileType (hFile=0x1f4) returned 0x1 [0244.070] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x18556 [0244.071] ReadFile (in: hFile=0x1f4, lpBuffer=0x126d23f8, nNumberOfBytesToRead=0x18556, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x126d23f8*, lpNumberOfBytesRead=0x14ed68*=0x18556, lpOverlapped=0x0) returned 1 [0244.074] CloseHandle (hObject=0x1f4) returned 1 [0244.486] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav", lpFilePart=0x0) returned 0x37 [0244.486] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0244.486] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\hlrmoahv8paxxl5gg.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0244.489] GetFileType (hFile=0x1f4) returned 0x1 [0244.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0244.489] GetFileType (hFile=0x1f4) returned 0x1 [0244.489] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.490] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.491] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.491] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.492] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.492] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.492] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.493] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.493] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.494] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.494] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.494] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.495] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.495] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.506] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.507] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.508] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.508] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.509] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.509] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.509] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.510] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.510] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.511] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.511] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.512] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.512] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.513] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.513] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.514] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.514] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.515] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.515] WriteFile (in: hFile=0x1f4, lpBuffer=0x26329f8*, nNumberOfBytesToWrite=0x7f4, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26329f8*, lpNumberOfBytesWritten=0x14ec28*=0x7f4, lpOverlapped=0x0) returned 1 [0244.516] CloseHandle (hObject=0x1f4) returned 1 [0244.520] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav", lpFilePart=0x0) returned 0x37 [0244.521] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav.ampkcz", lpFilePart=0x0) returned 0x3e [0244.521] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0244.521] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\hlrmoahv8paxxl5gg.wav"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32fdc370, ftCreationTime.dwHighDateTime=0x1d8297a, ftLastAccessTime.dwLowDateTime=0xedfd22c0, ftLastAccessTime.dwHighDateTime=0x1d829ec, ftLastWriteTime.dwLowDateTime=0x80258200, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x207f4)) returned 1 [0244.521] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0244.521] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\hlrmoahv8paxxl5gg.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\hlrmoAhV8pAxxl5gG.wav.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\hlrmoahv8paxxl5gg.wav.ampkcz")) returned 1 [0244.525] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a", lpFilePart=0x0) returned 0x2b [0244.525] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a", lpFilePart=0x0) returned 0x2b [0244.525] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a", dwFileAttributes=0x80) returned 1 [0244.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0244.527] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\m7sz9.m4a"), fInfoLevelId=0x0, lpFileInformation=0x2634940 | out: lpFileInformation=0x2634940*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc30c9010, ftCreationTime.dwHighDateTime=0x1d82400, ftLastAccessTime.dwLowDateTime=0x3c81a1c0, ftLastAccessTime.dwHighDateTime=0x1d827fc, ftLastWriteTime.dwLowDateTime=0x3c81a1c0, ftLastWriteTime.dwHighDateTime=0x1d827fc, nFileSizeHigh=0x0, nFileSizeLow=0xd633)) returned 1 [0244.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0244.527] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a", lpFilePart=0x0) returned 0x2b [0244.527] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0244.527] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\m7sz9.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0244.527] GetFileType (hFile=0x1f4) returned 0x1 [0244.527] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0244.527] GetFileType (hFile=0x1f4) returned 0x1 [0244.527] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xd633 [0244.528] ReadFile (in: hFile=0x1f4, lpBuffer=0x2634d80, nNumberOfBytesToRead=0xd633, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2634d80*, lpNumberOfBytesRead=0x14ed68*=0xd633, lpOverlapped=0x0) returned 1 [0244.529] CloseHandle (hObject=0x1f4) returned 1 [0244.870] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a", lpFilePart=0x0) returned 0x2b [0244.871] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0244.871] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\m7sz9.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0244.872] GetFileType (hFile=0x1f4) returned 0x1 [0244.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0244.872] GetFileType (hFile=0x1f4) returned 0x1 [0244.873] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e3ae8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26e3ae8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.874] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e3ae8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26e3ae8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.874] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e3ae8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26e3ae8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.874] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e3ae8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26e3ae8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.875] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e3ae8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26e3ae8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.875] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e3ae8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26e3ae8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.876] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e3ae8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26e3ae8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.876] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e3ae8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26e3ae8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.877] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e3ae8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26e3ae8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.877] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e3ae8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26e3ae8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.877] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e3ae8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26e3ae8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.878] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e3ae8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26e3ae8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.878] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e3ae8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26e3ae8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.878] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e3ae8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26e3ae8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.879] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e3ae8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26e3ae8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.879] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e3ae8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26e3ae8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.879] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e3ae8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26e3ae8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0244.880] WriteFile (in: hFile=0x1f4, lpBuffer=0x26e3ae8*, nNumberOfBytesToWrite=0xe74, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26e3ae8*, lpNumberOfBytesWritten=0x14ec28*=0xe74, lpOverlapped=0x0) returned 1 [0244.880] CloseHandle (hObject=0x1f4) returned 1 [0244.883] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a", lpFilePart=0x0) returned 0x2b [0244.883] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a.ampkcz", lpFilePart=0x0) returned 0x32 [0244.883] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0244.883] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\m7sz9.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc30c9010, ftCreationTime.dwHighDateTime=0x1d82400, ftLastAccessTime.dwLowDateTime=0x3c81a1c0, ftLastAccessTime.dwHighDateTime=0x1d827fc, ftLastWriteTime.dwLowDateTime=0x805cdaf2, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x11e74)) returned 1 [0244.883] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0244.883] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\m7sz9.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\M7sz9.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\m7sz9.m4a.ampkcz")) returned 1 [0244.887] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav", lpFilePart=0x0) returned 0x31 [0244.887] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav", lpFilePart=0x0) returned 0x31 [0244.887] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav", dwFileAttributes=0x80) returned 1 [0244.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0244.888] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\nwb2ywgfiob.wav"), fInfoLevelId=0x0, lpFileInformation=0x26e5d38 | out: lpFileInformation=0x26e5d38*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x44e76ee0, ftCreationTime.dwHighDateTime=0x1d81c57, ftLastAccessTime.dwLowDateTime=0x92daf320, ftLastAccessTime.dwHighDateTime=0x1d82417, ftLastWriteTime.dwLowDateTime=0x92daf320, ftLastWriteTime.dwHighDateTime=0x1d82417, nFileSizeHigh=0x0, nFileSizeLow=0x8634)) returned 1 [0244.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0244.888] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav", lpFilePart=0x0) returned 0x31 [0244.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0244.888] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\nwb2ywgfiob.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0244.888] GetFileType (hFile=0x1f4) returned 0x1 [0244.888] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0244.889] GetFileType (hFile=0x1f4) returned 0x1 [0244.889] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x8634 [0244.889] ReadFile (in: hFile=0x1f4, lpBuffer=0x26e61b8, nNumberOfBytesToRead=0x8634, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x26e61b8*, lpNumberOfBytesRead=0x14ed68*=0x8634, lpOverlapped=0x0) returned 1 [0244.890] CloseHandle (hObject=0x1f4) returned 1 [0245.369] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav", lpFilePart=0x0) returned 0x31 [0245.369] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0245.369] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\nwb2ywgfiob.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0245.371] GetFileType (hFile=0x1f4) returned 0x1 [0245.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0245.371] GetFileType (hFile=0x1f4) returned 0x1 [0245.371] WriteFile (in: hFile=0x1f4, lpBuffer=0x2545760*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2545760*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.372] WriteFile (in: hFile=0x1f4, lpBuffer=0x2545760*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2545760*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.373] WriteFile (in: hFile=0x1f4, lpBuffer=0x2545760*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2545760*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.373] WriteFile (in: hFile=0x1f4, lpBuffer=0x2545760*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2545760*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.374] WriteFile (in: hFile=0x1f4, lpBuffer=0x2545760*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2545760*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.374] WriteFile (in: hFile=0x1f4, lpBuffer=0x2545760*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2545760*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.374] WriteFile (in: hFile=0x1f4, lpBuffer=0x2545760*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2545760*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.375] WriteFile (in: hFile=0x1f4, lpBuffer=0x2545760*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2545760*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.375] WriteFile (in: hFile=0x1f4, lpBuffer=0x2545760*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2545760*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.375] WriteFile (in: hFile=0x1f4, lpBuffer=0x2545760*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2545760*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.376] WriteFile (in: hFile=0x1f4, lpBuffer=0x2545760*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x2545760*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0245.376] WriteFile (in: hFile=0x1f4, lpBuffer=0x2545760*, nNumberOfBytesToWrite=0x3c8, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2545760*, lpNumberOfBytesWritten=0x14ec28*=0x3c8, lpOverlapped=0x0) returned 1 [0245.376] CloseHandle (hObject=0x1f4) returned 1 [0245.378] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav", lpFilePart=0x0) returned 0x31 [0245.378] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav.ampkcz", lpFilePart=0x0) returned 0x38 [0245.378] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0245.378] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\nwb2ywgfiob.wav"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x44e76ee0, ftCreationTime.dwHighDateTime=0x1d81c57, ftLastAccessTime.dwLowDateTime=0x92daf320, ftLastAccessTime.dwHighDateTime=0x1d82417, ftLastWriteTime.dwLowDateTime=0x80a86cb8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xb3c8)) returned 1 [0245.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0245.379] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\nwb2ywgfiob.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\nwB2YwgFIOb.wav.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\nwb2ywgfiob.wav.ampkcz")) returned 1 [0245.383] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav", lpFilePart=0x0) returned 0x30 [0245.383] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav", lpFilePart=0x0) returned 0x30 [0245.383] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav", dwFileAttributes=0x80) returned 1 [0245.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0245.384] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\uqnen8cbfg.wav"), fInfoLevelId=0x0, lpFileInformation=0x25479e0 | out: lpFileInformation=0x25479e0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x9b894430, ftCreationTime.dwHighDateTime=0x1d819e1, ftLastAccessTime.dwLowDateTime=0x40585bb0, ftLastAccessTime.dwHighDateTime=0x1d826dd, ftLastWriteTime.dwLowDateTime=0x40585bb0, ftLastWriteTime.dwHighDateTime=0x1d826dd, nFileSizeHigh=0x0, nFileSizeLow=0x704c)) returned 1 [0245.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0245.384] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav", lpFilePart=0x0) returned 0x30 [0245.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0245.384] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\uqnen8cbfg.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0245.384] GetFileType (hFile=0x1f4) returned 0x1 [0245.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0245.384] GetFileType (hFile=0x1f4) returned 0x1 [0245.384] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x704c [0245.384] ReadFile (in: hFile=0x1f4, lpBuffer=0x2547e60, nNumberOfBytesToRead=0x704c, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2547e60*, lpNumberOfBytesRead=0x14ed68*=0x704c, lpOverlapped=0x0) returned 1 [0245.386] CloseHandle (hObject=0x1f4) returned 1 [0245.758] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav", lpFilePart=0x0) returned 0x30 [0245.758] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0245.758] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\uqnen8cbfg.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0245.760] GetFileType (hFile=0x1f4) returned 0x1 [0245.760] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0245.760] GetFileType (hFile=0x1f4) returned 0x1 [0245.760] WriteFile (in: hFile=0x1f4, lpBuffer=0x2610d88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2610d88*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.762] WriteFile (in: hFile=0x1f4, lpBuffer=0x2610d88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2610d88*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.762] WriteFile (in: hFile=0x1f4, lpBuffer=0x2610d88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2610d88*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.762] WriteFile (in: hFile=0x1f4, lpBuffer=0x2610d88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2610d88*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.763] WriteFile (in: hFile=0x1f4, lpBuffer=0x2610d88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2610d88*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.763] WriteFile (in: hFile=0x1f4, lpBuffer=0x2610d88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2610d88*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.763] WriteFile (in: hFile=0x1f4, lpBuffer=0x2610d88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2610d88*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.764] WriteFile (in: hFile=0x1f4, lpBuffer=0x2610d88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2610d88*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.764] WriteFile (in: hFile=0x1f4, lpBuffer=0x2610d88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2610d88*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0245.764] WriteFile (in: hFile=0x1f4, lpBuffer=0x2610d88*, nNumberOfBytesToWrite=0x688, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2610d88*, lpNumberOfBytesWritten=0x14ec28*=0x688, lpOverlapped=0x0) returned 1 [0245.765] CloseHandle (hObject=0x1f4) returned 1 [0245.767] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav", lpFilePart=0x0) returned 0x30 [0245.767] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav.ampkcz", lpFilePart=0x0) returned 0x37 [0245.767] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0245.767] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\uqnen8cbfg.wav"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b894430, ftCreationTime.dwHighDateTime=0x1d819e1, ftLastAccessTime.dwLowDateTime=0x40585bb0, ftLastAccessTime.dwHighDateTime=0x1d826dd, ftLastWriteTime.dwLowDateTime=0x80e3ae0b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x9688)) returned 1 [0245.767] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0245.767] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\uqnen8cbfg.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\uQneN8cbfg.wav.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\bjuec\\uqnen8cbfg.wav.ampkcz")) returned 1 [0245.768] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0245.768] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc", lpFilePart=0x0) returned 0x21 [0245.768] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\", lpFilePart=0x0) returned 0x22 [0245.769] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\BJUEc\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85d91960, ftCreationTime.dwHighDateTime=0x1d81c18, ftLastAccessTime.dwLowDateTime=0x80e3db17, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x80e3db17, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0245.769] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x85d91960, ftCreationTime.dwHighDateTime=0x1d81c18, ftLastAccessTime.dwLowDateTime=0x80e3db17, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x80e3db17, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0245.769] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e1b28e0, ftCreationTime.dwHighDateTime=0x1d81c6f, ftLastAccessTime.dwLowDateTime=0xe1c74f50, ftLastAccessTime.dwHighDateTime=0x1d81fef, ftLastWriteTime.dwLowDateTime=0x7f8cd368, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x3674, dwReserved0=0x0, dwReserved1=0x0, cFileName="8e3M.mp3.ampkcz", cAlternateFileName="8E3MMP~1.AMP")) returned 1 [0245.769] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcd8681c0, ftCreationTime.dwHighDateTime=0x1d81e9e, ftLastAccessTime.dwLowDateTime=0x92e22e10, ftLastAccessTime.dwHighDateTime=0x1d82372, ftLastWriteTime.dwLowDateTime=0x7fdfcf99, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x155c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="8IZQxtBJ3k.m4a.ampkcz", cAlternateFileName="8IZQXT~1.AMP")) returned 1 [0245.770] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32fdc370, ftCreationTime.dwHighDateTime=0x1d8297a, ftLastAccessTime.dwLowDateTime=0xedfd22c0, ftLastAccessTime.dwHighDateTime=0x1d829ec, ftLastWriteTime.dwLowDateTime=0x80258200, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x207f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="hlrmoAhV8pAxxl5gG.wav.ampkcz", cAlternateFileName="HLRMOA~1.AMP")) returned 1 [0245.770] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc30c9010, ftCreationTime.dwHighDateTime=0x1d82400, ftLastAccessTime.dwLowDateTime=0x3c81a1c0, ftLastAccessTime.dwHighDateTime=0x1d827fc, ftLastWriteTime.dwLowDateTime=0x805cdaf2, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x11e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="M7sz9.m4a.ampkcz", cAlternateFileName="M7SZ9M~1.AMP")) returned 1 [0245.770] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x44e76ee0, ftCreationTime.dwHighDateTime=0x1d81c57, ftLastAccessTime.dwLowDateTime=0x92daf320, ftLastAccessTime.dwHighDateTime=0x1d82417, ftLastWriteTime.dwLowDateTime=0x80a86cb8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xb3c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="nwB2YwgFIOb.wav.ampkcz", cAlternateFileName="NWB2YW~1.AMP")) returned 1 [0245.770] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f8dbd83, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x7f8dbd83, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x7f8e1f86, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0245.770] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b894430, ftCreationTime.dwHighDateTime=0x1d819e1, ftLastAccessTime.dwLowDateTime=0x40585bb0, ftLastAccessTime.dwHighDateTime=0x1d826dd, ftLastWriteTime.dwLowDateTime=0x80e3ae0b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x9688, dwReserved0=0x0, dwReserved1=0x0, cFileName="uQneN8cbfg.wav.ampkcz", cAlternateFileName="UQNEN8~1.AMP")) returned 1 [0245.770] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b894430, ftCreationTime.dwHighDateTime=0x1d819e1, ftLastAccessTime.dwLowDateTime=0x40585bb0, ftLastAccessTime.dwHighDateTime=0x1d826dd, ftLastWriteTime.dwLowDateTime=0x80e3ae0b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x9688, dwReserved0=0x0, dwReserved1=0x0, cFileName="uQneN8cbfg.wav.ampkcz", cAlternateFileName="UQNEN8~1.AMP")) returned 0 [0245.771] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0245.771] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0245.771] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0245.771] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0245.771] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy", lpFilePart=0x0) returned 0x22 [0245.771] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\", lpFilePart=0x0) returned 0x23 [0245.771] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc60b2a90, ftCreationTime.dwHighDateTime=0x1d82051, ftLastAccessTime.dwLowDateTime=0xfc2fff40, ftLastAccessTime.dwHighDateTime=0x1d82341, ftLastWriteTime.dwLowDateTime=0xfc2fff40, ftLastWriteTime.dwHighDateTime=0x1d82341, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0245.772] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc60b2a90, ftCreationTime.dwHighDateTime=0x1d82051, ftLastAccessTime.dwLowDateTime=0xfc2fff40, ftLastAccessTime.dwHighDateTime=0x1d82341, ftLastWriteTime.dwLowDateTime=0xfc2fff40, ftLastWriteTime.dwHighDateTime=0x1d82341, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0245.772] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642d5860, ftCreationTime.dwHighDateTime=0x1d81eef, ftLastAccessTime.dwLowDateTime=0xa60ffba0, ftLastAccessTime.dwHighDateTime=0x1d829be, ftLastWriteTime.dwLowDateTime=0xa60ffba0, ftLastWriteTime.dwHighDateTime=0x1d829be, nFileSizeHigh=0x0, nFileSizeLow=0x4e06, dwReserved0=0x0, dwReserved1=0x0, cFileName="OroYB.wav", cAlternateFileName="")) returned 1 [0245.772] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0245.774] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0245.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0245.774] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0245.777] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav", lpFilePart=0x0) returned 0x2c [0245.777] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav", lpFilePart=0x0) returned 0x2c [0245.777] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav", dwFileAttributes=0x80) returned 1 [0245.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0245.777] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\flg2xy\\oroyb.wav"), fInfoLevelId=0x0, lpFileInformation=0x26150d0 | out: lpFileInformation=0x26150d0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x642d5860, ftCreationTime.dwHighDateTime=0x1d81eef, ftLastAccessTime.dwLowDateTime=0xa60ffba0, ftLastAccessTime.dwHighDateTime=0x1d829be, ftLastWriteTime.dwLowDateTime=0xa60ffba0, ftLastWriteTime.dwHighDateTime=0x1d829be, nFileSizeHigh=0x0, nFileSizeLow=0x4e06)) returned 1 [0245.777] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0245.777] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav", lpFilePart=0x0) returned 0x2c [0245.777] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0245.777] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\flg2xy\\oroyb.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0245.778] GetFileType (hFile=0x1f4) returned 0x1 [0245.778] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0245.778] GetFileType (hFile=0x1f4) returned 0x1 [0245.778] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x4e06 [0245.778] ReadFile (in: hFile=0x1f4, lpBuffer=0x2615528, nNumberOfBytesToRead=0x4e06, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2615528*, lpNumberOfBytesRead=0x14ed68*=0x4e06, lpOverlapped=0x0) returned 1 [0245.779] CloseHandle (hObject=0x1f4) returned 1 [0246.102] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav", lpFilePart=0x0) returned 0x2c [0246.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0246.102] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\flg2xy\\oroyb.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0246.107] GetFileType (hFile=0x1f4) returned 0x1 [0246.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0246.107] GetFileType (hFile=0x1f4) returned 0x1 [0246.107] WriteFile (in: hFile=0x1f4, lpBuffer=0x26c6020*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c6020*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.108] WriteFile (in: hFile=0x1f4, lpBuffer=0x26c6020*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c6020*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.109] WriteFile (in: hFile=0x1f4, lpBuffer=0x26c6020*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c6020*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.109] WriteFile (in: hFile=0x1f4, lpBuffer=0x26c6020*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c6020*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.109] WriteFile (in: hFile=0x1f4, lpBuffer=0x26c6020*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c6020*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.110] WriteFile (in: hFile=0x1f4, lpBuffer=0x26c6020*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26c6020*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.110] WriteFile (in: hFile=0x1f4, lpBuffer=0x26c6020*, nNumberOfBytesToWrite=0x8e0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26c6020*, lpNumberOfBytesWritten=0x14ec28*=0x8e0, lpOverlapped=0x0) returned 1 [0246.110] CloseHandle (hObject=0x1f4) returned 1 [0246.112] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav", lpFilePart=0x0) returned 0x2c [0246.112] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav.ampkcz", lpFilePart=0x0) returned 0x33 [0246.112] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0246.112] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\flg2xy\\oroyb.wav"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642d5860, ftCreationTime.dwHighDateTime=0x1d81eef, ftLastAccessTime.dwLowDateTime=0xa60ffba0, ftLastAccessTime.dwHighDateTime=0x1d829be, ftLastWriteTime.dwLowDateTime=0x811851e6, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x68e0)) returned 1 [0246.112] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0246.112] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\flg2xy\\oroyb.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\OroYB.wav.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\flg2xy\\oroyb.wav.ampkcz")) returned 1 [0246.113] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\readme.txt", lpFilePart=0x0) returned 0x2d [0246.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0246.113] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\flg2xy\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0246.113] GetFileType (hFile=0x1f4) returned 0x1 [0246.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0246.113] GetFileType (hFile=0x1f4) returned 0x1 [0246.114] WriteFile (in: hFile=0x1f4, lpBuffer=0x26c9210*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x26c9210*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0246.116] CloseHandle (hObject=0x1f4) returned 1 [0246.116] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0246.116] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy", lpFilePart=0x0) returned 0x22 [0246.116] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\", lpFilePart=0x0) returned 0x23 [0246.116] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\FlG2xy\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc60b2a90, ftCreationTime.dwHighDateTime=0x1d82051, ftLastAccessTime.dwLowDateTime=0x81186bfd, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x81188069, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0246.116] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xc60b2a90, ftCreationTime.dwHighDateTime=0x1d82051, ftLastAccessTime.dwLowDateTime=0x81186bfd, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x81188069, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.117] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x642d5860, ftCreationTime.dwHighDateTime=0x1d81eef, ftLastAccessTime.dwLowDateTime=0xa60ffba0, ftLastAccessTime.dwHighDateTime=0x1d829be, ftLastWriteTime.dwLowDateTime=0x811851e6, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x68e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OroYB.wav.ampkcz", cAlternateFileName="OROYBW~1.AMP")) returned 1 [0246.117] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81188069, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x81188069, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8118f5ac, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0246.117] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x81188069, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x81188069, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8118f5ac, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0246.117] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0246.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0246.117] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0246.117] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0246.117] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF", lpFilePart=0x0) returned 0x2d [0246.118] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\", lpFilePart=0x0) returned 0x2e [0246.118] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa1a830b0, ftCreationTime.dwHighDateTime=0x1d82779, ftLastAccessTime.dwLowDateTime=0x42552950, ftLastAccessTime.dwHighDateTime=0x1d827de, ftLastWriteTime.dwLowDateTime=0x42552950, ftLastWriteTime.dwHighDateTime=0x1d827de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687cd0 [0246.118] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa1a830b0, ftCreationTime.dwHighDateTime=0x1d82779, ftLastAccessTime.dwLowDateTime=0x42552950, ftLastAccessTime.dwHighDateTime=0x1d827de, ftLastWriteTime.dwLowDateTime=0x42552950, ftLastWriteTime.dwHighDateTime=0x1d827de, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.118] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57e76530, ftCreationTime.dwHighDateTime=0x1d82491, ftLastAccessTime.dwLowDateTime=0x41a80680, ftLastAccessTime.dwHighDateTime=0x1d82838, ftLastWriteTime.dwLowDateTime=0x41a80680, ftLastWriteTime.dwHighDateTime=0x1d82838, nFileSizeHigh=0x0, nFileSizeLow=0x14d12, dwReserved0=0x0, dwReserved1=0x0, cFileName="-bPFpYE7NNG.mp3", cAlternateFileName="-BPFPY~1.MP3")) returned 1 [0246.118] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc10b4830, ftCreationTime.dwHighDateTime=0x1d82197, ftLastAccessTime.dwLowDateTime=0x670155e0, ftLastAccessTime.dwHighDateTime=0x1d829e5, ftLastWriteTime.dwLowDateTime=0x670155e0, ftLastWriteTime.dwHighDateTime=0x1d829e5, nFileSizeHigh=0x0, nFileSizeLow=0xa9b6, dwReserved0=0x0, dwReserved1=0x0, cFileName="2-4oAy.wav", cAlternateFileName="")) returned 1 [0246.118] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce6c99a0, ftCreationTime.dwHighDateTime=0x1d8282e, ftLastAccessTime.dwLowDateTime=0xbb94cf80, ftLastAccessTime.dwHighDateTime=0x1d829de, ftLastWriteTime.dwLowDateTime=0xbb94cf80, ftLastWriteTime.dwHighDateTime=0x1d829de, nFileSizeHigh=0x0, nFileSizeLow=0x1537a, dwReserved0=0x0, dwReserved1=0x0, cFileName="F_HBQss5eXPO.wav", cAlternateFileName="F_HBQS~1.WAV")) returned 1 [0246.119] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x44216ed0, ftCreationTime.dwHighDateTime=0x1d81aee, ftLastAccessTime.dwLowDateTime=0xd046d1d0, ftLastAccessTime.dwHighDateTime=0x1d81cff, ftLastWriteTime.dwLowDateTime=0xd046d1d0, ftLastWriteTime.dwHighDateTime=0x1d81cff, nFileSizeHigh=0x0, nFileSizeLow=0xdd9, dwReserved0=0x0, dwReserved1=0x0, cFileName="n-T6ZmGrj.mp3", cAlternateFileName="N-T6ZM~1.MP3")) returned 1 [0246.119] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8edabaa0, ftCreationTime.dwHighDateTime=0x1d824a6, ftLastAccessTime.dwLowDateTime=0x55444f90, ftLastAccessTime.dwHighDateTime=0x1d828ed, ftLastWriteTime.dwLowDateTime=0x55444f90, ftLastWriteTime.dwHighDateTime=0x1d828ed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UNAp", cAlternateFileName="")) returned 1 [0246.119] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x279bd480, ftCreationTime.dwHighDateTime=0x1d81c8d, ftLastAccessTime.dwLowDateTime=0x9d1591f0, ftLastAccessTime.dwHighDateTime=0x1d81df1, ftLastWriteTime.dwLowDateTime=0x9d1591f0, ftLastWriteTime.dwHighDateTime=0x1d81df1, nFileSizeHigh=0x0, nFileSizeLow=0x1f11, dwReserved0=0x0, dwReserved1=0x0, cFileName="xwgJHHknNHt.wav", cAlternateFileName="XWGJHH~1.WAV")) returned 1 [0246.119] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x580d83a0, ftCreationTime.dwHighDateTime=0x1d82248, ftLastAccessTime.dwLowDateTime=0xbb953290, ftLastAccessTime.dwHighDateTime=0x1d8274a, ftLastWriteTime.dwLowDateTime=0xbb953290, ftLastWriteTime.dwHighDateTime=0x1d8274a, nFileSizeHigh=0x0, nFileSizeLow=0x649b, dwReserved0=0x0, dwReserved1=0x0, cFileName="zYpsCwXr.mp3", cAlternateFileName="")) returned 1 [0246.119] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0246.119] FindClose (in: hFindFile=0x687cd0 | out: hFindFile=0x687cd0) returned 1 [0246.119] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0246.119] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0246.121] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3", lpFilePart=0x0) returned 0x3d [0246.121] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3", lpFilePart=0x0) returned 0x3d [0246.121] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3", dwFileAttributes=0x80) returned 1 [0246.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0246.121] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\-bpfpye7nng.mp3"), fInfoLevelId=0x0, lpFileInformation=0x26cd518 | out: lpFileInformation=0x26cd518*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x57e76530, ftCreationTime.dwHighDateTime=0x1d82491, ftLastAccessTime.dwLowDateTime=0x41a80680, ftLastAccessTime.dwHighDateTime=0x1d82838, ftLastWriteTime.dwLowDateTime=0x41a80680, ftLastWriteTime.dwHighDateTime=0x1d82838, nFileSizeHigh=0x0, nFileSizeLow=0x14d12)) returned 1 [0246.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0246.122] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3", lpFilePart=0x0) returned 0x3d [0246.122] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0246.122] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\-bpfpye7nng.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0246.122] GetFileType (hFile=0x1f4) returned 0x1 [0246.122] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0246.122] GetFileType (hFile=0x1f4) returned 0x1 [0246.122] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x14d12 [0246.122] ReadFile (in: hFile=0x1f4, lpBuffer=0x12556ff8, nNumberOfBytesToRead=0x14d12, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x12556ff8*, lpNumberOfBytesRead=0x14ed68*=0x14d12, lpOverlapped=0x0) returned 1 [0246.126] CloseHandle (hObject=0x1f4) returned 1 [0246.516] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3", lpFilePart=0x0) returned 0x3d [0246.517] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0246.517] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\-bpfpye7nng.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0246.519] GetFileType (hFile=0x1f4) returned 0x1 [0246.519] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0246.519] GetFileType (hFile=0x1f4) returned 0x1 [0246.519] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.520] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.520] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.522] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.523] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.523] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.523] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.525] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.525] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.526] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.526] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.526] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.527] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.527] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.527] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.528] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.528] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.528] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.529] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.529] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.529] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.530] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.530] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.531] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.531] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.531] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.532] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.532] WriteFile (in: hFile=0x1f4, lpBuffer=0x2557f00*, nNumberOfBytesToWrite=0xcf4, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2557f00*, lpNumberOfBytesWritten=0x14ec28*=0xcf4, lpOverlapped=0x0) returned 1 [0246.532] CloseHandle (hObject=0x1f4) returned 1 [0246.536] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3", lpFilePart=0x0) returned 0x3d [0246.536] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3.ampkcz", lpFilePart=0x0) returned 0x44 [0246.536] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0246.536] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\-bpfpye7nng.mp3"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57e76530, ftCreationTime.dwHighDateTime=0x1d82491, ftLastAccessTime.dwLowDateTime=0x41a80680, ftLastAccessTime.dwHighDateTime=0x1d82838, ftLastWriteTime.dwLowDateTime=0x815907aa, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1bcf4)) returned 1 [0246.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0246.537] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\-bpfpye7nng.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\-bPFpYE7NNG.mp3.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\-bpfpye7nng.mp3.ampkcz")) returned 1 [0246.537] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\readme.txt", lpFilePart=0x0) returned 0x38 [0246.538] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0246.538] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0246.538] GetFileType (hFile=0x1f4) returned 0x1 [0246.538] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0246.538] GetFileType (hFile=0x1f4) returned 0x1 [0246.539] WriteFile (in: hFile=0x1f4, lpBuffer=0x255b190*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x255b190*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0246.540] CloseHandle (hObject=0x1f4) returned 1 [0246.542] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav", lpFilePart=0x0) returned 0x38 [0246.543] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav", lpFilePart=0x0) returned 0x38 [0246.543] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav", dwFileAttributes=0x80) returned 1 [0246.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0246.543] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\2-4oay.wav"), fInfoLevelId=0x0, lpFileInformation=0x255d9d0 | out: lpFileInformation=0x255d9d0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc10b4830, ftCreationTime.dwHighDateTime=0x1d82197, ftLastAccessTime.dwLowDateTime=0x670155e0, ftLastAccessTime.dwHighDateTime=0x1d829e5, ftLastWriteTime.dwLowDateTime=0x670155e0, ftLastWriteTime.dwHighDateTime=0x1d829e5, nFileSizeHigh=0x0, nFileSizeLow=0xa9b6)) returned 1 [0246.543] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0246.543] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav", lpFilePart=0x0) returned 0x38 [0246.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0246.543] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\2-4oay.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0246.543] GetFileType (hFile=0x1f4) returned 0x1 [0246.543] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0246.544] GetFileType (hFile=0x1f4) returned 0x1 [0246.544] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xa9b6 [0246.544] ReadFile (in: hFile=0x1f4, lpBuffer=0x255de70, nNumberOfBytesToRead=0xa9b6, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x255de70*, lpNumberOfBytesRead=0x14ed68*=0xa9b6, lpOverlapped=0x0) returned 1 [0246.545] CloseHandle (hObject=0x1f4) returned 1 [0246.898] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav", lpFilePart=0x0) returned 0x38 [0246.898] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0246.898] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\2-4oay.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0246.899] GetFileType (hFile=0x1f4) returned 0x1 [0246.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0246.899] GetFileType (hFile=0x1f4) returned 0x1 [0246.900] WriteFile (in: hFile=0x1f4, lpBuffer=0x26019f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26019f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.901] WriteFile (in: hFile=0x1f4, lpBuffer=0x26019f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26019f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.901] WriteFile (in: hFile=0x1f4, lpBuffer=0x26019f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26019f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.902] WriteFile (in: hFile=0x1f4, lpBuffer=0x26019f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26019f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.902] WriteFile (in: hFile=0x1f4, lpBuffer=0x26019f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26019f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.902] WriteFile (in: hFile=0x1f4, lpBuffer=0x26019f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26019f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.903] WriteFile (in: hFile=0x1f4, lpBuffer=0x26019f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26019f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.903] WriteFile (in: hFile=0x1f4, lpBuffer=0x26019f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26019f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.903] WriteFile (in: hFile=0x1f4, lpBuffer=0x26019f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26019f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.904] WriteFile (in: hFile=0x1f4, lpBuffer=0x26019f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26019f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.904] WriteFile (in: hFile=0x1f4, lpBuffer=0x26019f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26019f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.905] WriteFile (in: hFile=0x1f4, lpBuffer=0x26019f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26019f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.905] WriteFile (in: hFile=0x1f4, lpBuffer=0x26019f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26019f8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0246.905] WriteFile (in: hFile=0x1f4, lpBuffer=0x26019f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x26019f8*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0246.905] WriteFile (in: hFile=0x1f4, lpBuffer=0x26019f8*, nNumberOfBytesToWrite=0x320, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26019f8*, lpNumberOfBytesWritten=0x14ec28*=0x320, lpOverlapped=0x0) returned 1 [0246.906] CloseHandle (hObject=0x1f4) returned 1 [0246.908] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav", lpFilePart=0x0) returned 0x38 [0246.908] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav.ampkcz", lpFilePart=0x0) returned 0x3f [0246.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0246.909] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\2-4oay.wav"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc10b4830, ftCreationTime.dwHighDateTime=0x1d82197, ftLastAccessTime.dwLowDateTime=0x670155e0, ftLastAccessTime.dwHighDateTime=0x1d829e5, ftLastWriteTime.dwLowDateTime=0x8191e893, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xe320)) returned 1 [0246.909] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0246.909] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\2-4oay.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\2-4oAy.wav.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\2-4oay.wav.ampkcz")) returned 1 [0246.912] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav", lpFilePart=0x0) returned 0x3e [0246.912] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav", lpFilePart=0x0) returned 0x3e [0246.912] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav", dwFileAttributes=0x80) returned 1 [0246.912] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0246.912] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\f_hbqss5expo.wav"), fInfoLevelId=0x0, lpFileInformation=0x2603ca0 | out: lpFileInformation=0x2603ca0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xce6c99a0, ftCreationTime.dwHighDateTime=0x1d8282e, ftLastAccessTime.dwLowDateTime=0xbb94cf80, ftLastAccessTime.dwHighDateTime=0x1d829de, ftLastWriteTime.dwLowDateTime=0xbb94cf80, ftLastWriteTime.dwHighDateTime=0x1d829de, nFileSizeHigh=0x0, nFileSizeLow=0x1537a)) returned 1 [0246.912] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0246.912] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav", lpFilePart=0x0) returned 0x3e [0246.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0246.913] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\f_hbqss5expo.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0246.913] GetFileType (hFile=0x1f4) returned 0x1 [0246.913] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0246.913] GetFileType (hFile=0x1f4) returned 0x1 [0246.913] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x1537a [0246.913] ReadFile (in: hFile=0x1f4, lpBuffer=0x12691150, nNumberOfBytesToRead=0x1537a, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x12691150*, lpNumberOfBytesRead=0x14ed68*=0x1537a, lpOverlapped=0x0) returned 1 [0246.916] CloseHandle (hObject=0x1f4) returned 1 [0247.258] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav", lpFilePart=0x0) returned 0x3e [0247.258] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0247.258] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\f_hbqss5expo.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0247.260] GetFileType (hFile=0x1f4) returned 0x1 [0247.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0247.260] GetFileType (hFile=0x1f4) returned 0x1 [0247.260] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.262] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.262] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.262] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.263] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.265] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.266] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.266] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.267] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.267] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.267] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.268] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.268] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.268] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.269] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.269] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.269] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.270] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.270] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.270] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.271] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.271] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.271] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.272] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.272] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.272] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.273] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.273] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0247.274] WriteFile (in: hFile=0x1f4, lpBuffer=0x267d5d8*, nNumberOfBytesToWrite=0x574, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x267d5d8*, lpNumberOfBytesWritten=0x14ec28*=0x574, lpOverlapped=0x0) returned 1 [0247.274] CloseHandle (hObject=0x1f4) returned 1 [0247.278] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav", lpFilePart=0x0) returned 0x3e [0247.278] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav.ampkcz", lpFilePart=0x0) returned 0x45 [0247.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0247.278] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\f_hbqss5expo.wav"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce6c99a0, ftCreationTime.dwHighDateTime=0x1d8282e, ftLastAccessTime.dwLowDateTime=0xbb94cf80, ftLastAccessTime.dwHighDateTime=0x1d829de, ftLastWriteTime.dwLowDateTime=0x81ca3c2e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1c574)) returned 1 [0247.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0247.278] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\f_hbqss5expo.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\F_HBQss5eXPO.wav.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\f_hbqss5expo.wav.ampkcz")) returned 1 [0247.280] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3", lpFilePart=0x0) returned 0x3b [0247.280] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3", lpFilePart=0x0) returned 0x3b [0247.280] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3", dwFileAttributes=0x80) returned 1 [0247.280] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0247.280] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\n-t6zmgrj.mp3"), fInfoLevelId=0x0, lpFileInformation=0x267ee28 | out: lpFileInformation=0x267ee28*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x44216ed0, ftCreationTime.dwHighDateTime=0x1d81aee, ftLastAccessTime.dwLowDateTime=0xd046d1d0, ftLastAccessTime.dwHighDateTime=0x1d81cff, ftLastWriteTime.dwLowDateTime=0xd046d1d0, ftLastWriteTime.dwHighDateTime=0x1d81cff, nFileSizeHigh=0x0, nFileSizeLow=0xdd9)) returned 1 [0247.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0247.281] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3", lpFilePart=0x0) returned 0x3b [0247.281] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0247.281] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\n-t6zmgrj.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0247.281] GetFileType (hFile=0x1f4) returned 0x1 [0247.281] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0247.281] GetFileType (hFile=0x1f4) returned 0x1 [0247.281] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xdd9 [0247.281] ReadFile (in: hFile=0x1f4, lpBuffer=0x26800d0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x26800d0*, lpNumberOfBytesRead=0x14ed68*=0xdd9, lpOverlapped=0x0) returned 1 [0247.282] CloseHandle (hObject=0x1f4) returned 1 [0247.724] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3", lpFilePart=0x0) returned 0x3b [0247.724] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0247.724] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\n-t6zmgrj.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0247.726] GetFileType (hFile=0x1f4) returned 0x1 [0247.726] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0247.726] GetFileType (hFile=0x1f4) returned 0x1 [0247.726] WriteFile (in: hFile=0x1f4, lpBuffer=0x2703688*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x2703688*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0247.727] WriteFile (in: hFile=0x1f4, lpBuffer=0x2703688*, nNumberOfBytesToWrite=0x348, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2703688*, lpNumberOfBytesWritten=0x14ec28*=0x348, lpOverlapped=0x0) returned 1 [0247.727] CloseHandle (hObject=0x1f4) returned 1 [0247.731] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3", lpFilePart=0x0) returned 0x3b [0247.731] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3.ampkcz", lpFilePart=0x0) returned 0x42 [0247.731] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0247.731] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\n-t6zmgrj.mp3"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x44216ed0, ftCreationTime.dwHighDateTime=0x1d81aee, ftLastAccessTime.dwLowDateTime=0xd046d1d0, ftLastAccessTime.dwHighDateTime=0x1d81cff, ftLastWriteTime.dwLowDateTime=0x820f5080, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1348)) returned 1 [0247.731] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0247.731] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\n-t6zmgrj.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\n-T6ZmGrj.mp3.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\n-t6zmgrj.mp3.ampkcz")) returned 1 [0247.735] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav", lpFilePart=0x0) returned 0x3d [0247.736] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav", lpFilePart=0x0) returned 0x3d [0247.736] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav", dwFileAttributes=0x80) returned 1 [0247.737] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0247.737] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\xwgjhhknnht.wav"), fInfoLevelId=0x0, lpFileInformation=0x2705938 | out: lpFileInformation=0x2705938*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x279bd480, ftCreationTime.dwHighDateTime=0x1d81c8d, ftLastAccessTime.dwLowDateTime=0x9d1591f0, ftLastAccessTime.dwHighDateTime=0x1d81df1, ftLastWriteTime.dwLowDateTime=0x9d1591f0, ftLastWriteTime.dwHighDateTime=0x1d81df1, nFileSizeHigh=0x0, nFileSizeLow=0x1f11)) returned 1 [0247.737] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0247.737] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav", lpFilePart=0x0) returned 0x3d [0247.737] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0247.737] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\xwgjhhknnht.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0247.737] GetFileType (hFile=0x1f4) returned 0x1 [0247.737] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0247.737] GetFileType (hFile=0x1f4) returned 0x1 [0247.737] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x1f11 [0247.737] ReadFile (in: hFile=0x1f4, lpBuffer=0x2705e00, nNumberOfBytesToRead=0x1f11, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2705e00*, lpNumberOfBytesRead=0x14ed68*=0x1f11, lpOverlapped=0x0) returned 1 [0247.738] CloseHandle (hObject=0x1f4) returned 1 [0248.061] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav", lpFilePart=0x0) returned 0x3d [0248.061] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0248.061] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\xwgjhhknnht.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0248.064] GetFileType (hFile=0x1f4) returned 0x1 [0248.064] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0248.064] GetFileType (hFile=0x1f4) returned 0x1 [0248.065] WriteFile (in: hFile=0x1f4, lpBuffer=0x25967d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25967d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0248.066] WriteFile (in: hFile=0x1f4, lpBuffer=0x25967d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25967d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0248.066] WriteFile (in: hFile=0x1f4, lpBuffer=0x25967d0*, nNumberOfBytesToWrite=0xa48, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25967d0*, lpNumberOfBytesWritten=0x14ec28*=0xa48, lpOverlapped=0x0) returned 1 [0248.067] CloseHandle (hObject=0x1f4) returned 1 [0248.068] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav", lpFilePart=0x0) returned 0x3d [0248.068] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav.ampkcz", lpFilePart=0x0) returned 0x44 [0248.068] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0248.068] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\xwgjhhknnht.wav"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x279bd480, ftCreationTime.dwHighDateTime=0x1d81c8d, ftLastAccessTime.dwLowDateTime=0x9d1591f0, ftLastAccessTime.dwHighDateTime=0x1d81df1, ftLastWriteTime.dwLowDateTime=0x8242d944, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2a48)) returned 1 [0248.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0248.068] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\xwgjhhknnht.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\xwgJHHknNHt.wav.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\xwgjhhknnht.wav.ampkcz")) returned 1 [0248.070] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3", lpFilePart=0x0) returned 0x3a [0248.070] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3", lpFilePart=0x0) returned 0x3a [0248.070] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3", dwFileAttributes=0x80) returned 1 [0248.070] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0248.070] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\zypscwxr.mp3"), fInfoLevelId=0x0, lpFileInformation=0x2598020 | out: lpFileInformation=0x2598020*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x580d83a0, ftCreationTime.dwHighDateTime=0x1d82248, ftLastAccessTime.dwLowDateTime=0xbb953290, ftLastAccessTime.dwHighDateTime=0x1d8274a, ftLastWriteTime.dwLowDateTime=0xbb953290, ftLastWriteTime.dwHighDateTime=0x1d8274a, nFileSizeHigh=0x0, nFileSizeLow=0x649b)) returned 1 [0248.070] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0248.071] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3", lpFilePart=0x0) returned 0x3a [0248.071] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0248.071] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\zypscwxr.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0248.071] GetFileType (hFile=0x1f4) returned 0x1 [0248.071] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0248.071] GetFileType (hFile=0x1f4) returned 0x1 [0248.071] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x649b [0248.071] ReadFile (in: hFile=0x1f4, lpBuffer=0x25984d0, nNumberOfBytesToRead=0x649b, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25984d0*, lpNumberOfBytesRead=0x14ed68*=0x649b, lpOverlapped=0x0) returned 1 [0248.072] CloseHandle (hObject=0x1f4) returned 1 [0248.616] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3", lpFilePart=0x0) returned 0x3a [0248.616] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0248.616] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\zypscwxr.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0248.617] GetFileType (hFile=0x1f4) returned 0x1 [0248.617] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0248.617] GetFileType (hFile=0x1f4) returned 0x1 [0248.617] WriteFile (in: hFile=0x1f4, lpBuffer=0x2658f98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2658f98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0248.618] WriteFile (in: hFile=0x1f4, lpBuffer=0x2658f98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2658f98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0248.619] WriteFile (in: hFile=0x1f4, lpBuffer=0x2658f98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2658f98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0248.619] WriteFile (in: hFile=0x1f4, lpBuffer=0x2658f98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2658f98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0248.620] WriteFile (in: hFile=0x1f4, lpBuffer=0x2658f98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2658f98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0248.620] WriteFile (in: hFile=0x1f4, lpBuffer=0x2658f98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2658f98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0248.620] WriteFile (in: hFile=0x1f4, lpBuffer=0x2658f98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2658f98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0248.621] WriteFile (in: hFile=0x1f4, lpBuffer=0x2658f98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2658f98*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0248.621] WriteFile (in: hFile=0x1f4, lpBuffer=0x2658f98*, nNumberOfBytesToWrite=0x6f4, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2658f98*, lpNumberOfBytesWritten=0x14ec28*=0x6f4, lpOverlapped=0x0) returned 1 [0248.621] CloseHandle (hObject=0x1f4) returned 1 [0248.623] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3", lpFilePart=0x0) returned 0x3a [0248.623] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3.ampkcz", lpFilePart=0x0) returned 0x41 [0248.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0248.624] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\zypscwxr.mp3"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x580d83a0, ftCreationTime.dwHighDateTime=0x1d82248, ftLastAccessTime.dwLowDateTime=0xbb953290, ftLastAccessTime.dwHighDateTime=0x1d8274a, ftLastWriteTime.dwLowDateTime=0x829797ec, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x86f4)) returned 1 [0248.624] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0248.624] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\zypscwxr.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\zYpsCwXr.mp3.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\zypscwxr.mp3.ampkcz")) returned 1 [0248.625] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0248.625] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF", lpFilePart=0x0) returned 0x2d [0248.625] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\", lpFilePart=0x0) returned 0x2e [0248.625] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa1a830b0, ftCreationTime.dwHighDateTime=0x1d82779, ftLastAccessTime.dwLowDateTime=0x8297ac68, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8297ac68, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0248.625] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa1a830b0, ftCreationTime.dwHighDateTime=0x1d82779, ftLastAccessTime.dwLowDateTime=0x8297ac68, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8297ac68, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0248.702] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x57e76530, ftCreationTime.dwHighDateTime=0x1d82491, ftLastAccessTime.dwLowDateTime=0x41a80680, ftLastAccessTime.dwHighDateTime=0x1d82838, ftLastWriteTime.dwLowDateTime=0x815907aa, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1bcf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="-bPFpYE7NNG.mp3.ampkcz", cAlternateFileName="-BPFPY~1.AMP")) returned 1 [0248.702] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc10b4830, ftCreationTime.dwHighDateTime=0x1d82197, ftLastAccessTime.dwLowDateTime=0x670155e0, ftLastAccessTime.dwHighDateTime=0x1d829e5, ftLastWriteTime.dwLowDateTime=0x8191e893, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xe320, dwReserved0=0x0, dwReserved1=0x0, cFileName="2-4oAy.wav.ampkcz", cAlternateFileName="2-4OAY~1.AMP")) returned 1 [0248.702] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce6c99a0, ftCreationTime.dwHighDateTime=0x1d8282e, ftLastAccessTime.dwLowDateTime=0xbb94cf80, ftLastAccessTime.dwHighDateTime=0x1d829de, ftLastWriteTime.dwLowDateTime=0x81ca3c2e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1c574, dwReserved0=0x0, dwReserved1=0x0, cFileName="F_HBQss5eXPO.wav.ampkcz", cAlternateFileName="F_HBQS~1.AMP")) returned 1 [0248.702] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x44216ed0, ftCreationTime.dwHighDateTime=0x1d81aee, ftLastAccessTime.dwLowDateTime=0xd046d1d0, ftLastAccessTime.dwHighDateTime=0x1d81cff, ftLastWriteTime.dwLowDateTime=0x820f5080, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1348, dwReserved0=0x0, dwReserved1=0x0, cFileName="n-T6ZmGrj.mp3.ampkcz", cAlternateFileName="N-T6ZM~1.AMP")) returned 1 [0248.702] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x815959af, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x815959af, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8159bc5c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0248.703] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8edabaa0, ftCreationTime.dwHighDateTime=0x1d824a6, ftLastAccessTime.dwLowDateTime=0x55444f90, ftLastAccessTime.dwHighDateTime=0x1d828ed, ftLastWriteTime.dwLowDateTime=0x55444f90, ftLastWriteTime.dwHighDateTime=0x1d828ed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UNAp", cAlternateFileName="")) returned 1 [0248.703] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x279bd480, ftCreationTime.dwHighDateTime=0x1d81c8d, ftLastAccessTime.dwLowDateTime=0x9d1591f0, ftLastAccessTime.dwHighDateTime=0x1d81df1, ftLastWriteTime.dwLowDateTime=0x8242d944, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2a48, dwReserved0=0x0, dwReserved1=0x0, cFileName="xwgJHHknNHt.wav.ampkcz", cAlternateFileName="XWGJHH~1.AMP")) returned 1 [0248.703] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x580d83a0, ftCreationTime.dwHighDateTime=0x1d82248, ftLastAccessTime.dwLowDateTime=0xbb953290, ftLastAccessTime.dwHighDateTime=0x1d8274a, ftLastWriteTime.dwLowDateTime=0x829797ec, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x86f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="zYpsCwXr.mp3.ampkcz", cAlternateFileName="ZYPSCW~1.AMP")) returned 1 [0248.703] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x580d83a0, ftCreationTime.dwHighDateTime=0x1d82248, ftLastAccessTime.dwLowDateTime=0xbb953290, ftLastAccessTime.dwHighDateTime=0x1d8274a, ftLastWriteTime.dwLowDateTime=0x829797ec, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x86f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="zYpsCwXr.mp3.ampkcz", cAlternateFileName="ZYPSCW~1.AMP")) returned 0 [0248.703] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0248.704] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0248.704] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0248.704] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0248.704] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp", lpFilePart=0x0) returned 0x32 [0248.704] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\", lpFilePart=0x0) returned 0x33 [0248.704] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8edabaa0, ftCreationTime.dwHighDateTime=0x1d824a6, ftLastAccessTime.dwLowDateTime=0x55444f90, ftLastAccessTime.dwHighDateTime=0x1d828ed, ftLastWriteTime.dwLowDateTime=0x55444f90, ftLastWriteTime.dwHighDateTime=0x1d828ed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0248.704] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8edabaa0, ftCreationTime.dwHighDateTime=0x1d824a6, ftLastAccessTime.dwLowDateTime=0x55444f90, ftLastAccessTime.dwHighDateTime=0x1d828ed, ftLastWriteTime.dwLowDateTime=0x55444f90, ftLastWriteTime.dwHighDateTime=0x1d828ed, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0248.705] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x864c9170, ftCreationTime.dwHighDateTime=0x1d81f96, ftLastAccessTime.dwLowDateTime=0x578d0440, ftLastAccessTime.dwHighDateTime=0x1d82933, ftLastWriteTime.dwLowDateTime=0x578d0440, ftLastWriteTime.dwHighDateTime=0x1d82933, nFileSizeHigh=0x0, nFileSizeLow=0x531e, dwReserved0=0x0, dwReserved1=0x0, cFileName="jrfw6e3GRqirvfE.m4a", cAlternateFileName="JRFW6E~1.M4A")) returned 1 [0248.705] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf3f38a0, ftCreationTime.dwHighDateTime=0x1d819bf, ftLastAccessTime.dwLowDateTime=0x1028430, ftLastAccessTime.dwHighDateTime=0x1d820f8, ftLastWriteTime.dwLowDateTime=0x1028430, ftLastWriteTime.dwHighDateTime=0x1d820f8, nFileSizeHigh=0x0, nFileSizeLow=0x6788, dwReserved0=0x0, dwReserved1=0x0, cFileName="kfN0VgL0QFAP6me.wav", cAlternateFileName="KFN0VG~1.WAV")) returned 1 [0248.705] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x717f83f0, ftCreationTime.dwHighDateTime=0x1d8222b, ftLastAccessTime.dwLowDateTime=0xb74ec7d0, ftLastAccessTime.dwHighDateTime=0x1d82440, ftLastWriteTime.dwLowDateTime=0xb74ec7d0, ftLastWriteTime.dwHighDateTime=0x1d82440, nFileSizeHigh=0x0, nFileSizeLow=0x1790f, dwReserved0=0x0, dwReserved1=0x0, cFileName="npCD_2J.m4a", cAlternateFileName="")) returned 1 [0248.705] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef8a5100, ftCreationTime.dwHighDateTime=0x1d8258f, ftLastAccessTime.dwLowDateTime=0xc52e3280, ftLastAccessTime.dwHighDateTime=0x1d8276c, ftLastWriteTime.dwLowDateTime=0xc52e3280, ftLastWriteTime.dwHighDateTime=0x1d8276c, nFileSizeHigh=0x0, nFileSizeLow=0x5a7c, dwReserved0=0x0, dwReserved1=0x0, cFileName="P3XQ19MEARLfG5.wav", cAlternateFileName="P3XQ19~1.WAV")) returned 1 [0248.705] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e38fdd0, ftCreationTime.dwHighDateTime=0x1d81a5d, ftLastAccessTime.dwLowDateTime=0x553063a0, ftLastAccessTime.dwHighDateTime=0x1d822b1, ftLastWriteTime.dwLowDateTime=0x553063a0, ftLastWriteTime.dwHighDateTime=0x1d822b1, nFileSizeHigh=0x0, nFileSizeLow=0xe2bb, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vn2TepDZY.mp3", cAlternateFileName="VN2TEP~1.MP3")) returned 1 [0248.705] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f531260, ftCreationTime.dwHighDateTime=0x1d8288c, ftLastAccessTime.dwLowDateTime=0x3b3050a0, ftLastAccessTime.dwHighDateTime=0x1d8290f, ftLastWriteTime.dwLowDateTime=0x3b3050a0, ftLastWriteTime.dwHighDateTime=0x1d8290f, nFileSizeHigh=0x0, nFileSizeLow=0x4b91, dwReserved0=0x0, dwReserved1=0x0, cFileName="VqUq_BQSaHu-.mp3", cAlternateFileName="VQUQ_B~1.MP3")) returned 1 [0248.705] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0248.706] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0248.706] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0248.706] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0248.707] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a", lpFilePart=0x0) returned 0x46 [0248.708] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a", lpFilePart=0x0) returned 0x46 [0248.708] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a", dwFileAttributes=0x80) returned 1 [0248.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0248.708] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\jrfw6e3grqirvfe.m4a"), fInfoLevelId=0x0, lpFileInformation=0x265e1c8 | out: lpFileInformation=0x265e1c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x864c9170, ftCreationTime.dwHighDateTime=0x1d81f96, ftLastAccessTime.dwLowDateTime=0x578d0440, ftLastAccessTime.dwHighDateTime=0x1d82933, ftLastWriteTime.dwLowDateTime=0x578d0440, ftLastWriteTime.dwHighDateTime=0x1d82933, nFileSizeHigh=0x0, nFileSizeLow=0x531e)) returned 1 [0248.708] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0248.708] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a", lpFilePart=0x0) returned 0x46 [0248.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0248.708] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\jrfw6e3grqirvfe.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0248.709] GetFileType (hFile=0x1f4) returned 0x1 [0248.709] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0248.709] GetFileType (hFile=0x1f4) returned 0x1 [0248.709] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x531e [0248.709] ReadFile (in: hFile=0x1f4, lpBuffer=0x265e6d0, nNumberOfBytesToRead=0x531e, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x265e6d0*, lpNumberOfBytesRead=0x14ecf8*=0x531e, lpOverlapped=0x0) returned 1 [0248.710] CloseHandle (hObject=0x1f4) returned 1 [0249.054] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a", lpFilePart=0x0) returned 0x46 [0249.054] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0249.054] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\jrfw6e3grqirvfe.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0249.056] GetFileType (hFile=0x1f4) returned 0x1 [0249.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0249.056] GetFileType (hFile=0x1f4) returned 0x1 [0249.056] WriteFile (in: hFile=0x1f4, lpBuffer=0x2712b68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2712b68*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0249.058] WriteFile (in: hFile=0x1f4, lpBuffer=0x2712b68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2712b68*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0249.058] WriteFile (in: hFile=0x1f4, lpBuffer=0x2712b68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2712b68*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0249.059] WriteFile (in: hFile=0x1f4, lpBuffer=0x2712b68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2712b68*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0249.059] WriteFile (in: hFile=0x1f4, lpBuffer=0x2712b68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2712b68*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0249.060] WriteFile (in: hFile=0x1f4, lpBuffer=0x2712b68*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2712b68*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0249.062] WriteFile (in: hFile=0x1f4, lpBuffer=0x2712b68*, nNumberOfBytesToWrite=0xfa0, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x2712b68*, lpNumberOfBytesWritten=0x14ebb8*=0xfa0, lpOverlapped=0x0) returned 1 [0249.062] CloseHandle (hObject=0x1f4) returned 1 [0249.065] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a", lpFilePart=0x0) returned 0x46 [0249.065] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a.ampkcz", lpFilePart=0x0) returned 0x4d [0249.065] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0249.065] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\jrfw6e3grqirvfe.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x864c9170, ftCreationTime.dwHighDateTime=0x1d81f96, ftLastAccessTime.dwLowDateTime=0x578d0440, ftLastAccessTime.dwHighDateTime=0x1d82933, ftLastWriteTime.dwLowDateTime=0x82daec6b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6fa0)) returned 1 [0249.066] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0249.066] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\jrfw6e3grqirvfe.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\jrfw6e3GRqirvfE.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\jrfw6e3grqirvfe.m4a.ampkcz")) returned 1 [0249.067] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\readme.txt", lpFilePart=0x0) returned 0x3d [0249.067] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0249.067] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0249.067] GetFileType (hFile=0x1f4) returned 0x1 [0249.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0249.067] GetFileType (hFile=0x1f4) returned 0x1 [0249.068] WriteFile (in: hFile=0x1f4, lpBuffer=0x2715e38*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ec68, lpOverlapped=0x0 | out: lpBuffer=0x2715e38*, lpNumberOfBytesWritten=0x14ec68*=0x6c6, lpOverlapped=0x0) returned 1 [0249.070] CloseHandle (hObject=0x1f4) returned 1 [0249.073] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav", lpFilePart=0x0) returned 0x46 [0249.073] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav", lpFilePart=0x0) returned 0x46 [0249.073] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav", dwFileAttributes=0x80) returned 1 [0249.074] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0249.074] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\kfn0vgl0qfap6me.wav"), fInfoLevelId=0x0, lpFileInformation=0x2718688 | out: lpFileInformation=0x2718688*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xdf3f38a0, ftCreationTime.dwHighDateTime=0x1d819bf, ftLastAccessTime.dwLowDateTime=0x1028430, ftLastAccessTime.dwHighDateTime=0x1d820f8, ftLastWriteTime.dwLowDateTime=0x1028430, ftLastWriteTime.dwHighDateTime=0x1d820f8, nFileSizeHigh=0x0, nFileSizeLow=0x6788)) returned 1 [0249.074] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0249.074] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav", lpFilePart=0x0) returned 0x46 [0249.074] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0249.074] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\kfn0vgl0qfap6me.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0249.077] GetFileType (hFile=0x1f4) returned 0x1 [0249.077] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0249.077] GetFileType (hFile=0x1f4) returned 0x1 [0249.077] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x6788 [0249.077] ReadFile (in: hFile=0x1f4, lpBuffer=0x2718b90, nNumberOfBytesToRead=0x6788, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x2718b90*, lpNumberOfBytesRead=0x14ecf8*=0x6788, lpOverlapped=0x0) returned 1 [0249.078] CloseHandle (hObject=0x1f4) returned 1 [0249.538] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav", lpFilePart=0x0) returned 0x46 [0249.538] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0249.538] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\kfn0vgl0qfap6me.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0249.539] GetFileType (hFile=0x1f4) returned 0x1 [0249.539] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0249.540] GetFileType (hFile=0x1f4) returned 0x1 [0249.540] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e6948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25e6948*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0249.541] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e6948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25e6948*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0249.541] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e6948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25e6948*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0249.542] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e6948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25e6948*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0249.542] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e6948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25e6948*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0249.542] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e6948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25e6948*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0249.543] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e6948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25e6948*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0249.543] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e6948*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25e6948*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0249.543] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e6948*, nNumberOfBytesToWrite=0xae0, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x25e6948*, lpNumberOfBytesWritten=0x14ebb8*=0xae0, lpOverlapped=0x0) returned 1 [0249.544] CloseHandle (hObject=0x1f4) returned 1 [0249.546] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav", lpFilePart=0x0) returned 0x46 [0249.546] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav.ampkcz", lpFilePart=0x0) returned 0x4d [0249.546] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0249.546] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\kfn0vgl0qfap6me.wav"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf3f38a0, ftCreationTime.dwHighDateTime=0x1d819bf, ftLastAccessTime.dwLowDateTime=0x1028430, ftLastAccessTime.dwHighDateTime=0x1d820f8, ftLastWriteTime.dwLowDateTime=0x83245260, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8ae0)) returned 1 [0249.546] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0249.546] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\kfn0vgl0qfap6me.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\kfN0VgL0QFAP6me.wav.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\kfn0vgl0qfap6me.wav.ampkcz")) returned 1 [0249.549] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a", lpFilePart=0x0) returned 0x3e [0249.549] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a", lpFilePart=0x0) returned 0x3e [0249.549] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a", dwFileAttributes=0x80) returned 1 [0249.549] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0249.549] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\npcd_2j.m4a"), fInfoLevelId=0x0, lpFileInformation=0x25e88f0 | out: lpFileInformation=0x25e88f0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x717f83f0, ftCreationTime.dwHighDateTime=0x1d8222b, ftLastAccessTime.dwLowDateTime=0xb74ec7d0, ftLastAccessTime.dwHighDateTime=0x1d82440, ftLastWriteTime.dwLowDateTime=0xb74ec7d0, ftLastWriteTime.dwHighDateTime=0x1d82440, nFileSizeHigh=0x0, nFileSizeLow=0x1790f)) returned 1 [0249.549] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0249.549] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a", lpFilePart=0x0) returned 0x3e [0249.549] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0249.549] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\npcd_2j.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0249.550] GetFileType (hFile=0x1f4) returned 0x1 [0249.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0249.550] GetFileType (hFile=0x1f4) returned 0x1 [0249.550] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x1790f [0249.550] ReadFile (in: hFile=0x1f4, lpBuffer=0x12781be8, nNumberOfBytesToRead=0x1790f, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x12781be8*, lpNumberOfBytesRead=0x14ecf8*=0x1790f, lpOverlapped=0x0) returned 1 [0249.553] CloseHandle (hObject=0x1f4) returned 1 [0250.053] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a", lpFilePart=0x0) returned 0x3e [0250.053] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0250.053] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\npcd_2j.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0250.054] GetFileType (hFile=0x1f4) returned 0x1 [0250.054] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0250.055] GetFileType (hFile=0x1f4) returned 0x1 [0250.055] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.056] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.057] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.057] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.057] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.058] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.058] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.058] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.059] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.059] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.059] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.060] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.060] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.060] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.061] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.061] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.061] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.062] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.062] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.062] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.063] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.063] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.064] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.064] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.066] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.067] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.067] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.067] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.068] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.068] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.068] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.069] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521de0*, nNumberOfBytesToWrite=0x788, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x2521de0*, lpNumberOfBytesWritten=0x14ebb8*=0x788, lpOverlapped=0x0) returned 1 [0250.069] CloseHandle (hObject=0x1f4) returned 1 [0250.073] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a", lpFilePart=0x0) returned 0x3e [0250.073] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a.ampkcz", lpFilePart=0x0) returned 0x45 [0250.073] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0250.073] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\npcd_2j.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x717f83f0, ftCreationTime.dwHighDateTime=0x1d8222b, ftLastAccessTime.dwLowDateTime=0xb74ec7d0, ftLastAccessTime.dwHighDateTime=0x1d82440, ftLastWriteTime.dwLowDateTime=0x8374c871, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1f788)) returned 1 [0250.073] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0250.073] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\npcd_2j.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\npCD_2J.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\npcd_2j.m4a.ampkcz")) returned 1 [0250.077] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav", lpFilePart=0x0) returned 0x45 [0250.077] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav", lpFilePart=0x0) returned 0x45 [0250.077] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav", dwFileAttributes=0x80) returned 1 [0250.077] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0250.077] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\p3xq19mearlfg5.wav"), fInfoLevelId=0x0, lpFileInformation=0x25240b0 | out: lpFileInformation=0x25240b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xef8a5100, ftCreationTime.dwHighDateTime=0x1d8258f, ftLastAccessTime.dwLowDateTime=0xc52e3280, ftLastAccessTime.dwHighDateTime=0x1d8276c, ftLastWriteTime.dwLowDateTime=0xc52e3280, ftLastWriteTime.dwHighDateTime=0x1d8276c, nFileSizeHigh=0x0, nFileSizeLow=0x5a7c)) returned 1 [0250.077] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0250.077] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav", lpFilePart=0x0) returned 0x45 [0250.077] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0250.077] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\p3xq19mearlfg5.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0250.077] GetFileType (hFile=0x1f4) returned 0x1 [0250.078] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0250.078] GetFileType (hFile=0x1f4) returned 0x1 [0250.078] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x5a7c [0250.078] ReadFile (in: hFile=0x1f4, lpBuffer=0x25245b8, nNumberOfBytesToRead=0x5a7c, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x25245b8*, lpNumberOfBytesRead=0x14ecf8*=0x5a7c, lpOverlapped=0x0) returned 1 [0250.079] CloseHandle (hObject=0x1f4) returned 1 [0250.402] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav", lpFilePart=0x0) returned 0x45 [0250.402] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0250.402] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\p3xq19mearlfg5.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0250.404] GetFileType (hFile=0x1f4) returned 0x1 [0250.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0250.404] GetFileType (hFile=0x1f4) returned 0x1 [0250.404] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ddde0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25ddde0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.405] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ddde0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25ddde0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.406] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ddde0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25ddde0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.406] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ddde0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25ddde0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.407] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ddde0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25ddde0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.407] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ddde0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25ddde0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.408] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ddde0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25ddde0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.408] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ddde0*, nNumberOfBytesToWrite=0x974, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x25ddde0*, lpNumberOfBytesWritten=0x14ebb8*=0x974, lpOverlapped=0x0) returned 1 [0250.408] CloseHandle (hObject=0x1f4) returned 1 [0250.411] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav", lpFilePart=0x0) returned 0x45 [0250.411] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav.ampkcz", lpFilePart=0x0) returned 0x4c [0250.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0250.412] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\p3xq19mearlfg5.wav"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef8a5100, ftCreationTime.dwHighDateTime=0x1d8258f, ftLastAccessTime.dwLowDateTime=0xc52e3280, ftLastAccessTime.dwHighDateTime=0x1d8276c, ftLastWriteTime.dwLowDateTime=0x83a86ca3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x7974)) returned 1 [0250.412] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0250.412] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\p3xq19mearlfg5.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\P3XQ19MEARLfG5.wav.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\p3xq19mearlfg5.wav.ampkcz")) returned 1 [0250.416] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3", lpFilePart=0x0) returned 0x40 [0250.416] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3", lpFilePart=0x0) returned 0x40 [0250.416] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3", dwFileAttributes=0x80) returned 1 [0250.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0250.420] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\vn2tepdzy.mp3"), fInfoLevelId=0x0, lpFileInformation=0x25df660 | out: lpFileInformation=0x25df660*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8e38fdd0, ftCreationTime.dwHighDateTime=0x1d81a5d, ftLastAccessTime.dwLowDateTime=0x553063a0, ftLastAccessTime.dwHighDateTime=0x1d822b1, ftLastWriteTime.dwLowDateTime=0x553063a0, ftLastWriteTime.dwHighDateTime=0x1d822b1, nFileSizeHigh=0x0, nFileSizeLow=0xe2bb)) returned 1 [0250.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0250.421] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3", lpFilePart=0x0) returned 0x40 [0250.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0250.421] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\vn2tepdzy.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0250.422] GetFileType (hFile=0x1f4) returned 0x1 [0250.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0250.422] GetFileType (hFile=0x1f4) returned 0x1 [0250.422] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0xe2bb [0250.422] ReadFile (in: hFile=0x1f4, lpBuffer=0x25dfb40, nNumberOfBytesToRead=0xe2bb, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x25dfb40*, lpNumberOfBytesRead=0x14ecf8*=0xe2bb, lpOverlapped=0x0) returned 1 [0250.423] CloseHandle (hObject=0x1f4) returned 1 [0250.814] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3", lpFilePart=0x0) returned 0x40 [0250.814] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0250.814] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\vn2tepdzy.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0250.816] GetFileType (hFile=0x1f4) returned 0x1 [0250.816] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0250.816] GetFileType (hFile=0x1f4) returned 0x1 [0250.816] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.819] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.819] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.820] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.821] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.821] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.821] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.822] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.822] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.822] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.823] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.823] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.824] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.824] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.824] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.825] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.825] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.826] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0250.826] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ae0*, nNumberOfBytesToWrite=0xf20, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x2691ae0*, lpNumberOfBytesWritten=0x14ebb8*=0xf20, lpOverlapped=0x0) returned 1 [0250.826] CloseHandle (hObject=0x1f4) returned 1 [0250.829] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3", lpFilePart=0x0) returned 0x40 [0250.829] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3.ampkcz", lpFilePart=0x0) returned 0x47 [0250.830] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0250.830] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\vn2tepdzy.mp3"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e38fdd0, ftCreationTime.dwHighDateTime=0x1d81a5d, ftLastAccessTime.dwLowDateTime=0x553063a0, ftLastAccessTime.dwHighDateTime=0x1d822b1, ftLastWriteTime.dwLowDateTime=0x83e827d9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x12f20)) returned 1 [0250.830] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0250.830] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\vn2tepdzy.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\Vn2TepDZY.mp3.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\vn2tepdzy.mp3.ampkcz")) returned 1 [0250.832] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3", lpFilePart=0x0) returned 0x43 [0250.832] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3", lpFilePart=0x0) returned 0x43 [0250.832] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3", dwFileAttributes=0x80) returned 1 [0250.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0250.833] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\vquq_bqsahu-.mp3"), fInfoLevelId=0x0, lpFileInformation=0x2693340 | out: lpFileInformation=0x2693340*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1f531260, ftCreationTime.dwHighDateTime=0x1d8288c, ftLastAccessTime.dwLowDateTime=0x3b3050a0, ftLastAccessTime.dwHighDateTime=0x1d8290f, ftLastWriteTime.dwLowDateTime=0x3b3050a0, ftLastWriteTime.dwHighDateTime=0x1d8290f, nFileSizeHigh=0x0, nFileSizeLow=0x4b91)) returned 1 [0250.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0250.833] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3", lpFilePart=0x0) returned 0x43 [0250.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0250.833] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\vquq_bqsahu-.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0250.834] GetFileType (hFile=0x1f4) returned 0x1 [0250.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0250.834] GetFileType (hFile=0x1f4) returned 0x1 [0250.834] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x4b91 [0250.834] ReadFile (in: hFile=0x1f4, lpBuffer=0x2693830, nNumberOfBytesToRead=0x4b91, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x2693830*, lpNumberOfBytesRead=0x14ecf8*=0x4b91, lpOverlapped=0x0) returned 1 [0250.835] CloseHandle (hObject=0x1f4) returned 1 [0251.235] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3", lpFilePart=0x0) returned 0x43 [0251.235] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0251.235] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\vquq_bqsahu-.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0251.236] GetFileType (hFile=0x1f4) returned 0x1 [0251.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0251.236] GetFileType (hFile=0x1f4) returned 0x1 [0251.237] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x254b670*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0251.238] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x254b670*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0251.239] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x254b670*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0251.239] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x254b670*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0251.239] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x254b670*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0251.240] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b670*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x254b670*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0251.240] WriteFile (in: hFile=0x1f4, lpBuffer=0x254b670*, nNumberOfBytesToWrite=0x5a0, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x254b670*, lpNumberOfBytesWritten=0x14ebb8*=0x5a0, lpOverlapped=0x0) returned 1 [0251.240] CloseHandle (hObject=0x1f4) returned 1 [0251.243] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3", lpFilePart=0x0) returned 0x43 [0251.243] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3.ampkcz", lpFilePart=0x0) returned 0x4a [0251.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0251.243] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\vquq_bqsahu-.mp3"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f531260, ftCreationTime.dwHighDateTime=0x1d8288c, ftLastAccessTime.dwLowDateTime=0x3b3050a0, ftLastAccessTime.dwHighDateTime=0x1d8290f, ftLastWriteTime.dwLowDateTime=0x842742ad, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x65a0)) returned 1 [0251.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0251.243] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\vquq_bqsahu-.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\VqUq_BQSaHu-.mp3.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\l8lzvblxno5orj wf\\unap\\vquq_bqsahu-.mp3.ampkcz")) returned 1 [0251.245] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0251.245] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp", lpFilePart=0x0) returned 0x32 [0251.245] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\", lpFilePart=0x0) returned 0x33 [0251.245] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\l8lZVBLxnO5OrJ wF\\UNAp\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8edabaa0, ftCreationTime.dwHighDateTime=0x1d824a6, ftLastAccessTime.dwLowDateTime=0x84277c48, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x84277c48, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0251.246] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x8edabaa0, ftCreationTime.dwHighDateTime=0x1d824a6, ftLastAccessTime.dwLowDateTime=0x84277c48, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x84277c48, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0251.246] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x864c9170, ftCreationTime.dwHighDateTime=0x1d81f96, ftLastAccessTime.dwLowDateTime=0x578d0440, ftLastAccessTime.dwHighDateTime=0x1d82933, ftLastWriteTime.dwLowDateTime=0x82daec6b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6fa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jrfw6e3GRqirvfE.m4a.ampkcz", cAlternateFileName="JRFW6E~1.AMP")) returned 1 [0251.246] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdf3f38a0, ftCreationTime.dwHighDateTime=0x1d819bf, ftLastAccessTime.dwLowDateTime=0x1028430, ftLastAccessTime.dwHighDateTime=0x1d820f8, ftLastWriteTime.dwLowDateTime=0x83245260, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x8ae0, dwReserved0=0x0, dwReserved1=0x0, cFileName="kfN0VgL0QFAP6me.wav.ampkcz", cAlternateFileName="KFN0VG~1.AMP")) returned 1 [0251.246] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x717f83f0, ftCreationTime.dwHighDateTime=0x1d8222b, ftLastAccessTime.dwLowDateTime=0xb74ec7d0, ftLastAccessTime.dwHighDateTime=0x1d82440, ftLastWriteTime.dwLowDateTime=0x8374c871, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1f788, dwReserved0=0x0, dwReserved1=0x0, cFileName="npCD_2J.m4a.ampkcz", cAlternateFileName="NPCD_2~1.AMP")) returned 1 [0251.247] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xef8a5100, ftCreationTime.dwHighDateTime=0x1d8258f, ftLastAccessTime.dwLowDateTime=0xc52e3280, ftLastAccessTime.dwHighDateTime=0x1d8276c, ftLastWriteTime.dwLowDateTime=0x83a86ca3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x7974, dwReserved0=0x0, dwReserved1=0x0, cFileName="P3XQ19MEARLfG5.wav.ampkcz", cAlternateFileName="P3XQ19~1.AMP")) returned 1 [0251.247] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x82db44f3, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x82db44f3, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x82dbbace, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0251.247] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e38fdd0, ftCreationTime.dwHighDateTime=0x1d81a5d, ftLastAccessTime.dwLowDateTime=0x553063a0, ftLastAccessTime.dwHighDateTime=0x1d822b1, ftLastWriteTime.dwLowDateTime=0x83e827d9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x12f20, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vn2TepDZY.mp3.ampkcz", cAlternateFileName="VN2TEP~1.AMP")) returned 1 [0251.247] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f531260, ftCreationTime.dwHighDateTime=0x1d8288c, ftLastAccessTime.dwLowDateTime=0x3b3050a0, ftLastAccessTime.dwHighDateTime=0x1d8290f, ftLastWriteTime.dwLowDateTime=0x842742ad, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x65a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VqUq_BQSaHu-.mp3.ampkcz", cAlternateFileName="VQUQ_B~1.AMP")) returned 1 [0251.247] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f531260, ftCreationTime.dwHighDateTime=0x1d8288c, ftLastAccessTime.dwLowDateTime=0x3b3050a0, ftLastAccessTime.dwHighDateTime=0x1d8290f, ftLastWriteTime.dwLowDateTime=0x842742ad, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x65a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="VqUq_BQSaHu-.mp3.ampkcz", cAlternateFileName="VQUQ_B~1.AMP")) returned 0 [0251.247] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0251.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0251.248] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0251.248] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0251.248] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4", lpFilePart=0x0) returned 0x29 [0251.248] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\", lpFilePart=0x0) returned 0x2a [0251.248] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91817e40, ftCreationTime.dwHighDateTime=0x1d819fe, ftLastAccessTime.dwLowDateTime=0x4452abe0, ftLastAccessTime.dwHighDateTime=0x1d826be, ftLastWriteTime.dwLowDateTime=0x4452abe0, ftLastWriteTime.dwHighDateTime=0x1d826be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0251.248] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91817e40, ftCreationTime.dwHighDateTime=0x1d819fe, ftLastAccessTime.dwLowDateTime=0x4452abe0, ftLastAccessTime.dwHighDateTime=0x1d826be, ftLastWriteTime.dwLowDateTime=0x4452abe0, ftLastWriteTime.dwHighDateTime=0x1d826be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0251.248] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9f57b70, ftCreationTime.dwHighDateTime=0x1d81a96, ftLastAccessTime.dwLowDateTime=0xfbe17600, ftLastAccessTime.dwHighDateTime=0x1d825f2, ftLastWriteTime.dwLowDateTime=0xfbe17600, ftLastWriteTime.dwHighDateTime=0x1d825f2, nFileSizeHigh=0x0, nFileSizeLow=0x16612, dwReserved0=0x0, dwReserved1=0x0, cFileName="0mcrigWa.mp3", cAlternateFileName="")) returned 1 [0251.249] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc51bb10, ftCreationTime.dwHighDateTime=0x1d829fe, ftLastAccessTime.dwLowDateTime=0xca2d33c0, ftLastAccessTime.dwHighDateTime=0x1d82a06, ftLastWriteTime.dwLowDateTime=0xca2d33c0, ftLastWriteTime.dwHighDateTime=0x1d82a06, nFileSizeHigh=0x0, nFileSizeLow=0x42c7, dwReserved0=0x0, dwReserved1=0x0, cFileName="1vKyl.wav", cAlternateFileName="")) returned 1 [0251.249] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7b5e030, ftCreationTime.dwHighDateTime=0x1d823c7, ftLastAccessTime.dwLowDateTime=0xbb324950, ftLastAccessTime.dwHighDateTime=0x1d8249d, ftLastWriteTime.dwLowDateTime=0xbb324950, ftLastWriteTime.dwHighDateTime=0x1d8249d, nFileSizeHigh=0x0, nFileSizeLow=0x17ec0, dwReserved0=0x0, dwReserved1=0x0, cFileName="I-cduw.wav", cAlternateFileName="")) returned 1 [0251.249] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc30e8240, ftCreationTime.dwHighDateTime=0x1d81fd6, ftLastAccessTime.dwLowDateTime=0x129f0540, ftLastAccessTime.dwHighDateTime=0x1d823d4, ftLastWriteTime.dwLowDateTime=0x129f0540, ftLastWriteTime.dwHighDateTime=0x1d823d4, nFileSizeHigh=0x0, nFileSizeLow=0x1389d, dwReserved0=0x0, dwReserved1=0x0, cFileName="lhvTMaU.mp3", cAlternateFileName="")) returned 1 [0251.249] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0251.249] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0251.249] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0251.249] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0251.250] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3", lpFilePart=0x0) returned 0x36 [0251.250] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3", lpFilePart=0x0) returned 0x36 [0251.250] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3", dwFileAttributes=0x80) returned 1 [0251.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0251.251] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\0mcrigwa.mp3"), fInfoLevelId=0x0, lpFileInformation=0x254f9b8 | out: lpFileInformation=0x254f9b8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd9f57b70, ftCreationTime.dwHighDateTime=0x1d81a96, ftLastAccessTime.dwLowDateTime=0xfbe17600, ftLastAccessTime.dwHighDateTime=0x1d825f2, ftLastWriteTime.dwLowDateTime=0xfbe17600, ftLastWriteTime.dwHighDateTime=0x1d825f2, nFileSizeHigh=0x0, nFileSizeLow=0x16612)) returned 1 [0251.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0251.251] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3", lpFilePart=0x0) returned 0x36 [0251.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0251.251] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\0mcrigwa.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0251.251] GetFileType (hFile=0x1f4) returned 0x1 [0251.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0251.251] GetFileType (hFile=0x1f4) returned 0x1 [0251.251] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x16612 [0251.251] ReadFile (in: hFile=0x1f4, lpBuffer=0x125d1240, nNumberOfBytesToRead=0x16612, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x125d1240*, lpNumberOfBytesRead=0x14ed68*=0x16612, lpOverlapped=0x0) returned 1 [0251.253] CloseHandle (hObject=0x1f4) returned 1 [0251.595] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3", lpFilePart=0x0) returned 0x36 [0251.595] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0251.595] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\0mcrigwa.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0251.597] GetFileType (hFile=0x1f4) returned 0x1 [0251.597] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0251.597] GetFileType (hFile=0x1f4) returned 0x1 [0251.597] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.598] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.599] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.599] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.600] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.600] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.600] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.601] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.601] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.601] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.602] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.602] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.602] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.603] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.603] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.604] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.604] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.604] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.605] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.605] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.605] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.606] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.606] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.607] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.607] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.607] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.608] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.608] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.608] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.609] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c92a0*, nNumberOfBytesToWrite=0xe48, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25c92a0*, lpNumberOfBytesWritten=0x14ec28*=0xe48, lpOverlapped=0x0) returned 1 [0251.609] CloseHandle (hObject=0x1f4) returned 1 [0251.613] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3", lpFilePart=0x0) returned 0x36 [0251.613] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3.ampkcz", lpFilePart=0x0) returned 0x3d [0251.613] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0251.613] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\0mcrigwa.mp3"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9f57b70, ftCreationTime.dwHighDateTime=0x1d81a96, ftLastAccessTime.dwLowDateTime=0xfbe17600, ftLastAccessTime.dwHighDateTime=0x1d825f2, ftLastWriteTime.dwLowDateTime=0x845fb98b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1de48)) returned 1 [0251.613] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0251.613] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\0mcrigwa.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\0mcrigWa.mp3.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\0mcrigwa.mp3.ampkcz")) returned 1 [0251.623] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\readme.txt", lpFilePart=0x0) returned 0x34 [0251.623] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0251.623] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0251.624] GetFileType (hFile=0x1f4) returned 0x1 [0251.624] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0251.624] GetFileType (hFile=0x1f4) returned 0x1 [0251.625] WriteFile (in: hFile=0x1f4, lpBuffer=0x25cc4f0*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x25cc4f0*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0251.626] CloseHandle (hObject=0x1f4) returned 1 [0251.630] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav", lpFilePart=0x0) returned 0x33 [0251.630] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav", lpFilePart=0x0) returned 0x33 [0251.631] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav", dwFileAttributes=0x80) returned 1 [0251.631] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0251.631] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\1vkyl.wav"), fInfoLevelId=0x0, lpFileInformation=0x25ced30 | out: lpFileInformation=0x25ced30*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xcc51bb10, ftCreationTime.dwHighDateTime=0x1d829fe, ftLastAccessTime.dwLowDateTime=0xca2d33c0, ftLastAccessTime.dwHighDateTime=0x1d82a06, ftLastWriteTime.dwLowDateTime=0xca2d33c0, ftLastWriteTime.dwHighDateTime=0x1d82a06, nFileSizeHigh=0x0, nFileSizeLow=0x42c7)) returned 1 [0251.631] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0251.631] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav", lpFilePart=0x0) returned 0x33 [0251.632] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0251.632] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\1vkyl.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0251.632] GetFileType (hFile=0x1f4) returned 0x1 [0251.632] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0251.632] GetFileType (hFile=0x1f4) returned 0x1 [0251.632] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x42c7 [0251.632] ReadFile (in: hFile=0x1f4, lpBuffer=0x25cf1a0, nNumberOfBytesToRead=0x42c7, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25cf1a0*, lpNumberOfBytesRead=0x14ed68*=0x42c7, lpOverlapped=0x0) returned 1 [0251.633] CloseHandle (hObject=0x1f4) returned 1 [0251.986] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav", lpFilePart=0x0) returned 0x33 [0251.986] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0251.986] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\1vkyl.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0251.987] GetFileType (hFile=0x1f4) returned 0x1 [0251.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0251.988] GetFileType (hFile=0x1f4) returned 0x1 [0251.988] WriteFile (in: hFile=0x1f4, lpBuffer=0x2677d20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2677d20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.989] WriteFile (in: hFile=0x1f4, lpBuffer=0x2677d20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2677d20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.989] WriteFile (in: hFile=0x1f4, lpBuffer=0x2677d20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2677d20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.990] WriteFile (in: hFile=0x1f4, lpBuffer=0x2677d20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2677d20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.990] WriteFile (in: hFile=0x1f4, lpBuffer=0x2677d20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2677d20*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0251.990] WriteFile (in: hFile=0x1f4, lpBuffer=0x2677d20*, nNumberOfBytesToWrite=0x9e0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2677d20*, lpNumberOfBytesWritten=0x14ec28*=0x9e0, lpOverlapped=0x0) returned 1 [0251.991] CloseHandle (hObject=0x1f4) returned 1 [0251.993] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav", lpFilePart=0x0) returned 0x33 [0251.993] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav.ampkcz", lpFilePart=0x0) returned 0x3a [0251.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0251.993] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\1vkyl.wav"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc51bb10, ftCreationTime.dwHighDateTime=0x1d829fe, ftLastAccessTime.dwLowDateTime=0xca2d33c0, ftLastAccessTime.dwHighDateTime=0x1d82a06, ftLastWriteTime.dwLowDateTime=0x8499b8ba, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x59e0)) returned 1 [0251.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0251.993] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\1vkyl.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\1vKyl.wav.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\1vkyl.wav.ampkcz")) returned 1 [0251.996] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav", lpFilePart=0x0) returned 0x34 [0251.996] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav", lpFilePart=0x0) returned 0x34 [0251.996] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav", dwFileAttributes=0x80) returned 1 [0251.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0251.997] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\i-cduw.wav"), fInfoLevelId=0x0, lpFileInformation=0x2679f98 | out: lpFileInformation=0x2679f98*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xe7b5e030, ftCreationTime.dwHighDateTime=0x1d823c7, ftLastAccessTime.dwLowDateTime=0xbb324950, ftLastAccessTime.dwHighDateTime=0x1d8249d, ftLastWriteTime.dwLowDateTime=0xbb324950, ftLastWriteTime.dwHighDateTime=0x1d8249d, nFileSizeHigh=0x0, nFileSizeLow=0x17ec0)) returned 1 [0251.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0251.997] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav", lpFilePart=0x0) returned 0x34 [0251.997] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0251.997] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\i-cduw.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0251.997] GetFileType (hFile=0x1f4) returned 0x1 [0251.997] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0251.997] GetFileType (hFile=0x1f4) returned 0x1 [0251.998] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x17ec0 [0251.998] ReadFile (in: hFile=0x1f4, lpBuffer=0x126cefe0, nNumberOfBytesToRead=0x17ec0, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x126cefe0*, lpNumberOfBytesRead=0x14ed68*=0x17ec0, lpOverlapped=0x0) returned 1 [0251.999] CloseHandle (hObject=0x1f4) returned 1 [0252.369] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav", lpFilePart=0x0) returned 0x34 [0252.369] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0252.369] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\i-cduw.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0252.372] GetFileType (hFile=0x1f4) returned 0x1 [0252.372] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0252.372] GetFileType (hFile=0x1f4) returned 0x1 [0252.373] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.374] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.375] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.375] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.375] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.376] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.376] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.376] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.377] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.377] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.377] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.378] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.378] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.379] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.379] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.379] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.380] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.380] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.380] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.381] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.381] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.381] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.382] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.382] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.383] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.383] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.383] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.384] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.384] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.384] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.385] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.385] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f3868*, nNumberOfBytesToWrite=0xf34, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x26f3868*, lpNumberOfBytesWritten=0x14ec28*=0xf34, lpOverlapped=0x0) returned 1 [0252.385] CloseHandle (hObject=0x1f4) returned 1 [0252.389] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav", lpFilePart=0x0) returned 0x34 [0252.390] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav.ampkcz", lpFilePart=0x0) returned 0x3b [0252.390] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0252.390] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\i-cduw.wav"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7b5e030, ftCreationTime.dwHighDateTime=0x1d823c7, ftLastAccessTime.dwLowDateTime=0xbb324950, ftLastAccessTime.dwHighDateTime=0x1d8249d, ftLastWriteTime.dwLowDateTime=0x84d6413c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1ff34)) returned 1 [0252.390] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0252.390] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\i-cduw.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\I-cduw.wav.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\i-cduw.wav.ampkcz")) returned 1 [0252.392] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3", lpFilePart=0x0) returned 0x35 [0252.392] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3", lpFilePart=0x0) returned 0x35 [0252.392] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3", dwFileAttributes=0x80) returned 1 [0252.392] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0252.392] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\lhvtmau.mp3"), fInfoLevelId=0x0, lpFileInformation=0x26f5070 | out: lpFileInformation=0x26f5070*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc30e8240, ftCreationTime.dwHighDateTime=0x1d81fd6, ftLastAccessTime.dwLowDateTime=0x129f0540, ftLastAccessTime.dwHighDateTime=0x1d823d4, ftLastWriteTime.dwLowDateTime=0x129f0540, ftLastWriteTime.dwHighDateTime=0x1d823d4, nFileSizeHigh=0x0, nFileSizeLow=0x1389d)) returned 1 [0252.393] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0252.393] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3", lpFilePart=0x0) returned 0x35 [0252.393] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0252.393] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\lhvtmau.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0252.393] GetFileType (hFile=0x1f4) returned 0x1 [0252.393] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0252.393] GetFileType (hFile=0x1f4) returned 0x1 [0252.393] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x1389d [0252.393] ReadFile (in: hFile=0x1f4, lpBuffer=0x26f54f8, nNumberOfBytesToRead=0x1389d, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x26f54f8*, lpNumberOfBytesRead=0x14ed68*=0x1389d, lpOverlapped=0x0) returned 1 [0252.395] CloseHandle (hObject=0x1f4) returned 1 [0252.831] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3", lpFilePart=0x0) returned 0x35 [0252.831] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0252.831] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\lhvtmau.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0252.832] GetFileType (hFile=0x1f4) returned 0x1 [0252.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0252.832] GetFileType (hFile=0x1f4) returned 0x1 [0252.833] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.834] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.834] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.834] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.835] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.835] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.837] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.837] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.838] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.838] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.838] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.839] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.839] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.840] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.840] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.840] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.841] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.841] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.841] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.842] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.842] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.843] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.843] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.843] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.844] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0252.844] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0252.844] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a90*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2521a90*, lpNumberOfBytesWritten=0x14ec28*=0x1a0, lpOverlapped=0x0) returned 1 [0252.844] CloseHandle (hObject=0x1f4) returned 1 [0252.849] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3", lpFilePart=0x0) returned 0x35 [0252.849] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3.ampkcz", lpFilePart=0x0) returned 0x3c [0252.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0252.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\lhvtmau.mp3"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc30e8240, ftCreationTime.dwHighDateTime=0x1d81fd6, ftLastAccessTime.dwLowDateTime=0x129f0540, ftLastAccessTime.dwHighDateTime=0x1d823d4, ftLastWriteTime.dwLowDateTime=0x851c4cd4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a1a0)) returned 1 [0252.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0252.849] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\lhvtmau.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\lhvTMaU.mp3.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\music\\roju8omda5zu4\\lhvtmau.mp3.ampkcz")) returned 1 [0252.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0252.850] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4", lpFilePart=0x0) returned 0x29 [0252.850] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\", lpFilePart=0x0) returned 0x2a [0252.850] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Music\\rOJu8omDa5zU4\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91817e40, ftCreationTime.dwHighDateTime=0x1d819fe, ftLastAccessTime.dwLowDateTime=0x851c6f56, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x851c6f56, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0252.851] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x91817e40, ftCreationTime.dwHighDateTime=0x1d819fe, ftLastAccessTime.dwLowDateTime=0x851c6f56, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x851c6f56, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.851] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9f57b70, ftCreationTime.dwHighDateTime=0x1d81a96, ftLastAccessTime.dwLowDateTime=0xfbe17600, ftLastAccessTime.dwHighDateTime=0x1d825f2, ftLastWriteTime.dwLowDateTime=0x845fb98b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1de48, dwReserved0=0x0, dwReserved1=0x0, cFileName="0mcrigWa.mp3.ampkcz", cAlternateFileName="0MCRIG~1.AMP")) returned 1 [0252.851] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc51bb10, ftCreationTime.dwHighDateTime=0x1d829fe, ftLastAccessTime.dwLowDateTime=0xca2d33c0, ftLastAccessTime.dwHighDateTime=0x1d82a06, ftLastWriteTime.dwLowDateTime=0x8499b8ba, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x59e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1vKyl.wav.ampkcz", cAlternateFileName="1VKYLW~1.AMP")) returned 1 [0252.851] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe7b5e030, ftCreationTime.dwHighDateTime=0x1d823c7, ftLastAccessTime.dwLowDateTime=0xbb324950, ftLastAccessTime.dwHighDateTime=0x1d8249d, ftLastWriteTime.dwLowDateTime=0x84d6413c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1ff34, dwReserved0=0x0, dwReserved1=0x0, cFileName="I-cduw.wav.ampkcz", cAlternateFileName="I-CDUW~1.AMP")) returned 1 [0252.852] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc30e8240, ftCreationTime.dwHighDateTime=0x1d81fd6, ftLastAccessTime.dwLowDateTime=0x129f0540, ftLastAccessTime.dwHighDateTime=0x1d823d4, ftLastWriteTime.dwLowDateTime=0x851c4cd4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="lhvTMaU.mp3.ampkcz", cAlternateFileName="LHVTMA~1.AMP")) returned 1 [0252.852] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84615b1c, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x84615b1c, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8461bc47, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0252.852] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84615b1c, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x84615b1c, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8461bc47, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0252.852] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0252.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0252.852] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0252.852] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0252.852] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\OneDrive", lpFilePart=0x0) returned 0x1e [0252.852] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\", lpFilePart=0x0) returned 0x1f [0252.853] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x84ac775d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x84aeda3c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84aeda3c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0252.853] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x84ac775d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x84aeda3c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84aeda3c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.853] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x84aeda3c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x84aeda3c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84aeda3c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x67, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0252.853] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0252.853] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0252.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0252.854] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0252.857] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini", lpFilePart=0x0) returned 0x2a [0252.857] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini", lpFilePart=0x0) returned 0x2a [0252.857] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini", dwFileAttributes=0x80) returned 1 [0252.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0252.857] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\onedrive\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x2525a50 | out: lpFileInformation=0x2525a50*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x84aeda3c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x84aeda3c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x84aeda3c, ftLastWriteTime.dwHighDateTime=0x1d70074, nFileSizeHigh=0x0, nFileSizeLow=0x67)) returned 1 [0252.858] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0252.858] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini", lpFilePart=0x0) returned 0x2a [0252.858] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0252.858] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\onedrive\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0252.858] GetFileType (hFile=0x1f4) returned 0x1 [0252.858] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0252.858] GetFileType (hFile=0x1f4) returned 0x1 [0252.858] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x67 [0252.858] ReadFile (in: hFile=0x1f4, lpBuffer=0x2525f10, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2525f10*, lpNumberOfBytesRead=0x14edd8*=0x67, lpOverlapped=0x0) returned 1 [0252.859] CloseHandle (hObject=0x1f4) returned 1 [0253.242] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini", lpFilePart=0x0) returned 0x2a [0253.242] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0253.242] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\onedrive\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0253.244] GetFileType (hFile=0x1f4) returned 0x1 [0253.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0253.245] GetFileType (hFile=0x1f4) returned 0x1 [0253.245] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a09a0*, nNumberOfBytesToWrite=0x160, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25a09a0*, lpNumberOfBytesWritten=0x14ec98*=0x160, lpOverlapped=0x0) returned 1 [0253.248] CloseHandle (hObject=0x1f4) returned 1 [0253.251] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini", lpFilePart=0x0) returned 0x2a [0253.251] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini.ampkcz", lpFilePart=0x0) returned 0x31 [0253.251] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0253.251] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\onedrive\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84aeda3c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x84aeda3c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x8559a695, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x160)) returned 1 [0253.252] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0253.252] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\onedrive\\desktop.ini"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\desktop.ini.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\onedrive\\desktop.ini.ampkcz")) returned 1 [0253.253] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\readme.txt", lpFilePart=0x0) returned 0x29 [0253.254] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0253.254] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\onedrive\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0253.255] GetFileType (hFile=0x1f4) returned 0x1 [0253.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0253.255] GetFileType (hFile=0x1f4) returned 0x1 [0253.256] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a3b78*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ed48, lpOverlapped=0x0 | out: lpBuffer=0x25a3b78*, lpNumberOfBytesWritten=0x14ed48*=0x6c6, lpOverlapped=0x0) returned 1 [0253.257] CloseHandle (hObject=0x1f4) returned 1 [0253.258] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0253.258] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\OneDrive", lpFilePart=0x0) returned 0x1e [0253.258] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\", lpFilePart=0x0) returned 0x1f [0253.258] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\OneDrive\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x84ac775d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x8559e238, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x855a2f83, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0253.259] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x84ac775d, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x8559e238, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x855a2f83, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0253.259] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84aeda3c, ftCreationTime.dwHighDateTime=0x1d70074, ftLastAccessTime.dwLowDateTime=0x84aeda3c, ftLastAccessTime.dwHighDateTime=0x1d70074, ftLastWriteTime.dwLowDateTime=0x8559a695, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0253.259] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x855a2f83, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x855a2f83, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x855ab852, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0253.259] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x855a2f83, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x855a2f83, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x855ab852, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0253.260] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0253.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0253.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0253.260] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0253.260] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Saved Games", lpFilePart=0x0) returned 0x21 [0253.260] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\", lpFilePart=0x0) returned 0x22 [0253.260] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43754b80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0253.261] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43754b80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0253.261] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x43754b80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43754b80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0253.261] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0253.261] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0253.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0253.262] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0253.264] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini", lpFilePart=0x0) returned 0x2d [0253.265] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini", lpFilePart=0x0) returned 0x2d [0253.265] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini", dwFileAttributes=0x80) returned 1 [0253.265] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0253.265] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\saved games\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x25a7a78 | out: lpFileInformation=0x25a7a78*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x43754b80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43754b80, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x11a)) returned 1 [0253.266] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0253.266] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini", lpFilePart=0x0) returned 0x2d [0253.266] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0253.266] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\saved games\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0253.266] GetFileType (hFile=0x1f4) returned 0x1 [0253.266] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0253.266] GetFileType (hFile=0x1f4) returned 0x1 [0253.266] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x11a [0253.266] ReadFile (in: hFile=0x1f4, lpBuffer=0x25a8008, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25a8008*, lpNumberOfBytesRead=0x14edd8*=0x11a, lpOverlapped=0x0) returned 1 [0253.268] CloseHandle (hObject=0x1f4) returned 1 [0253.778] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini", lpFilePart=0x0) returned 0x2d [0253.778] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0253.779] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\saved games\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0253.780] GetFileType (hFile=0x1f4) returned 0x1 [0253.780] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0253.781] GetFileType (hFile=0x1f4) returned 0x1 [0253.781] WriteFile (in: hFile=0x1f4, lpBuffer=0x26231e0*, nNumberOfBytesToWrite=0x248, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26231e0*, lpNumberOfBytesWritten=0x14ec98*=0x248, lpOverlapped=0x0) returned 1 [0253.782] CloseHandle (hObject=0x1f4) returned 1 [0253.783] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini", lpFilePart=0x0) returned 0x2d [0253.784] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini.ampkcz", lpFilePart=0x0) returned 0x34 [0253.784] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0253.784] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\saved games\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43754b80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x85aaf64e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x248)) returned 1 [0253.784] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0253.784] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\saved games\\desktop.ini"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\desktop.ini.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\saved games\\desktop.ini.ampkcz")) returned 1 [0253.785] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\readme.txt", lpFilePart=0x0) returned 0x2c [0253.788] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0253.788] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\saved games\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0253.789] GetFileType (hFile=0x1f4) returned 0x1 [0253.789] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0253.789] GetFileType (hFile=0x1f4) returned 0x1 [0253.790] WriteFile (in: hFile=0x1f4, lpBuffer=0x26263e0*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ed48, lpOverlapped=0x0 | out: lpBuffer=0x26263e0*, lpNumberOfBytesWritten=0x14ed48*=0x6c6, lpOverlapped=0x0) returned 1 [0253.792] CloseHandle (hObject=0x1f4) returned 1 [0253.792] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0253.792] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Saved Games", lpFilePart=0x0) returned 0x21 [0253.793] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\", lpFilePart=0x0) returned 0x22 [0253.793] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Saved Games\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x85ab1887, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x85abc8f3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0253.793] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x85ab1887, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x85abc8f3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0253.793] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43754b80, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43754b80, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x85aaf64e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x248, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0253.794] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85abc8f3, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x85abc8f3, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x85ac52d9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0253.794] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85abc8f3, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x85abc8f3, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x85ac52d9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0253.794] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0253.794] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0253.794] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0253.794] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0253.794] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites", lpFilePart=0x0) returned 0x1f [0253.795] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\", lpFilePart=0x0) returned 0x20 [0253.795] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0253.795] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0253.795] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43053b43, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43053b43, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bing.url", cAlternateFileName="")) returned 1 [0253.796] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x436238c4, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0253.796] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0253.796] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 0 [0253.796] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0253.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0253.796] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0253.798] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url", lpFilePart=0x0) returned 0x28 [0253.798] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url", lpFilePart=0x0) returned 0x28 [0253.798] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url", dwFileAttributes=0x80) returned 1 [0253.802] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0253.802] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\bing.url"), fInfoLevelId=0x0, lpFileInformation=0x2629db8 | out: lpFileInformation=0x2629db8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x43053b43, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43053b43, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xd0)) returned 1 [0253.802] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0253.802] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url", lpFilePart=0x0) returned 0x28 [0253.802] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0253.802] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\bing.url"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0253.803] GetFileType (hFile=0x1f4) returned 0x1 [0253.803] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0253.803] GetFileType (hFile=0x1f4) returned 0x1 [0253.803] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0xd0 [0253.803] ReadFile (in: hFile=0x1f4, lpBuffer=0x262a2e0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x262a2e0*, lpNumberOfBytesRead=0x14edd8*=0xd0, lpOverlapped=0x0) returned 1 [0253.805] CloseHandle (hObject=0x1f4) returned 1 [0254.386] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url", lpFilePart=0x0) returned 0x28 [0254.386] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0254.386] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\bing.url"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0254.389] GetFileType (hFile=0x1f4) returned 0x1 [0254.389] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0254.389] GetFileType (hFile=0x1f4) returned 0x1 [0254.389] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a50a0*, nNumberOfBytesToWrite=0x1f4, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26a50a0*, lpNumberOfBytesWritten=0x14ec98*=0x1f4, lpOverlapped=0x0) returned 1 [0254.390] CloseHandle (hObject=0x1f4) returned 1 [0254.393] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url", lpFilePart=0x0) returned 0x28 [0254.393] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url.ampkcz", lpFilePart=0x0) returned 0x2f [0254.393] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0254.393] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\bing.url"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43053b43, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43053b43, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x8607b999, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1f4)) returned 1 [0254.394] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0254.394] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\bing.url"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Bing.url.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\bing.url.ampkcz")) returned 1 [0254.396] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\readme.txt", lpFilePart=0x0) returned 0x2a [0254.396] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0254.396] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0254.402] GetFileType (hFile=0x1f4) returned 0x1 [0254.402] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0254.402] GetFileType (hFile=0x1f4) returned 0x1 [0254.403] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a8268*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ed48, lpOverlapped=0x0 | out: lpBuffer=0x26a8268*, lpNumberOfBytesWritten=0x14ed48*=0x6c6, lpOverlapped=0x0) returned 1 [0254.404] CloseHandle (hObject=0x1f4) returned 1 [0254.412] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini", lpFilePart=0x0) returned 0x2b [0254.412] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini", lpFilePart=0x0) returned 0x2b [0254.412] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini", dwFileAttributes=0x80) returned 1 [0254.414] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0254.414] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x26aaa08 | out: lpFileInformation=0x26aaa08*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x436238c4, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x192)) returned 1 [0254.415] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0254.415] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini", lpFilePart=0x0) returned 0x2b [0254.415] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0254.415] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0254.415] GetFileType (hFile=0x1f4) returned 0x1 [0254.415] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0254.415] GetFileType (hFile=0x1f4) returned 0x1 [0254.415] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x192 [0254.415] ReadFile (in: hFile=0x1f4, lpBuffer=0x26aaff8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x26aaff8*, lpNumberOfBytesRead=0x14edd8*=0x192, lpOverlapped=0x0) returned 1 [0254.416] CloseHandle (hObject=0x1f4) returned 1 [0254.857] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini", lpFilePart=0x0) returned 0x2b [0254.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0254.857] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0254.862] GetFileType (hFile=0x1f4) returned 0x1 [0254.862] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0254.862] GetFileType (hFile=0x1f4) returned 0x1 [0254.862] WriteFile (in: hFile=0x1f4, lpBuffer=0x2527008*, nNumberOfBytesToWrite=0x2f4, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2527008*, lpNumberOfBytesWritten=0x14ec98*=0x2f4, lpOverlapped=0x0) returned 1 [0254.863] CloseHandle (hObject=0x1f4) returned 1 [0254.866] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini", lpFilePart=0x0) returned 0x2b [0254.867] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini.ampkcz", lpFilePart=0x0) returned 0x32 [0254.867] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0254.867] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x436238c4, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x864fee93, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2f4)) returned 1 [0254.867] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0254.867] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\desktop.ini"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\desktop.ini.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\desktop.ini.ampkcz")) returned 1 [0254.869] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0254.869] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites", lpFilePart=0x0) returned 0x1f [0254.869] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\", lpFilePart=0x0) returned 0x20 [0254.870] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x86509747, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x86509747, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0254.870] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x86509747, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x86509747, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0254.870] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43053b43, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43053b43, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x8607b999, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bing.url.ampkcz", cAlternateFileName="BINGUR~1.AMP")) returned 1 [0254.871] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x436238c4, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436238c4, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x864fee93, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0254.871] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0254.871] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86088f54, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x86088f54, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8609b43b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0254.871] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86088f54, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x86088f54, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8609b43b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0254.871] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0254.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0254.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0254.872] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0254.872] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links", lpFilePart=0x0) returned 0x25 [0254.872] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\", lpFilePart=0x0) returned 0x26 [0254.872] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0254.873] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0254.873] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x43079e90, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0254.873] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0254.873] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0254.873] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0254.873] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0254.876] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini", lpFilePart=0x0) returned 0x31 [0254.876] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini", lpFilePart=0x0) returned 0x31 [0254.876] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini", dwFileAttributes=0x80) returned 1 [0254.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0254.877] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\links\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x252acd0 | out: lpFileInformation=0x252acd0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x43079e90, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43079e90, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x50)) returned 1 [0254.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0254.877] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini", lpFilePart=0x0) returned 0x31 [0254.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0254.877] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\links\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0254.877] GetFileType (hFile=0x1f4) returned 0x1 [0254.878] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0254.878] GetFileType (hFile=0x1f4) returned 0x1 [0254.878] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x50 [0254.878] ReadFile (in: hFile=0x1f4, lpBuffer=0x252b1a8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x252b1a8*, lpNumberOfBytesRead=0x14ed68*=0x50, lpOverlapped=0x0) returned 1 [0254.879] CloseHandle (hObject=0x1f4) returned 1 [0255.366] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini", lpFilePart=0x0) returned 0x31 [0255.366] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0255.367] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\links\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0255.371] GetFileType (hFile=0x1f4) returned 0x1 [0255.371] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0255.371] GetFileType (hFile=0x1f4) returned 0x1 [0255.371] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a5bc8*, nNumberOfBytesToWrite=0x148, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25a5bc8*, lpNumberOfBytesWritten=0x14ec28*=0x148, lpOverlapped=0x0) returned 1 [0255.373] CloseHandle (hObject=0x1f4) returned 1 [0255.376] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini", lpFilePart=0x0) returned 0x31 [0255.376] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini.ampkcz", lpFilePart=0x0) returned 0x38 [0255.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0255.376] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\links\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43079e90, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x869dbc75, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x148)) returned 1 [0255.377] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0255.377] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\links\\desktop.ini"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\desktop.ini.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\links\\desktop.ini.ampkcz")) returned 1 [0255.386] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\readme.txt", lpFilePart=0x0) returned 0x30 [0255.386] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0255.386] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\favorites\\links\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0255.388] GetFileType (hFile=0x1f4) returned 0x1 [0255.388] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0255.388] GetFileType (hFile=0x1f4) returned 0x1 [0255.389] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a8df0*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x25a8df0*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0255.391] CloseHandle (hObject=0x1f4) returned 1 [0255.393] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0255.393] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links", lpFilePart=0x0) returned 0x25 [0255.393] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\", lpFilePart=0x0) returned 0x26 [0255.393] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Favorites\\Links\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x869e39de, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x869f9931, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0255.394] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x42cc0372, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x869e39de, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x869f9931, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.394] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43079e90, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43079e90, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x869dbc75, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x148, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0255.394] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x869f9931, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x869f9931, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x86a04c6d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0255.395] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x869f9931, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x869f9931, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x86a04c6d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0255.395] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0255.397] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0255.397] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0255.397] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0255.397] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Searches", lpFilePart=0x0) returned 0x1e [0255.397] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Searches\\", lpFilePart=0x0) returned 0x1f [0255.397] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43695fb2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437a1142, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687cd0 [0255.398] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43695fb2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437a1142, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.398] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x436bc315, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0255.399] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x437a1142, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437a1142, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0255.399] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x4377acca, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4377acca, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x4377acca, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0255.399] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0255.399] FindClose (in: hFindFile=0x687cd0 | out: hFindFile=0x687cd0) returned 1 [0255.400] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0255.400] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0255.403] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini", lpFilePart=0x0) returned 0x2a [0255.403] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini", lpFilePart=0x0) returned 0x2a [0255.403] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini", dwFileAttributes=0x80) returned 1 [0255.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0255.404] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x25ad1b0 | out: lpFileInformation=0x25ad1b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x436bc315, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x20c)) returned 1 [0255.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0255.404] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini", lpFilePart=0x0) returned 0x2a [0255.404] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0255.404] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0255.404] GetFileType (hFile=0x1f4) returned 0x1 [0255.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0255.404] GetFileType (hFile=0x1f4) returned 0x1 [0255.404] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x20c [0255.404] ReadFile (in: hFile=0x1f4, lpBuffer=0x25ad818, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25ad818*, lpNumberOfBytesRead=0x14edd8*=0x20c, lpOverlapped=0x0) returned 1 [0255.405] CloseHandle (hObject=0x1f4) returned 1 [0255.960] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini", lpFilePart=0x0) returned 0x2a [0255.960] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0255.960] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0255.962] GetFileType (hFile=0x1f4) returned 0x1 [0255.962] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0255.962] GetFileType (hFile=0x1f4) returned 0x1 [0255.962] WriteFile (in: hFile=0x1f4, lpBuffer=0x2629398*, nNumberOfBytesToWrite=0x388, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2629398*, lpNumberOfBytesWritten=0x14ec98*=0x388, lpOverlapped=0x0) returned 1 [0255.963] CloseHandle (hObject=0x1f4) returned 1 [0255.965] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini", lpFilePart=0x0) returned 0x2a [0255.965] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini.ampkcz", lpFilePart=0x0) returned 0x31 [0255.965] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0255.965] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x436bc315, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x86f7d2bc, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x388)) returned 1 [0255.966] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0255.966] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\desktop.ini"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\desktop.ini.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\desktop.ini.ampkcz")) returned 1 [0255.969] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Searches\\readme.txt", lpFilePart=0x0) returned 0x29 [0255.969] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0255.969] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\searches\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0255.970] GetFileType (hFile=0x1f4) returned 0x1 [0255.970] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0255.970] GetFileType (hFile=0x1f4) returned 0x1 [0255.971] WriteFile (in: hFile=0x1f4, lpBuffer=0x262c570*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ed48, lpOverlapped=0x0 | out: lpBuffer=0x262c570*, lpNumberOfBytesWritten=0x14ed48*=0x6c6, lpOverlapped=0x0) returned 1 [0255.972] CloseHandle (hObject=0x1f4) returned 1 [0255.985] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0255.985] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Searches", lpFilePart=0x0) returned 0x1e [0255.985] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Searches\\", lpFilePart=0x0) returned 0x1f [0255.985] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Searches\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43695fb2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x86f854a8, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x86f87bcc, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0255.986] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x43695fb2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x86f854a8, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x86f87bcc, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.986] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x436bc315, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x436bc315, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x86f7d2bc, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x388, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0255.986] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x437a1142, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x437a1142, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x437a1142, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0255.987] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x4377acca, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4377acca, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x4377acca, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0255.987] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86f87bcc, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x86f87bcc, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x86f8f075, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0255.987] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x86f87bcc, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x86f87bcc, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x86f8f075, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0255.987] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0255.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0255.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0255.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0255.988] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos", lpFilePart=0x0) returned 0x1c [0255.988] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\", lpFilePart=0x0) returned 0x1d [0255.988] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xf2793d64, ftLastAccessTime.dwHighDateTime=0x1d82a28, ftLastWriteTime.dwLowDateTime=0xf2793d64, ftLastWriteTime.dwHighDateTime=0x1d82a28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0255.989] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xf2793d64, ftLastAccessTime.dwHighDateTime=0x1d82a28, ftLastWriteTime.dwLowDateTime=0xf2793d64, ftLastWriteTime.dwHighDateTime=0x1d82a28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.989] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85920660, ftCreationTime.dwHighDateTime=0x1d823fc, ftLastAccessTime.dwLowDateTime=0xc64b3c50, ftLastAccessTime.dwHighDateTime=0x1d8290e, ftLastWriteTime.dwLowDateTime=0xc64b3c50, ftLastWriteTime.dwHighDateTime=0x1d8290e, nFileSizeHigh=0x0, nFileSizeLow=0x1841f, dwReserved0=0x0, dwReserved1=0x0, cFileName="dAtKDUXcb5tZgOm6X.swf", cAlternateFileName="DATKDU~1.SWF")) returned 1 [0255.989] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x4347fe61, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4347fe61, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0255.989] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda4221d0, ftCreationTime.dwHighDateTime=0x1d8215a, ftLastAccessTime.dwLowDateTime=0xe044f850, ftLastAccessTime.dwHighDateTime=0x1d82682, ftLastWriteTime.dwLowDateTime=0xe044f850, ftLastWriteTime.dwHighDateTime=0x1d82682, nFileSizeHigh=0x0, nFileSizeLow=0x6225, dwReserved0=0x0, dwReserved1=0x0, cFileName="doCmgkS58qBJ.mkv", cAlternateFileName="DOCMGK~1.MKV")) returned 1 [0255.990] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1562d6c0, ftCreationTime.dwHighDateTime=0x1d82240, ftLastAccessTime.dwLowDateTime=0xa5dfe6f0, ftLastAccessTime.dwHighDateTime=0x1d82297, ftLastWriteTime.dwLowDateTime=0xa5dfe6f0, ftLastWriteTime.dwHighDateTime=0x1d82297, nFileSizeHigh=0x0, nFileSizeLow=0x18100, dwReserved0=0x0, dwReserved1=0x0, cFileName="Iq_GpS8Ak_f40Ld.avi", cAlternateFileName="IQ_GPS~1.AVI")) returned 1 [0255.990] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ff4d790, ftCreationTime.dwHighDateTime=0x1d8229a, ftLastAccessTime.dwLowDateTime=0x68a987c0, ftLastAccessTime.dwHighDateTime=0x1d8285d, ftLastWriteTime.dwLowDateTime=0x68a987c0, ftLastWriteTime.dwHighDateTime=0x1d8285d, nFileSizeHigh=0x0, nFileSizeLow=0x17cc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="t7s 9e08pZlXKwgikld.swf", cAlternateFileName="T7S9E0~1.SWF")) returned 1 [0255.990] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60c2f250, ftCreationTime.dwHighDateTime=0x1d81c80, ftLastAccessTime.dwLowDateTime=0x4b02e820, ftLastAccessTime.dwHighDateTime=0x1d8248d, ftLastWriteTime.dwLowDateTime=0x4b02e820, ftLastWriteTime.dwHighDateTime=0x1d8248d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="y11GP", cAlternateFileName="")) returned 1 [0255.990] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf06144e0, ftCreationTime.dwHighDateTime=0x1d82854, ftLastAccessTime.dwLowDateTime=0x15995de0, ftLastAccessTime.dwHighDateTime=0x1d828d4, ftLastWriteTime.dwLowDateTime=0x15995de0, ftLastWriteTime.dwHighDateTime=0x1d828d4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="y8MlsukjI V4N Vwru7Y", cAlternateFileName="Y8MLSU~1")) returned 1 [0255.990] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf06144e0, ftCreationTime.dwHighDateTime=0x1d82854, ftLastAccessTime.dwLowDateTime=0x15995de0, ftLastAccessTime.dwHighDateTime=0x1d828d4, ftLastWriteTime.dwLowDateTime=0x15995de0, ftLastWriteTime.dwHighDateTime=0x1d828d4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="y8MlsukjI V4N Vwru7Y", cAlternateFileName="Y8MLSU~1")) returned 0 [0255.991] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0255.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0255.991] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0255.991] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf", lpFilePart=0x0) returned 0x32 [0255.991] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf", lpFilePart=0x0) returned 0x32 [0255.991] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf", dwFileAttributes=0x80) returned 1 [0255.992] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0255.992] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\datkduxcb5tzgom6x.swf"), fInfoLevelId=0x0, lpFileInformation=0x2637418 | out: lpFileInformation=0x2637418*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x85920660, ftCreationTime.dwHighDateTime=0x1d823fc, ftLastAccessTime.dwLowDateTime=0xc64b3c50, ftLastAccessTime.dwHighDateTime=0x1d8290e, ftLastWriteTime.dwLowDateTime=0xc64b3c50, ftLastWriteTime.dwHighDateTime=0x1d8290e, nFileSizeHigh=0x0, nFileSizeLow=0x1841f)) returned 1 [0255.992] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0255.993] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf", lpFilePart=0x0) returned 0x32 [0255.993] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0255.993] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\datkduxcb5tzgom6x.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0255.993] GetFileType (hFile=0x1f4) returned 0x1 [0255.993] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0255.993] GetFileType (hFile=0x1f4) returned 0x1 [0255.993] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x1841f [0255.993] ReadFile (in: hFile=0x1f4, lpBuffer=0x1255e568, nNumberOfBytesToRead=0x1841f, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x1255e568*, lpNumberOfBytesRead=0x14edd8*=0x1841f, lpOverlapped=0x0) returned 1 [0255.995] CloseHandle (hObject=0x1f4) returned 1 [0256.380] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf", lpFilePart=0x0) returned 0x32 [0256.380] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0256.380] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\datkduxcb5tzgom6x.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0256.382] GetFileType (hFile=0x1f4) returned 0x1 [0256.382] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0256.382] GetFileType (hFile=0x1f4) returned 0x1 [0256.382] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.383] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.383] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.384] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.385] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.385] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.385] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.386] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.386] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.387] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.387] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.387] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.388] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.388] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.389] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.389] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.390] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.390] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.390] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.391] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.391] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.391] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.392] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.392] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.393] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.393] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.393] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.394] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.394] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.394] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.395] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.395] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0256.395] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b0d08*, nNumberOfBytesToWrite=0x648, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26b0d08*, lpNumberOfBytesWritten=0x14ec98*=0x648, lpOverlapped=0x0) returned 1 [0256.397] CloseHandle (hObject=0x1f4) returned 1 [0256.403] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf", lpFilePart=0x0) returned 0x32 [0256.403] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf.ampkcz", lpFilePart=0x0) returned 0x39 [0256.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0256.403] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\datkduxcb5tzgom6x.swf"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85920660, ftCreationTime.dwHighDateTime=0x1d823fc, ftLastAccessTime.dwLowDateTime=0xc64b3c50, ftLastAccessTime.dwHighDateTime=0x1d8290e, ftLastWriteTime.dwLowDateTime=0x873ab474, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x20648)) returned 1 [0256.404] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0256.404] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\datkduxcb5tzgom6x.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\dAtKDUXcb5tZgOm6X.swf.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\datkduxcb5tzgom6x.swf.ampkcz")) returned 1 [0256.405] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\readme.txt", lpFilePart=0x0) returned 0x27 [0256.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0256.405] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0256.405] GetFileType (hFile=0x1f4) returned 0x1 [0256.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0256.405] GetFileType (hFile=0x1f4) returned 0x1 [0256.406] WriteFile (in: hFile=0x1f4, lpBuffer=0x26b3f00*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ed48, lpOverlapped=0x0 | out: lpBuffer=0x26b3f00*, lpNumberOfBytesWritten=0x14ed48*=0x6c6, lpOverlapped=0x0) returned 1 [0256.407] CloseHandle (hObject=0x1f4) returned 1 [0256.410] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini", lpFilePart=0x0) returned 0x28 [0256.410] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini", lpFilePart=0x0) returned 0x28 [0256.410] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini", dwFileAttributes=0x80) returned 1 [0256.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0256.410] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x26b66a0 | out: lpFileInformation=0x26b66a0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4347fe61, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4347fe61, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x436238c4, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x1f8)) returned 1 [0256.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0256.410] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini", lpFilePart=0x0) returned 0x28 [0256.411] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0256.411] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0256.411] GetFileType (hFile=0x1f4) returned 0x1 [0256.411] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0256.411] GetFileType (hFile=0x1f4) returned 0x1 [0256.411] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x1f8 [0256.411] ReadFile (in: hFile=0x1f4, lpBuffer=0x26b6cf0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x26b6cf0*, lpNumberOfBytesRead=0x14edd8*=0x1f8, lpOverlapped=0x0) returned 1 [0256.412] CloseHandle (hObject=0x1f4) returned 1 [0256.826] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini", lpFilePart=0x0) returned 0x28 [0256.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0256.826] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0256.827] GetFileType (hFile=0x1f4) returned 0x1 [0256.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0256.827] GetFileType (hFile=0x1f4) returned 0x1 [0256.827] WriteFile (in: hFile=0x1f4, lpBuffer=0x25336d0*, nNumberOfBytesToWrite=0x374, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25336d0*, lpNumberOfBytesWritten=0x14ec98*=0x374, lpOverlapped=0x0) returned 1 [0256.828] CloseHandle (hObject=0x1f4) returned 1 [0256.829] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini", lpFilePart=0x0) returned 0x28 [0256.829] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini.ampkcz", lpFilePart=0x0) returned 0x2f [0256.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0256.829] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4347fe61, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4347fe61, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x877bb3da, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x374)) returned 1 [0256.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0256.830] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\desktop.ini"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\desktop.ini.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\desktop.ini.ampkcz")) returned 1 [0256.831] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv", lpFilePart=0x0) returned 0x2d [0256.831] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv", lpFilePart=0x0) returned 0x2d [0256.832] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv", dwFileAttributes=0x80) returned 1 [0256.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0256.832] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\docmgks58qbj.mkv"), fInfoLevelId=0x0, lpFileInformation=0x2534fe0 | out: lpFileInformation=0x2534fe0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xda4221d0, ftCreationTime.dwHighDateTime=0x1d8215a, ftLastAccessTime.dwLowDateTime=0xe044f850, ftLastAccessTime.dwHighDateTime=0x1d82682, ftLastWriteTime.dwLowDateTime=0xe044f850, ftLastWriteTime.dwHighDateTime=0x1d82682, nFileSizeHigh=0x0, nFileSizeLow=0x6225)) returned 1 [0256.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0256.833] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv", lpFilePart=0x0) returned 0x2d [0256.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0256.833] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\docmgks58qbj.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0256.833] GetFileType (hFile=0x1f4) returned 0x1 [0256.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0256.833] GetFileType (hFile=0x1f4) returned 0x1 [0256.833] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x6225 [0256.833] ReadFile (in: hFile=0x1f4, lpBuffer=0x2535458, nNumberOfBytesToRead=0x6225, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2535458*, lpNumberOfBytesRead=0x14edd8*=0x6225, lpOverlapped=0x0) returned 1 [0256.834] CloseHandle (hObject=0x1f4) returned 1 [0257.245] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv", lpFilePart=0x0) returned 0x2d [0257.245] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0257.245] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\docmgks58qbj.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0257.247] GetFileType (hFile=0x1f4) returned 0x1 [0257.247] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0257.247] GetFileType (hFile=0x1f4) returned 0x1 [0257.247] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f4370*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f4370*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.249] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f4370*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f4370*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.249] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f4370*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f4370*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.250] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f4370*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f4370*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.250] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f4370*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f4370*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.251] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f4370*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f4370*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.251] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f4370*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25f4370*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.256] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f4370*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecb8, lpOverlapped=0x0 | out: lpBuffer=0x25f4370*, lpNumberOfBytesWritten=0x14ecb8*=0x1000, lpOverlapped=0x0) returned 1 [0257.257] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f4370*, nNumberOfBytesToWrite=0x3b4, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25f4370*, lpNumberOfBytesWritten=0x14ec98*=0x3b4, lpOverlapped=0x0) returned 1 [0257.257] CloseHandle (hObject=0x1f4) returned 1 [0257.259] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv", lpFilePart=0x0) returned 0x2d [0257.259] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv.ampkcz", lpFilePart=0x0) returned 0x34 [0257.259] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0257.259] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\docmgks58qbj.mkv"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda4221d0, ftCreationTime.dwHighDateTime=0x1d8215a, ftLastAccessTime.dwLowDateTime=0xe044f850, ftLastAccessTime.dwHighDateTime=0x1d82682, ftLastWriteTime.dwLowDateTime=0x87bd515a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x83b4)) returned 1 [0257.260] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0257.260] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\docmgks58qbj.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\doCmgkS58qBJ.mkv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\docmgks58qbj.mkv.ampkcz")) returned 1 [0257.274] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi", lpFilePart=0x0) returned 0x30 [0257.279] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi", lpFilePart=0x0) returned 0x30 [0257.279] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi", dwFileAttributes=0x80) returned 1 [0257.283] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0257.283] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\iq_gps8ak_f40ld.avi"), fInfoLevelId=0x0, lpFileInformation=0x25f5cd0 | out: lpFileInformation=0x25f5cd0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1562d6c0, ftCreationTime.dwHighDateTime=0x1d82240, ftLastAccessTime.dwLowDateTime=0xa5dfe6f0, ftLastAccessTime.dwHighDateTime=0x1d82297, ftLastWriteTime.dwLowDateTime=0xa5dfe6f0, ftLastWriteTime.dwHighDateTime=0x1d82297, nFileSizeHigh=0x0, nFileSizeLow=0x18100)) returned 1 [0257.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0257.284] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi", lpFilePart=0x0) returned 0x30 [0257.284] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0257.284] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\iq_gps8ak_f40ld.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0257.284] GetFileType (hFile=0x1f4) returned 0x1 [0257.284] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0257.284] GetFileType (hFile=0x1f4) returned 0x1 [0257.284] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x18100 [0257.285] ReadFile (in: hFile=0x1f4, lpBuffer=0x12671710, nNumberOfBytesToRead=0x18100, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x12671710*, lpNumberOfBytesRead=0x14edd8*=0x18100, lpOverlapped=0x0) returned 1 [0257.287] CloseHandle (hObject=0x1f4) returned 1 [0257.757] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi", lpFilePart=0x0) returned 0x30 [0257.757] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0257.757] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\iq_gps8ak_f40ld.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0257.814] GetFileType (hFile=0x1f4) returned 0x1 [0257.814] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0257.814] GetFileType (hFile=0x1f4) returned 0x1 [0257.815] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.816] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.817] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.817] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.818] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.818] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.818] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.819] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.819] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.820] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.820] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.821] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.821] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.822] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.822] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.823] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.823] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.824] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.824] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.825] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.825] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.826] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.827] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.828] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.828] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.829] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.829] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.829] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.830] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.830] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.831] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0257.831] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecb8, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ecb8*=0x1000, lpOverlapped=0x0) returned 1 [0257.831] WriteFile (in: hFile=0x1f4, lpBuffer=0x266f5b0*, nNumberOfBytesToWrite=0x234, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x266f5b0*, lpNumberOfBytesWritten=0x14ec98*=0x234, lpOverlapped=0x0) returned 1 [0257.832] CloseHandle (hObject=0x1f4) returned 1 [0257.836] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi", lpFilePart=0x0) returned 0x30 [0257.836] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi.ampkcz", lpFilePart=0x0) returned 0x37 [0257.836] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0257.836] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\iq_gps8ak_f40ld.avi"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1562d6c0, ftCreationTime.dwHighDateTime=0x1d82240, ftLastAccessTime.dwLowDateTime=0xa5dfe6f0, ftLastAccessTime.dwHighDateTime=0x1d82297, ftLastWriteTime.dwLowDateTime=0x88155487, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x20234)) returned 1 [0257.837] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0257.837] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\iq_gps8ak_f40ld.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\Iq_GpS8Ak_f40Ld.avi.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\iq_gps8ak_f40ld.avi.ampkcz")) returned 1 [0257.840] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf", lpFilePart=0x0) returned 0x34 [0257.840] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf", lpFilePart=0x0) returned 0x34 [0257.840] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf", dwFileAttributes=0x80) returned 1 [0257.841] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0257.841] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\t7s 9e08pzlxkwgikld.swf"), fInfoLevelId=0x0, lpFileInformation=0x2671358 | out: lpFileInformation=0x2671358*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7ff4d790, ftCreationTime.dwHighDateTime=0x1d8229a, ftLastAccessTime.dwLowDateTime=0x68a987c0, ftLastAccessTime.dwHighDateTime=0x1d8285d, ftLastWriteTime.dwLowDateTime=0x68a987c0, ftLastWriteTime.dwHighDateTime=0x1d8285d, nFileSizeHigh=0x0, nFileSizeLow=0x17cc4)) returned 1 [0257.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0257.841] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf", lpFilePart=0x0) returned 0x34 [0257.841] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0257.841] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\t7s 9e08pzlxkwgikld.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0257.841] GetFileType (hFile=0x1f4) returned 0x1 [0257.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0257.841] GetFileType (hFile=0x1f4) returned 0x1 [0257.842] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x17cc4 [0257.842] ReadFile (in: hFile=0x1f4, lpBuffer=0x127825f8, nNumberOfBytesToRead=0x17cc4, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x127825f8*, lpNumberOfBytesRead=0x14edd8*=0x17cc4, lpOverlapped=0x0) returned 1 [0257.852] CloseHandle (hObject=0x1f4) returned 1 [0258.318] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf", lpFilePart=0x0) returned 0x34 [0258.318] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0258.318] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\t7s 9e08pzlxkwgikld.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0258.318] GetFileType (hFile=0x1f4) returned 0x1 [0258.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0258.318] GetFileType (hFile=0x1f4) returned 0x1 [0258.319] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.320] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.320] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.321] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.321] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.321] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.322] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.322] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.322] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.323] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.323] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.323] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.324] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.324] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.324] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.325] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.325] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.326] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.326] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.326] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.327] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.327] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.327] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.328] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.328] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.329] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.329] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.329] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.330] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.330] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.330] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0258.331] WriteFile (in: hFile=0x1f4, lpBuffer=0x25217e0*, nNumberOfBytesToWrite=0xc88, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25217e0*, lpNumberOfBytesWritten=0x14ec98*=0xc88, lpOverlapped=0x0) returned 1 [0258.331] CloseHandle (hObject=0x1f4) returned 1 [0258.335] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf", lpFilePart=0x0) returned 0x34 [0258.335] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf.ampkcz", lpFilePart=0x0) returned 0x3b [0258.335] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0258.335] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\t7s 9e08pzlxkwgikld.swf"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ff4d790, ftCreationTime.dwHighDateTime=0x1d8229a, ftLastAccessTime.dwLowDateTime=0x68a987c0, ftLastAccessTime.dwHighDateTime=0x1d8285d, ftLastWriteTime.dwLowDateTime=0x886164a9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1fc88)) returned 1 [0258.335] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0258.335] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\t7s 9e08pzlxkwgikld.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\t7s 9e08pZlXKwgikld.swf.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\t7s 9e08pzlxkwgikld.swf.ampkcz")) returned 1 [0258.336] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0258.336] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos", lpFilePart=0x0) returned 0x1c [0258.336] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\", lpFilePart=0x0) returned 0x1d [0258.336] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x88618b84, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x88618b84, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0258.337] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3ceb0231, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x88618b84, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x88618b84, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0258.337] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x85920660, ftCreationTime.dwHighDateTime=0x1d823fc, ftLastAccessTime.dwLowDateTime=0xc64b3c50, ftLastAccessTime.dwHighDateTime=0x1d8290e, ftLastWriteTime.dwLowDateTime=0x873ab474, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x20648, dwReserved0=0x0, dwReserved1=0x0, cFileName="dAtKDUXcb5tZgOm6X.swf.ampkcz", cAlternateFileName="DATKDU~1.AMP")) returned 1 [0258.337] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4347fe61, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x4347fe61, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x877bb3da, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x374, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0258.338] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xda4221d0, ftCreationTime.dwHighDateTime=0x1d8215a, ftLastAccessTime.dwLowDateTime=0xe044f850, ftLastAccessTime.dwHighDateTime=0x1d82682, ftLastWriteTime.dwLowDateTime=0x87bd515a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x83b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="doCmgkS58qBJ.mkv.ampkcz", cAlternateFileName="DOCMGK~1.AMP")) returned 1 [0258.338] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1562d6c0, ftCreationTime.dwHighDateTime=0x1d82240, ftLastAccessTime.dwLowDateTime=0xa5dfe6f0, ftLastAccessTime.dwHighDateTime=0x1d82297, ftLastWriteTime.dwLowDateTime=0x88155487, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x20234, dwReserved0=0x0, dwReserved1=0x0, cFileName="Iq_GpS8Ak_f40Ld.avi.ampkcz", cAlternateFileName="IQ_GPS~1.AMP")) returned 1 [0258.338] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x873aef18, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x873aef18, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x873b5047, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0258.338] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7ff4d790, ftCreationTime.dwHighDateTime=0x1d8229a, ftLastAccessTime.dwLowDateTime=0x68a987c0, ftLastAccessTime.dwHighDateTime=0x1d8285d, ftLastWriteTime.dwLowDateTime=0x886164a9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1fc88, dwReserved0=0x0, dwReserved1=0x0, cFileName="t7s 9e08pZlXKwgikld.swf.ampkcz", cAlternateFileName="T7S9E0~1.AMP")) returned 1 [0258.338] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60c2f250, ftCreationTime.dwHighDateTime=0x1d81c80, ftLastAccessTime.dwLowDateTime=0x4b02e820, ftLastAccessTime.dwHighDateTime=0x1d8248d, ftLastWriteTime.dwLowDateTime=0x4b02e820, ftLastWriteTime.dwHighDateTime=0x1d8248d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="y11GP", cAlternateFileName="")) returned 1 [0258.339] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf06144e0, ftCreationTime.dwHighDateTime=0x1d82854, ftLastAccessTime.dwLowDateTime=0x15995de0, ftLastAccessTime.dwHighDateTime=0x1d828d4, ftLastWriteTime.dwLowDateTime=0x15995de0, ftLastWriteTime.dwHighDateTime=0x1d828d4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="y8MlsukjI V4N Vwru7Y", cAlternateFileName="Y8MLSU~1")) returned 1 [0258.339] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0258.342] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0258.342] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0258.342] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0258.342] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0258.342] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP", lpFilePart=0x0) returned 0x22 [0258.342] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\", lpFilePart=0x0) returned 0x23 [0258.342] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60c2f250, ftCreationTime.dwHighDateTime=0x1d81c80, ftLastAccessTime.dwLowDateTime=0x4b02e820, ftLastAccessTime.dwHighDateTime=0x1d8248d, ftLastWriteTime.dwLowDateTime=0x4b02e820, ftLastWriteTime.dwHighDateTime=0x1d8248d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0258.342] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60c2f250, ftCreationTime.dwHighDateTime=0x1d81c80, ftLastAccessTime.dwLowDateTime=0x4b02e820, ftLastAccessTime.dwHighDateTime=0x1d8248d, ftLastWriteTime.dwLowDateTime=0x4b02e820, ftLastWriteTime.dwHighDateTime=0x1d8248d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0258.343] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b6a0000, ftCreationTime.dwHighDateTime=0x1d82552, ftLastAccessTime.dwLowDateTime=0xaaae5510, ftLastAccessTime.dwHighDateTime=0x1d8265f, ftLastWriteTime.dwLowDateTime=0xaaae5510, ftLastWriteTime.dwHighDateTime=0x1d8265f, nFileSizeHigh=0x0, nFileSizeLow=0x8b25, dwReserved0=0x0, dwReserved1=0x0, cFileName="0iwDGXsDNrSpppZIVnT.avi", cAlternateFileName="0IWDGX~1.AVI")) returned 1 [0258.343] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf5e0c390, ftCreationTime.dwHighDateTime=0x1d820e4, ftLastAccessTime.dwLowDateTime=0x975fe170, ftLastAccessTime.dwHighDateTime=0x1d82116, ftLastWriteTime.dwLowDateTime=0x975fe170, ftLastWriteTime.dwHighDateTime=0x1d82116, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8X_R6tS_L1CAcWN4P", cAlternateFileName="8X_R6T~1")) returned 1 [0258.343] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9d151b0, ftCreationTime.dwHighDateTime=0x1d8236f, ftLastAccessTime.dwLowDateTime=0xa81e8360, ftLastAccessTime.dwHighDateTime=0x1d82718, ftLastWriteTime.dwLowDateTime=0xa81e8360, ftLastWriteTime.dwHighDateTime=0x1d82718, nFileSizeHigh=0x0, nFileSizeLow=0xfe44, dwReserved0=0x0, dwReserved1=0x0, cFileName="a7DdQmfIOxD4QBG7h.mp4", cAlternateFileName="A7DDQM~1.MP4")) returned 1 [0258.343] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x521df7e0, ftCreationTime.dwHighDateTime=0x1d81ded, ftLastAccessTime.dwLowDateTime=0x16288c80, ftLastAccessTime.dwHighDateTime=0x1d82358, ftLastWriteTime.dwLowDateTime=0x16288c80, ftLastWriteTime.dwHighDateTime=0x1d82358, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="M4-hXnJU", cAlternateFileName="")) returned 1 [0258.343] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0912820, ftCreationTime.dwHighDateTime=0x1d8231c, ftLastAccessTime.dwLowDateTime=0x2b7ee430, ftLastAccessTime.dwHighDateTime=0x1d82948, ftLastWriteTime.dwLowDateTime=0x2b7ee430, ftLastWriteTime.dwHighDateTime=0x1d82948, nFileSizeHigh=0x0, nFileSizeLow=0x12c11, dwReserved0=0x0, dwReserved1=0x0, cFileName="qXHEd-dny56DhgRvf.swf", cAlternateFileName="QXHED-~1.SWF")) returned 1 [0258.344] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x72d898c0, ftCreationTime.dwHighDateTime=0x1d82011, ftLastAccessTime.dwLowDateTime=0x876d00, ftLastAccessTime.dwHighDateTime=0x1d82246, ftLastWriteTime.dwLowDateTime=0x876d00, ftLastWriteTime.dwHighDateTime=0x1d82246, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tZCj_rPznWAx", cAlternateFileName="TZCJ_R~1")) returned 1 [0258.344] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7d93f60, ftCreationTime.dwHighDateTime=0x1d8226a, ftLastAccessTime.dwLowDateTime=0x69279ed0, ftLastAccessTime.dwHighDateTime=0x1d824e3, ftLastWriteTime.dwLowDateTime=0x69279ed0, ftLastWriteTime.dwHighDateTime=0x1d824e3, nFileSizeHigh=0x0, nFileSizeLow=0x476f, dwReserved0=0x0, dwReserved1=0x0, cFileName="yyyxWWEm7mOiBW6 ZHN.swf", cAlternateFileName="YYYXWW~1.SWF")) returned 1 [0258.344] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf0316b0, ftCreationTime.dwHighDateTime=0x1d82778, ftLastAccessTime.dwLowDateTime=0x5b8d8e70, ftLastAccessTime.dwHighDateTime=0x1d828f2, ftLastWriteTime.dwLowDateTime=0x5b8d8e70, ftLastWriteTime.dwHighDateTime=0x1d828f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zy7mKTg-1EpZTUNg", cAlternateFileName="ZY7MKT~1")) returned 1 [0258.344] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf0316b0, ftCreationTime.dwHighDateTime=0x1d82778, ftLastAccessTime.dwLowDateTime=0x5b8d8e70, ftLastAccessTime.dwHighDateTime=0x1d828f2, ftLastWriteTime.dwLowDateTime=0x5b8d8e70, ftLastWriteTime.dwHighDateTime=0x1d828f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zy7mKTg-1EpZTUNg", cAlternateFileName="ZY7MKT~1")) returned 0 [0258.344] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0258.345] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0258.345] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0258.345] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi", lpFilePart=0x0) returned 0x3a [0258.346] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi", lpFilePart=0x0) returned 0x3a [0258.346] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi", dwFileAttributes=0x80) returned 1 [0258.346] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0258.346] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\0iwdgxsdnrspppzivnt.avi"), fInfoLevelId=0x0, lpFileInformation=0x2526070 | out: lpFileInformation=0x2526070*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x7b6a0000, ftCreationTime.dwHighDateTime=0x1d82552, ftLastAccessTime.dwLowDateTime=0xaaae5510, ftLastAccessTime.dwHighDateTime=0x1d8265f, ftLastWriteTime.dwLowDateTime=0xaaae5510, ftLastWriteTime.dwHighDateTime=0x1d8265f, nFileSizeHigh=0x0, nFileSizeLow=0x8b25)) returned 1 [0258.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0258.346] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi", lpFilePart=0x0) returned 0x3a [0258.347] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0258.347] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\0iwdgxsdnrspppzivnt.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0258.347] GetFileType (hFile=0x1f4) returned 0x1 [0258.347] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0258.347] GetFileType (hFile=0x1f4) returned 0x1 [0258.347] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x8b25 [0258.347] ReadFile (in: hFile=0x1f4, lpBuffer=0x2526540, nNumberOfBytesToRead=0x8b25, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2526540*, lpNumberOfBytesRead=0x14ed68*=0x8b25, lpOverlapped=0x0) returned 1 [0258.348] CloseHandle (hObject=0x1f4) returned 1 [0258.708] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi", lpFilePart=0x0) returned 0x3a [0258.708] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0258.708] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\0iwdgxsdnrspppzivnt.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0258.710] GetFileType (hFile=0x1f4) returned 0x1 [0258.710] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0258.710] GetFileType (hFile=0x1f4) returned 0x1 [0258.710] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d3cf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d3cf8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0258.711] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d3cf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d3cf8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0258.712] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d3cf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d3cf8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0258.713] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d3cf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d3cf8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0258.714] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d3cf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d3cf8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0258.714] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d3cf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d3cf8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0258.715] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d3cf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d3cf8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0258.715] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d3cf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d3cf8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0258.715] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d3cf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d3cf8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0258.716] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d3cf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d3cf8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0258.716] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d3cf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d3cf8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0258.716] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d3cf8*, nNumberOfBytesToWrite=0xa60, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25d3cf8*, lpNumberOfBytesWritten=0x14ec28*=0xa60, lpOverlapped=0x0) returned 1 [0258.717] CloseHandle (hObject=0x1f4) returned 1 [0258.719] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi", lpFilePart=0x0) returned 0x3a [0258.719] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi.ampkcz", lpFilePart=0x0) returned 0x41 [0258.719] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0258.719] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\0iwdgxsdnrspppzivnt.avi"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b6a0000, ftCreationTime.dwHighDateTime=0x1d82552, ftLastAccessTime.dwLowDateTime=0xaaae5510, ftLastAccessTime.dwHighDateTime=0x1d8265f, ftLastWriteTime.dwLowDateTime=0x889c0e24, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xba60)) returned 1 [0258.719] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0258.719] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\0iwdgxsdnrspppzivnt.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\0iwDGXsDNrSpppZIVnT.avi.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\0iwdgxsdnrspppzivnt.avi.ampkcz")) returned 1 [0258.720] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\readme.txt", lpFilePart=0x0) returned 0x2d [0258.720] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0258.720] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0258.721] GetFileType (hFile=0x1f4) returned 0x1 [0258.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0258.721] GetFileType (hFile=0x1f4) returned 0x1 [0258.722] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d6f40*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x25d6f40*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0258.723] CloseHandle (hObject=0x1f4) returned 1 [0258.724] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4", lpFilePart=0x0) returned 0x38 [0258.724] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4", lpFilePart=0x0) returned 0x38 [0258.724] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4", dwFileAttributes=0x80) returned 1 [0258.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0258.725] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\a7ddqmfioxd4qbg7h.mp4"), fInfoLevelId=0x0, lpFileInformation=0x25d8d48 | out: lpFileInformation=0x25d8d48*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc9d151b0, ftCreationTime.dwHighDateTime=0x1d8236f, ftLastAccessTime.dwLowDateTime=0xa81e8360, ftLastAccessTime.dwHighDateTime=0x1d82718, ftLastWriteTime.dwLowDateTime=0xa81e8360, ftLastWriteTime.dwHighDateTime=0x1d82718, nFileSizeHigh=0x0, nFileSizeLow=0xfe44)) returned 1 [0258.725] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0258.725] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4", lpFilePart=0x0) returned 0x38 [0258.725] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0258.725] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\a7ddqmfioxd4qbg7h.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0258.725] GetFileType (hFile=0x1f4) returned 0x1 [0258.725] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0258.725] GetFileType (hFile=0x1f4) returned 0x1 [0258.725] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xfe44 [0258.726] ReadFile (in: hFile=0x1f4, lpBuffer=0x25d9218, nNumberOfBytesToRead=0xfe44, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25d9218*, lpNumberOfBytesRead=0x14ed68*=0xfe44, lpOverlapped=0x0) returned 1 [0258.727] CloseHandle (hObject=0x1f4) returned 1 [0259.063] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4", lpFilePart=0x0) returned 0x38 [0259.063] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0259.063] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\a7ddqmfioxd4qbg7h.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0259.065] GetFileType (hFile=0x1f4) returned 0x1 [0259.065] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0259.065] GetFileType (hFile=0x1f4) returned 0x1 [0259.065] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.067] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.067] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.067] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.068] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.068] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.069] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.069] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.069] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.070] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.070] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.074] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.075] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.075] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.075] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.076] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.076] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.076] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.077] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.077] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.077] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0259.078] WriteFile (in: hFile=0x1f4, lpBuffer=0x2691ff8*, nNumberOfBytesToWrite=0x3e0, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2691ff8*, lpNumberOfBytesWritten=0x14ec28*=0x3e0, lpOverlapped=0x0) returned 1 [0259.078] CloseHandle (hObject=0x1f4) returned 1 [0259.081] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4", lpFilePart=0x0) returned 0x38 [0259.081] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4.ampkcz", lpFilePart=0x0) returned 0x3f [0259.081] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0259.081] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\a7ddqmfioxd4qbg7h.mp4"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9d151b0, ftCreationTime.dwHighDateTime=0x1d8236f, ftLastAccessTime.dwLowDateTime=0xa81e8360, ftLastAccessTime.dwHighDateTime=0x1d82718, ftLastWriteTime.dwLowDateTime=0x88d35762, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x153e0)) returned 1 [0259.082] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0259.082] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\a7ddqmfioxd4qbg7h.mp4"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\a7DdQmfIOxD4QBG7h.mp4.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\a7ddqmfioxd4qbg7h.mp4.ampkcz")) returned 1 [0259.084] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf", lpFilePart=0x0) returned 0x38 [0259.084] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf", lpFilePart=0x0) returned 0x38 [0259.084] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf", dwFileAttributes=0x80) returned 1 [0259.085] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0259.085] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\qxhed-dny56dhgrvf.swf"), fInfoLevelId=0x0, lpFileInformation=0x2693dd0 | out: lpFileInformation=0x2693dd0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0912820, ftCreationTime.dwHighDateTime=0x1d8231c, ftLastAccessTime.dwLowDateTime=0x2b7ee430, ftLastAccessTime.dwHighDateTime=0x1d82948, ftLastWriteTime.dwLowDateTime=0x2b7ee430, ftLastWriteTime.dwHighDateTime=0x1d82948, nFileSizeHigh=0x0, nFileSizeLow=0x12c11)) returned 1 [0259.085] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0259.085] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf", lpFilePart=0x0) returned 0x38 [0259.085] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0259.085] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\qxhed-dny56dhgrvf.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0259.085] GetFileType (hFile=0x1f4) returned 0x1 [0259.085] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0259.085] GetFileType (hFile=0x1f4) returned 0x1 [0259.085] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x12c11 [0259.086] ReadFile (in: hFile=0x1f4, lpBuffer=0x26942a0, nNumberOfBytesToRead=0x12c11, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x26942a0*, lpNumberOfBytesRead=0x14ed68*=0x12c11, lpOverlapped=0x0) returned 1 [0259.087] CloseHandle (hObject=0x1f4) returned 1 [0259.398] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf", lpFilePart=0x0) returned 0x38 [0259.398] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0259.398] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\qxhed-dny56dhgrvf.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0259.401] GetFileType (hFile=0x1f4) returned 0x1 [0259.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0259.401] GetFileType (hFile=0x1f4) returned 0x1 [0259.401] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.404] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.405] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.405] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.406] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.406] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.407] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.407] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.408] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.408] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.409] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.409] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.410] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.410] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.410] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.411] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.411] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.412] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.412] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.413] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.413] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.414] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.414] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.415] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.415] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0259.416] WriteFile (in: hFile=0x1f4, lpBuffer=0x256f130*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x256f130*, lpNumberOfBytesWritten=0x14ec28*=0xf4, lpOverlapped=0x0) returned 1 [0259.416] CloseHandle (hObject=0x1f4) returned 1 [0259.420] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf", lpFilePart=0x0) returned 0x38 [0259.420] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf.ampkcz", lpFilePart=0x0) returned 0x3f [0259.420] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0259.420] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\qxhed-dny56dhgrvf.swf"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0912820, ftCreationTime.dwHighDateTime=0x1d8231c, ftLastAccessTime.dwLowDateTime=0x2b7ee430, ftLastAccessTime.dwHighDateTime=0x1d82948, ftLastWriteTime.dwLowDateTime=0x89070a86, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x190f4)) returned 1 [0259.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0259.421] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\qxhed-dny56dhgrvf.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\qXHEd-dny56DhgRvf.swf.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\qxhed-dny56dhgrvf.swf.ampkcz")) returned 1 [0259.424] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf", lpFilePart=0x0) returned 0x3a [0259.424] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf", lpFilePart=0x0) returned 0x3a [0259.424] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf", dwFileAttributes=0x80) returned 1 [0259.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0259.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\yyyxwwem7moibw6 zhn.swf"), fInfoLevelId=0x0, lpFileInformation=0x2570f08 | out: lpFileInformation=0x2570f08*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xa7d93f60, ftCreationTime.dwHighDateTime=0x1d8226a, ftLastAccessTime.dwLowDateTime=0x69279ed0, ftLastAccessTime.dwHighDateTime=0x1d824e3, ftLastWriteTime.dwLowDateTime=0x69279ed0, ftLastWriteTime.dwHighDateTime=0x1d824e3, nFileSizeHigh=0x0, nFileSizeLow=0x476f)) returned 1 [0259.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0259.425] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf", lpFilePart=0x0) returned 0x3a [0259.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0259.425] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\yyyxwwem7moibw6 zhn.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0259.426] GetFileType (hFile=0x1f4) returned 0x1 [0259.426] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0259.426] GetFileType (hFile=0x1f4) returned 0x1 [0259.426] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x476f [0259.426] ReadFile (in: hFile=0x1f4, lpBuffer=0x25713d8, nNumberOfBytesToRead=0x476f, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25713d8*, lpNumberOfBytesRead=0x14ed68*=0x476f, lpOverlapped=0x0) returned 1 [0259.461] CloseHandle (hObject=0x1f4) returned 1 [0259.862] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf", lpFilePart=0x0) returned 0x3a [0259.862] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0259.862] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\yyyxwwem7moibw6 zhn.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0259.864] GetFileType (hFile=0x1f4) returned 0x1 [0259.864] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0259.864] GetFileType (hFile=0x1f4) returned 0x1 [0259.865] WriteFile (in: hFile=0x1f4, lpBuffer=0x261d3e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x261d3e0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.867] WriteFile (in: hFile=0x1f4, lpBuffer=0x261d3e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x261d3e0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.867] WriteFile (in: hFile=0x1f4, lpBuffer=0x261d3e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x261d3e0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.868] WriteFile (in: hFile=0x1f4, lpBuffer=0x261d3e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x261d3e0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.872] WriteFile (in: hFile=0x1f4, lpBuffer=0x261d3e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x261d3e0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0259.873] WriteFile (in: hFile=0x1f4, lpBuffer=0x261d3e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x261d3e0*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0259.873] WriteFile (in: hFile=0x1f4, lpBuffer=0x261d3e0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x261d3e0*, lpNumberOfBytesWritten=0x14ec28*=0x8, lpOverlapped=0x0) returned 1 [0259.873] CloseHandle (hObject=0x1f4) returned 1 [0259.876] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf", lpFilePart=0x0) returned 0x3a [0259.876] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf.ampkcz", lpFilePart=0x0) returned 0x41 [0259.876] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0259.876] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\yyyxwwem7moibw6 zhn.swf"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7d93f60, ftCreationTime.dwHighDateTime=0x1d8226a, ftLastAccessTime.dwLowDateTime=0x69279ed0, ftLastAccessTime.dwHighDateTime=0x1d824e3, ftLastWriteTime.dwLowDateTime=0x894c81c1, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6008)) returned 1 [0259.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0259.877] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\yyyxwwem7moibw6 zhn.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\yyyxWWEm7mOiBW6 ZHN.swf.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\yyyxwwem7moibw6 zhn.swf.ampkcz")) returned 1 [0259.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0259.878] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP", lpFilePart=0x0) returned 0x22 [0259.878] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\", lpFilePart=0x0) returned 0x23 [0259.878] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60c2f250, ftCreationTime.dwHighDateTime=0x1d81c80, ftLastAccessTime.dwLowDateTime=0x894cc6d0, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x894cc6d0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0259.879] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x60c2f250, ftCreationTime.dwHighDateTime=0x1d81c80, ftLastAccessTime.dwLowDateTime=0x894cc6d0, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x894cc6d0, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0259.879] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7b6a0000, ftCreationTime.dwHighDateTime=0x1d82552, ftLastAccessTime.dwLowDateTime=0xaaae5510, ftLastAccessTime.dwHighDateTime=0x1d8265f, ftLastWriteTime.dwLowDateTime=0x889c0e24, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xba60, dwReserved0=0x0, dwReserved1=0x0, cFileName="0iwDGXsDNrSpppZIVnT.avi.ampkcz", cAlternateFileName="0IWDGX~1.AMP")) returned 1 [0259.879] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf5e0c390, ftCreationTime.dwHighDateTime=0x1d820e4, ftLastAccessTime.dwLowDateTime=0x975fe170, ftLastAccessTime.dwHighDateTime=0x1d82116, ftLastWriteTime.dwLowDateTime=0x975fe170, ftLastWriteTime.dwHighDateTime=0x1d82116, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="8X_R6tS_L1CAcWN4P", cAlternateFileName="8X_R6T~1")) returned 1 [0259.879] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc9d151b0, ftCreationTime.dwHighDateTime=0x1d8236f, ftLastAccessTime.dwLowDateTime=0xa81e8360, ftLastAccessTime.dwHighDateTime=0x1d82718, ftLastWriteTime.dwLowDateTime=0x88d35762, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x153e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="a7DdQmfIOxD4QBG7h.mp4.ampkcz", cAlternateFileName="A7DDQM~1.AMP")) returned 1 [0259.880] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x521df7e0, ftCreationTime.dwHighDateTime=0x1d81ded, ftLastAccessTime.dwLowDateTime=0x16288c80, ftLastAccessTime.dwHighDateTime=0x1d82358, ftLastWriteTime.dwLowDateTime=0x16288c80, ftLastWriteTime.dwHighDateTime=0x1d82358, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="M4-hXnJU", cAlternateFileName="")) returned 1 [0259.880] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0912820, ftCreationTime.dwHighDateTime=0x1d8231c, ftLastAccessTime.dwLowDateTime=0x2b7ee430, ftLastAccessTime.dwHighDateTime=0x1d82948, ftLastWriteTime.dwLowDateTime=0x89070a86, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x190f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="qXHEd-dny56DhgRvf.swf.ampkcz", cAlternateFileName="QXHED-~1.AMP")) returned 1 [0259.880] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x889c4e00, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x889c4e00, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x889cae84, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0259.880] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x72d898c0, ftCreationTime.dwHighDateTime=0x1d82011, ftLastAccessTime.dwLowDateTime=0x876d00, ftLastAccessTime.dwHighDateTime=0x1d82246, ftLastWriteTime.dwLowDateTime=0x876d00, ftLastWriteTime.dwHighDateTime=0x1d82246, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tZCj_rPznWAx", cAlternateFileName="TZCJ_R~1")) returned 1 [0259.881] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7d93f60, ftCreationTime.dwHighDateTime=0x1d8226a, ftLastAccessTime.dwLowDateTime=0x69279ed0, ftLastAccessTime.dwHighDateTime=0x1d824e3, ftLastWriteTime.dwLowDateTime=0x894c81c1, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6008, dwReserved0=0x0, dwReserved1=0x0, cFileName="yyyxWWEm7mOiBW6 ZHN.swf.ampkcz", cAlternateFileName="YYYXWW~1.AMP")) returned 1 [0259.881] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf0316b0, ftCreationTime.dwHighDateTime=0x1d82778, ftLastAccessTime.dwLowDateTime=0x5b8d8e70, ftLastAccessTime.dwHighDateTime=0x1d828f2, ftLastWriteTime.dwLowDateTime=0x5b8d8e70, ftLastWriteTime.dwHighDateTime=0x1d828f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Zy7mKTg-1EpZTUNg", cAlternateFileName="ZY7MKT~1")) returned 1 [0259.881] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0259.881] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0259.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0259.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0259.882] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0259.882] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P", lpFilePart=0x0) returned 0x34 [0259.882] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\", lpFilePart=0x0) returned 0x35 [0259.882] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf5e0c390, ftCreationTime.dwHighDateTime=0x1d820e4, ftLastAccessTime.dwLowDateTime=0x975fe170, ftLastAccessTime.dwHighDateTime=0x1d82116, ftLastWriteTime.dwLowDateTime=0x975fe170, ftLastWriteTime.dwHighDateTime=0x1d82116, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0259.883] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf5e0c390, ftCreationTime.dwHighDateTime=0x1d820e4, ftLastAccessTime.dwLowDateTime=0x975fe170, ftLastAccessTime.dwHighDateTime=0x1d82116, ftLastWriteTime.dwLowDateTime=0x975fe170, ftLastWriteTime.dwHighDateTime=0x1d82116, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0259.883] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcd0d620, ftCreationTime.dwHighDateTime=0x1d827b4, ftLastAccessTime.dwLowDateTime=0x8d7b0b10, ftLastAccessTime.dwHighDateTime=0x1d827fd, ftLastWriteTime.dwLowDateTime=0x8d7b0b10, ftLastWriteTime.dwHighDateTime=0x1d827fd, nFileSizeHigh=0x0, nFileSizeLow=0xbeda, dwReserved0=0x0, dwReserved1=0x0, cFileName="1x_OwfxD.swf", cAlternateFileName="")) returned 1 [0259.884] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8e7a0d0, ftCreationTime.dwHighDateTime=0x1d821b5, ftLastAccessTime.dwLowDateTime=0x9e5fb5e0, ftLastAccessTime.dwHighDateTime=0x1d8274c, ftLastWriteTime.dwLowDateTime=0x9e5fb5e0, ftLastWriteTime.dwHighDateTime=0x1d8274c, nFileSizeHigh=0x0, nFileSizeLow=0xfb34, dwReserved0=0x0, dwReserved1=0x0, cFileName="AIG9Hnho9.mkv", cAlternateFileName="AIG9HN~1.MKV")) returned 1 [0259.884] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d98d00, ftCreationTime.dwHighDateTime=0x1d8219e, ftLastAccessTime.dwLowDateTime=0x5b6aada0, ftLastAccessTime.dwHighDateTime=0x1d82493, ftLastWriteTime.dwLowDateTime=0x5b6aada0, ftLastWriteTime.dwHighDateTime=0x1d82493, nFileSizeHigh=0x0, nFileSizeLow=0x11d6c, dwReserved0=0x0, dwReserved1=0x0, cFileName="t6JOvYCwCxGM1H _Xi.flv", cAlternateFileName="T6JOVY~1.FLV")) returned 1 [0259.884] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6fc56b0, ftCreationTime.dwHighDateTime=0x1d82029, ftLastAccessTime.dwLowDateTime=0xf1c49830, ftLastAccessTime.dwHighDateTime=0x1d82711, ftLastWriteTime.dwLowDateTime=0xf1c49830, ftLastWriteTime.dwHighDateTime=0x1d82711, nFileSizeHigh=0x0, nFileSizeLow=0x10218, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vkpe.mp4", cAlternateFileName="")) returned 1 [0259.884] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0259.884] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0259.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0259.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0259.887] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf", lpFilePart=0x0) returned 0x41 [0259.887] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf", lpFilePart=0x0) returned 0x41 [0259.887] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf", dwFileAttributes=0x80) returned 1 [0259.888] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0259.888] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\1x_owfxd.swf"), fInfoLevelId=0x0, lpFileInformation=0x2621fd0 | out: lpFileInformation=0x2621fd0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xdcd0d620, ftCreationTime.dwHighDateTime=0x1d827b4, ftLastAccessTime.dwLowDateTime=0x8d7b0b10, ftLastAccessTime.dwHighDateTime=0x1d827fd, ftLastWriteTime.dwLowDateTime=0x8d7b0b10, ftLastWriteTime.dwHighDateTime=0x1d827fd, nFileSizeHigh=0x0, nFileSizeLow=0xbeda)) returned 1 [0259.889] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0259.889] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf", lpFilePart=0x0) returned 0x41 [0259.889] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0259.889] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\1x_owfxd.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0259.889] GetFileType (hFile=0x1f4) returned 0x1 [0259.890] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0259.890] GetFileType (hFile=0x1f4) returned 0x1 [0259.890] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0xbeda [0259.890] ReadFile (in: hFile=0x1f4, lpBuffer=0x26224b0, nNumberOfBytesToRead=0xbeda, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x26224b0*, lpNumberOfBytesRead=0x14ecf8*=0xbeda, lpOverlapped=0x0) returned 1 [0259.891] CloseHandle (hObject=0x1f4) returned 1 [0260.256] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf", lpFilePart=0x0) returned 0x41 [0260.256] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0260.256] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\1x_owfxd.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0260.258] GetFileType (hFile=0x1f4) returned 0x1 [0260.258] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0260.258] GetFileType (hFile=0x1f4) returned 0x1 [0260.258] WriteFile (in: hFile=0x1f4, lpBuffer=0x26cb4d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26cb4d0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.259] WriteFile (in: hFile=0x1f4, lpBuffer=0x26cb4d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26cb4d0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.260] WriteFile (in: hFile=0x1f4, lpBuffer=0x26cb4d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26cb4d0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.260] WriteFile (in: hFile=0x1f4, lpBuffer=0x26cb4d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26cb4d0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.260] WriteFile (in: hFile=0x1f4, lpBuffer=0x26cb4d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26cb4d0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.261] WriteFile (in: hFile=0x1f4, lpBuffer=0x26cb4d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26cb4d0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.261] WriteFile (in: hFile=0x1f4, lpBuffer=0x26cb4d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26cb4d0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.261] WriteFile (in: hFile=0x1f4, lpBuffer=0x26cb4d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26cb4d0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.262] WriteFile (in: hFile=0x1f4, lpBuffer=0x26cb4d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26cb4d0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.262] WriteFile (in: hFile=0x1f4, lpBuffer=0x26cb4d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26cb4d0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.262] WriteFile (in: hFile=0x1f4, lpBuffer=0x26cb4d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26cb4d0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.263] WriteFile (in: hFile=0x1f4, lpBuffer=0x26cb4d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26cb4d0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.263] WriteFile (in: hFile=0x1f4, lpBuffer=0x26cb4d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26cb4d0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.263] WriteFile (in: hFile=0x1f4, lpBuffer=0x26cb4d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26cb4d0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.264] WriteFile (in: hFile=0x1f4, lpBuffer=0x26cb4d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26cb4d0*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.264] WriteFile (in: hFile=0x1f4, lpBuffer=0x26cb4d0*, nNumberOfBytesToWrite=0xf48, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x26cb4d0*, lpNumberOfBytesWritten=0x14ebb8*=0xf48, lpOverlapped=0x0) returned 1 [0260.265] CloseHandle (hObject=0x1f4) returned 1 [0260.267] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf", lpFilePart=0x0) returned 0x41 [0260.267] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf.ampkcz", lpFilePart=0x0) returned 0x48 [0260.267] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0260.268] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\1x_owfxd.swf"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcd0d620, ftCreationTime.dwHighDateTime=0x1d827b4, ftLastAccessTime.dwLowDateTime=0x8d7b0b10, ftLastAccessTime.dwHighDateTime=0x1d827fd, ftLastWriteTime.dwLowDateTime=0x89885160, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xff48)) returned 1 [0260.268] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0260.268] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\1x_owfxd.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\1x_OwfxD.swf.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\1x_owfxd.swf.ampkcz")) returned 1 [0260.269] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\readme.txt", lpFilePart=0x0) returned 0x3f [0260.269] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0260.269] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0260.270] GetFileType (hFile=0x1f4) returned 0x1 [0260.270] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0260.270] GetFileType (hFile=0x1f4) returned 0x1 [0260.270] WriteFile (in: hFile=0x1f4, lpBuffer=0x26ce788*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ec68, lpOverlapped=0x0 | out: lpBuffer=0x26ce788*, lpNumberOfBytesWritten=0x14ec68*=0x6c6, lpOverlapped=0x0) returned 1 [0260.271] CloseHandle (hObject=0x1f4) returned 1 [0260.273] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv", lpFilePart=0x0) returned 0x42 [0260.273] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv", lpFilePart=0x0) returned 0x42 [0260.273] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv", dwFileAttributes=0x80) returned 1 [0260.273] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0260.273] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\aig9hnho9.mkv"), fInfoLevelId=0x0, lpFileInformation=0x26d0698 | out: lpFileInformation=0x26d0698*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc8e7a0d0, ftCreationTime.dwHighDateTime=0x1d821b5, ftLastAccessTime.dwLowDateTime=0x9e5fb5e0, ftLastAccessTime.dwHighDateTime=0x1d8274c, ftLastWriteTime.dwLowDateTime=0x9e5fb5e0, ftLastWriteTime.dwHighDateTime=0x1d8274c, nFileSizeHigh=0x0, nFileSizeLow=0xfb34)) returned 1 [0260.273] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0260.274] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv", lpFilePart=0x0) returned 0x42 [0260.274] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0260.274] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\aig9hnho9.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0260.274] GetFileType (hFile=0x1f4) returned 0x1 [0260.274] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0260.274] GetFileType (hFile=0x1f4) returned 0x1 [0260.274] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0xfb34 [0260.275] ReadFile (in: hFile=0x1f4, lpBuffer=0x26d0b78, nNumberOfBytesToRead=0xfb34, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x26d0b78*, lpNumberOfBytesRead=0x14ecf8*=0xfb34, lpOverlapped=0x0) returned 1 [0260.276] CloseHandle (hObject=0x1f4) returned 1 [0260.956] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv", lpFilePart=0x0) returned 0x42 [0260.956] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0260.956] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\aig9hnho9.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0260.958] GetFileType (hFile=0x1f4) returned 0x1 [0260.958] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0260.958] GetFileType (hFile=0x1f4) returned 0x1 [0260.958] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.959] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.960] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.960] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.961] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.961] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.961] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.962] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.962] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.962] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.963] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.963] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.963] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.964] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.964] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.964] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.965] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.965] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.966] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.966] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0260.967] WriteFile (in: hFile=0x1f4, lpBuffer=0x2597868*, nNumberOfBytesToWrite=0xfc8, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x2597868*, lpNumberOfBytesWritten=0x14ebb8*=0xfc8, lpOverlapped=0x0) returned 1 [0260.967] CloseHandle (hObject=0x1f4) returned 1 [0260.972] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv", lpFilePart=0x0) returned 0x42 [0260.972] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv.ampkcz", lpFilePart=0x0) returned 0x49 [0260.972] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0260.972] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\aig9hnho9.mkv"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8e7a0d0, ftCreationTime.dwHighDateTime=0x1d821b5, ftLastAccessTime.dwLowDateTime=0x9e5fb5e0, ftLastAccessTime.dwHighDateTime=0x1d8274c, ftLastWriteTime.dwLowDateTime=0x89f38c64, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x14fc8)) returned 1 [0260.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0260.972] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\aig9hnho9.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\AIG9Hnho9.mkv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\aig9hnho9.mkv.ampkcz")) returned 1 [0260.978] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv", lpFilePart=0x0) returned 0x4b [0260.978] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv", lpFilePart=0x0) returned 0x4b [0260.978] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv", dwFileAttributes=0x80) returned 1 [0260.979] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0260.979] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\t6jovycwcxgm1h _xi.flv"), fInfoLevelId=0x0, lpFileInformation=0x2599860 | out: lpFileInformation=0x2599860*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x31d98d00, ftCreationTime.dwHighDateTime=0x1d8219e, ftLastAccessTime.dwLowDateTime=0x5b6aada0, ftLastAccessTime.dwHighDateTime=0x1d82493, ftLastWriteTime.dwLowDateTime=0x5b6aada0, ftLastWriteTime.dwHighDateTime=0x1d82493, nFileSizeHigh=0x0, nFileSizeLow=0x11d6c)) returned 1 [0260.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0260.980] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv", lpFilePart=0x0) returned 0x4b [0260.980] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0260.980] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\t6jovycwcxgm1h _xi.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0260.980] GetFileType (hFile=0x1f4) returned 0x1 [0260.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0260.980] GetFileType (hFile=0x1f4) returned 0x1 [0260.980] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x11d6c [0260.980] ReadFile (in: hFile=0x1f4, lpBuffer=0x2599d90, nNumberOfBytesToRead=0x11d6c, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x2599d90*, lpNumberOfBytesRead=0x14ecf8*=0x11d6c, lpOverlapped=0x0) returned 1 [0260.982] CloseHandle (hObject=0x1f4) returned 1 [0261.376] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv", lpFilePart=0x0) returned 0x4b [0261.376] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0261.376] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\t6jovycwcxgm1h _xi.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0261.379] GetFileType (hFile=0x1f4) returned 0x1 [0261.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0261.379] GetFileType (hFile=0x1f4) returned 0x1 [0261.379] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.381] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.381] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.382] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.382] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.383] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.385] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.385] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.386] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.386] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.387] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.387] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.388] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.388] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.389] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.389] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.390] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.390] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.391] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.391] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.392] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.392] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.393] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.393] WriteFile (in: hFile=0x1f4, lpBuffer=0x265a810*, nNumberOfBytesToWrite=0xd60, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x265a810*, lpNumberOfBytesWritten=0x14ebb8*=0xd60, lpOverlapped=0x0) returned 1 [0261.396] CloseHandle (hObject=0x1f4) returned 1 [0261.400] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv", lpFilePart=0x0) returned 0x4b [0261.400] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv.ampkcz", lpFilePart=0x0) returned 0x52 [0261.400] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0261.401] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\t6jovycwcxgm1h _xi.flv"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d98d00, ftCreationTime.dwHighDateTime=0x1d8219e, ftLastAccessTime.dwLowDateTime=0x5b6aada0, ftLastAccessTime.dwHighDateTime=0x1d82493, ftLastWriteTime.dwLowDateTime=0x8a352d0d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x17d60)) returned 1 [0261.401] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0261.401] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\t6jovycwcxgm1h _xi.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\t6JOvYCwCxGM1H _Xi.flv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\t6jovycwcxgm1h _xi.flv.ampkcz")) returned 1 [0261.403] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4", lpFilePart=0x0) returned 0x3d [0261.403] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4", lpFilePart=0x0) returned 0x3d [0261.403] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4", dwFileAttributes=0x80) returned 1 [0261.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0261.405] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\vkpe.mp4"), fInfoLevelId=0x0, lpFileInformation=0x265c0c8 | out: lpFileInformation=0x265c0c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf6fc56b0, ftCreationTime.dwHighDateTime=0x1d82029, ftLastAccessTime.dwLowDateTime=0xf1c49830, ftLastAccessTime.dwHighDateTime=0x1d82711, ftLastWriteTime.dwLowDateTime=0xf1c49830, ftLastWriteTime.dwHighDateTime=0x1d82711, nFileSizeHigh=0x0, nFileSizeLow=0x10218)) returned 1 [0261.405] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0261.405] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4", lpFilePart=0x0) returned 0x3d [0261.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0261.405] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\vkpe.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0261.406] GetFileType (hFile=0x1f4) returned 0x1 [0261.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0261.406] GetFileType (hFile=0x1f4) returned 0x1 [0261.406] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x10218 [0261.406] ReadFile (in: hFile=0x1f4, lpBuffer=0x265c580, nNumberOfBytesToRead=0x10218, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x265c580*, lpNumberOfBytesRead=0x14ecf8*=0x10218, lpOverlapped=0x0) returned 1 [0261.408] CloseHandle (hObject=0x1f4) returned 1 [0261.817] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4", lpFilePart=0x0) returned 0x3d [0261.817] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0261.817] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\vkpe.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0261.819] GetFileType (hFile=0x1f4) returned 0x1 [0261.819] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0261.819] GetFileType (hFile=0x1f4) returned 0x1 [0261.820] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.821] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.821] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.821] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.822] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.822] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.822] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.823] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.823] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.823] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.824] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.824] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.825] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.825] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.826] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.826] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.826] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.827] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.827] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.827] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.828] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0261.828] WriteFile (in: hFile=0x1f4, lpBuffer=0x2521a40*, nNumberOfBytesToWrite=0x8f4, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x2521a40*, lpNumberOfBytesWritten=0x14ebb8*=0x8f4, lpOverlapped=0x0) returned 1 [0261.828] CloseHandle (hObject=0x1f4) returned 1 [0261.832] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4", lpFilePart=0x0) returned 0x3d [0261.832] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4.ampkcz", lpFilePart=0x0) returned 0x44 [0261.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0261.832] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\vkpe.mp4"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6fc56b0, ftCreationTime.dwHighDateTime=0x1d82029, ftLastAccessTime.dwLowDateTime=0xf1c49830, ftLastAccessTime.dwHighDateTime=0x1d82711, ftLastWriteTime.dwLowDateTime=0x8a770638, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x158f4)) returned 1 [0261.832] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0261.832] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\vkpe.mp4"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\Vkpe.mp4.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\8x_r6ts_l1cacwn4p\\vkpe.mp4.ampkcz")) returned 1 [0261.836] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0261.836] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P", lpFilePart=0x0) returned 0x34 [0261.836] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\", lpFilePart=0x0) returned 0x35 [0261.837] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\8X_R6tS_L1CAcWN4P\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf5e0c390, ftCreationTime.dwHighDateTime=0x1d820e4, ftLastAccessTime.dwLowDateTime=0x8a772c53, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8a772c53, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0261.837] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf5e0c390, ftCreationTime.dwHighDateTime=0x1d820e4, ftLastAccessTime.dwLowDateTime=0x8a772c53, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8a772c53, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0261.837] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdcd0d620, ftCreationTime.dwHighDateTime=0x1d827b4, ftLastAccessTime.dwLowDateTime=0x8d7b0b10, ftLastAccessTime.dwHighDateTime=0x1d827fd, ftLastWriteTime.dwLowDateTime=0x89885160, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xff48, dwReserved0=0x0, dwReserved1=0x0, cFileName="1x_OwfxD.swf.ampkcz", cAlternateFileName="1X_OWF~1.AMP")) returned 1 [0261.837] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8e7a0d0, ftCreationTime.dwHighDateTime=0x1d821b5, ftLastAccessTime.dwLowDateTime=0x9e5fb5e0, ftLastAccessTime.dwHighDateTime=0x1d8274c, ftLastWriteTime.dwLowDateTime=0x89f38c64, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x14fc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="AIG9Hnho9.mkv.ampkcz", cAlternateFileName="AIG9HN~1.AMP")) returned 1 [0261.838] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8988a55c, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x8988a55c, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8989073b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0261.838] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31d98d00, ftCreationTime.dwHighDateTime=0x1d8219e, ftLastAccessTime.dwLowDateTime=0x5b6aada0, ftLastAccessTime.dwHighDateTime=0x1d82493, ftLastWriteTime.dwLowDateTime=0x8a352d0d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x17d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="t6JOvYCwCxGM1H _Xi.flv.ampkcz", cAlternateFileName="T6JOVY~1.AMP")) returned 1 [0261.838] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6fc56b0, ftCreationTime.dwHighDateTime=0x1d82029, ftLastAccessTime.dwLowDateTime=0xf1c49830, ftLastAccessTime.dwHighDateTime=0x1d82711, ftLastWriteTime.dwLowDateTime=0x8a770638, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x158f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vkpe.mp4.ampkcz", cAlternateFileName="VKPEMP~1.AMP")) returned 1 [0261.838] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6fc56b0, ftCreationTime.dwHighDateTime=0x1d82029, ftLastAccessTime.dwLowDateTime=0xf1c49830, ftLastAccessTime.dwHighDateTime=0x1d82711, ftLastWriteTime.dwLowDateTime=0x8a770638, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x158f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vkpe.mp4.ampkcz", cAlternateFileName="VKPEMP~1.AMP")) returned 0 [0261.838] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0261.838] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0261.839] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0261.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0261.839] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU", lpFilePart=0x0) returned 0x2b [0261.839] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\", lpFilePart=0x0) returned 0x2c [0261.839] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x521df7e0, ftCreationTime.dwHighDateTime=0x1d81ded, ftLastAccessTime.dwLowDateTime=0x16288c80, ftLastAccessTime.dwHighDateTime=0x1d82358, ftLastWriteTime.dwLowDateTime=0x16288c80, ftLastWriteTime.dwHighDateTime=0x1d82358, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0261.839] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x521df7e0, ftCreationTime.dwHighDateTime=0x1d81ded, ftLastAccessTime.dwLowDateTime=0x16288c80, ftLastAccessTime.dwHighDateTime=0x1d82358, ftLastWriteTime.dwLowDateTime=0x16288c80, ftLastWriteTime.dwHighDateTime=0x1d82358, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0261.839] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8801e320, ftCreationTime.dwHighDateTime=0x1d824e7, ftLastAccessTime.dwLowDateTime=0x96d6b870, ftLastAccessTime.dwHighDateTime=0x1d825f1, ftLastWriteTime.dwLowDateTime=0x96d6b870, ftLastWriteTime.dwHighDateTime=0x1d825f1, nFileSizeHigh=0x0, nFileSizeLow=0x10349, dwReserved0=0x0, dwReserved1=0x0, cFileName="_DLbpsl.avi", cAlternateFileName="")) returned 1 [0261.840] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0261.840] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0261.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0261.840] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0261.841] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi", lpFilePart=0x0) returned 0x37 [0261.841] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi", lpFilePart=0x0) returned 0x37 [0261.841] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi", dwFileAttributes=0x80) returned 1 [0261.842] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0261.842] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\m4-hxnju\\_dlbpsl.avi"), fInfoLevelId=0x0, lpFileInformation=0x25255c8 | out: lpFileInformation=0x25255c8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8801e320, ftCreationTime.dwHighDateTime=0x1d824e7, ftLastAccessTime.dwLowDateTime=0x96d6b870, ftLastAccessTime.dwHighDateTime=0x1d825f1, ftLastWriteTime.dwLowDateTime=0x96d6b870, ftLastWriteTime.dwHighDateTime=0x1d825f1, nFileSizeHigh=0x0, nFileSizeLow=0x10349)) returned 1 [0261.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0261.842] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi", lpFilePart=0x0) returned 0x37 [0261.842] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0261.842] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\m4-hxnju\\_dlbpsl.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0261.842] GetFileType (hFile=0x1f4) returned 0x1 [0261.842] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0261.842] GetFileType (hFile=0x1f4) returned 0x1 [0261.842] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x10349 [0261.842] ReadFile (in: hFile=0x1f4, lpBuffer=0x2525a50, nNumberOfBytesToRead=0x10349, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x2525a50*, lpNumberOfBytesRead=0x14ecf8*=0x10349, lpOverlapped=0x0) returned 1 [0261.844] CloseHandle (hObject=0x1f4) returned 1 [0262.212] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi", lpFilePart=0x0) returned 0x37 [0262.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0262.221] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\m4-hxnju\\_dlbpsl.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0262.224] GetFileType (hFile=0x1f4) returned 0x1 [0262.224] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0262.224] GetFileType (hFile=0x1f4) returned 0x1 [0262.224] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.226] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.226] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.226] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.227] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.227] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.228] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.229] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.229] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.230] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.230] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.231] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.231] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.231] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.232] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.232] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.233] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.233] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.234] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.234] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.235] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.235] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dfc10*, nNumberOfBytesToWrite=0xa88, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x25dfc10*, lpNumberOfBytesWritten=0x14ebb8*=0xa88, lpOverlapped=0x0) returned 1 [0262.235] CloseHandle (hObject=0x1f4) returned 1 [0262.240] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi", lpFilePart=0x0) returned 0x37 [0262.240] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi.ampkcz", lpFilePart=0x0) returned 0x3e [0262.240] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0262.241] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\m4-hxnju\\_dlbpsl.avi"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8801e320, ftCreationTime.dwHighDateTime=0x1d824e7, ftLastAccessTime.dwLowDateTime=0x96d6b870, ftLastAccessTime.dwHighDateTime=0x1d825f1, ftLastWriteTime.dwLowDateTime=0x8ab53274, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x15a88)) returned 1 [0262.241] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0262.241] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\m4-hxnju\\_dlbpsl.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\_DLbpsl.avi.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\m4-hxnju\\_dlbpsl.avi.ampkcz")) returned 1 [0262.245] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\readme.txt", lpFilePart=0x0) returned 0x36 [0262.245] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0262.245] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\m4-hxnju\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0262.247] GetFileType (hFile=0x1f4) returned 0x1 [0262.247] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0262.247] GetFileType (hFile=0x1f4) returned 0x1 [0262.251] WriteFile (in: hFile=0x1f4, lpBuffer=0x25e2e60*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ec68, lpOverlapped=0x0 | out: lpBuffer=0x25e2e60*, lpNumberOfBytesWritten=0x14ec68*=0x6c6, lpOverlapped=0x0) returned 1 [0262.253] CloseHandle (hObject=0x1f4) returned 1 [0262.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0262.253] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU", lpFilePart=0x0) returned 0x2b [0262.253] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\", lpFilePart=0x0) returned 0x2c [0262.253] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\M4-hXnJU\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x521df7e0, ftCreationTime.dwHighDateTime=0x1d81ded, ftLastAccessTime.dwLowDateTime=0x8ab5ba84, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8ab644b8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0262.254] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x521df7e0, ftCreationTime.dwHighDateTime=0x1d81ded, ftLastAccessTime.dwLowDateTime=0x8ab5ba84, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8ab644b8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0262.254] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ab62fdc, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x8ab62fdc, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8ab75310, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0262.254] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8801e320, ftCreationTime.dwHighDateTime=0x1d824e7, ftLastAccessTime.dwLowDateTime=0x96d6b870, ftLastAccessTime.dwHighDateTime=0x1d825f1, ftLastWriteTime.dwLowDateTime=0x8ab53274, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x15a88, dwReserved0=0x0, dwReserved1=0x0, cFileName="_DLbpsl.avi.ampkcz", cAlternateFileName="_DLBPS~1.AMP")) returned 1 [0262.254] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8801e320, ftCreationTime.dwHighDateTime=0x1d824e7, ftLastAccessTime.dwLowDateTime=0x96d6b870, ftLastAccessTime.dwHighDateTime=0x1d825f1, ftLastWriteTime.dwLowDateTime=0x8ab53274, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x15a88, dwReserved0=0x0, dwReserved1=0x0, cFileName="_DLbpsl.avi.ampkcz", cAlternateFileName="_DLBPS~1.AMP")) returned 0 [0262.255] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0262.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0262.255] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0262.255] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0262.255] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx", lpFilePart=0x0) returned 0x2f [0262.255] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\", lpFilePart=0x0) returned 0x30 [0262.255] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x72d898c0, ftCreationTime.dwHighDateTime=0x1d82011, ftLastAccessTime.dwLowDateTime=0x876d00, ftLastAccessTime.dwHighDateTime=0x1d82246, ftLastWriteTime.dwLowDateTime=0x876d00, ftLastWriteTime.dwHighDateTime=0x1d82246, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0262.256] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x72d898c0, ftCreationTime.dwHighDateTime=0x1d82011, ftLastAccessTime.dwLowDateTime=0x876d00, ftLastAccessTime.dwHighDateTime=0x1d82246, ftLastWriteTime.dwLowDateTime=0x876d00, ftLastWriteTime.dwHighDateTime=0x1d82246, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0262.256] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2bf1f00, ftCreationTime.dwHighDateTime=0x1d829e9, ftLastAccessTime.dwLowDateTime=0x58489690, ftLastAccessTime.dwHighDateTime=0x1d829f8, ftLastWriteTime.dwLowDateTime=0x58489690, ftLastWriteTime.dwHighDateTime=0x1d829f8, nFileSizeHigh=0x0, nFileSizeLow=0x4f43, dwReserved0=0x0, dwReserved1=0x0, cFileName="d2w8Ci4H.avi", cAlternateFileName="")) returned 1 [0262.256] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f8c51d0, ftCreationTime.dwHighDateTime=0x1d81a35, ftLastAccessTime.dwLowDateTime=0xa4fcabe0, ftLastAccessTime.dwHighDateTime=0x1d82555, ftLastWriteTime.dwLowDateTime=0xa4fcabe0, ftLastWriteTime.dwHighDateTime=0x1d82555, nFileSizeHigh=0x0, nFileSizeLow=0xfcb2, dwReserved0=0x0, dwReserved1=0x0, cFileName="T6Yj2eG4IStLBi.flv", cAlternateFileName="T6YJ2E~1.FLV")) returned 1 [0262.256] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0faef00, ftCreationTime.dwHighDateTime=0x1d82074, ftLastAccessTime.dwLowDateTime=0xd6c822d0, ftLastAccessTime.dwHighDateTime=0x1d82627, ftLastWriteTime.dwLowDateTime=0xd6c822d0, ftLastWriteTime.dwHighDateTime=0x1d82627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vso6J6hoPFuL_PO3n", cAlternateFileName="VSO6J6~1")) returned 1 [0262.257] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0faef00, ftCreationTime.dwHighDateTime=0x1d82074, ftLastAccessTime.dwLowDateTime=0xd6c822d0, ftLastAccessTime.dwHighDateTime=0x1d82627, ftLastWriteTime.dwLowDateTime=0xd6c822d0, ftLastWriteTime.dwHighDateTime=0x1d82627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vso6J6hoPFuL_PO3n", cAlternateFileName="VSO6J6~1")) returned 0 [0262.257] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0262.257] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0262.257] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0262.258] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi", lpFilePart=0x0) returned 0x3c [0262.258] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi", lpFilePart=0x0) returned 0x3c [0262.258] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi", dwFileAttributes=0x80) returned 1 [0262.264] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0262.264] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\d2w8ci4h.avi"), fInfoLevelId=0x0, lpFileInformation=0x25e6d30 | out: lpFileInformation=0x25e6d30*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf2bf1f00, ftCreationTime.dwHighDateTime=0x1d829e9, ftLastAccessTime.dwLowDateTime=0x58489690, ftLastAccessTime.dwHighDateTime=0x1d829f8, ftLastWriteTime.dwLowDateTime=0x58489690, ftLastWriteTime.dwHighDateTime=0x1d829f8, nFileSizeHigh=0x0, nFileSizeLow=0x4f43)) returned 1 [0262.264] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0262.264] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi", lpFilePart=0x0) returned 0x3c [0262.264] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0262.264] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\d2w8ci4h.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0262.265] GetFileType (hFile=0x1f4) returned 0x1 [0262.265] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0262.266] GetFileType (hFile=0x1f4) returned 0x1 [0262.266] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x4f43 [0262.266] ReadFile (in: hFile=0x1f4, lpBuffer=0x25e71f8, nNumberOfBytesToRead=0x4f43, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x25e71f8*, lpNumberOfBytesRead=0x14ecf8*=0x4f43, lpOverlapped=0x0) returned 1 [0262.267] CloseHandle (hObject=0x1f4) returned 1 [0262.731] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi", lpFilePart=0x0) returned 0x3c [0262.732] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0262.732] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\d2w8ci4h.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0262.737] GetFileType (hFile=0x1f4) returned 0x1 [0262.737] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0262.737] GetFileType (hFile=0x1f4) returned 0x1 [0262.737] WriteFile (in: hFile=0x1f4, lpBuffer=0x2698b38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2698b38*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.739] WriteFile (in: hFile=0x1f4, lpBuffer=0x2698b38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2698b38*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.739] WriteFile (in: hFile=0x1f4, lpBuffer=0x2698b38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2698b38*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.740] WriteFile (in: hFile=0x1f4, lpBuffer=0x2698b38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2698b38*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.740] WriteFile (in: hFile=0x1f4, lpBuffer=0x2698b38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2698b38*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.741] WriteFile (in: hFile=0x1f4, lpBuffer=0x2698b38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2698b38*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0262.741] WriteFile (in: hFile=0x1f4, lpBuffer=0x2698b38*, nNumberOfBytesToWrite=0xa88, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x2698b38*, lpNumberOfBytesWritten=0x14ebb8*=0xa88, lpOverlapped=0x0) returned 1 [0262.741] CloseHandle (hObject=0x1f4) returned 1 [0262.744] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi", lpFilePart=0x0) returned 0x3c [0262.744] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi.ampkcz", lpFilePart=0x0) returned 0x43 [0262.744] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0262.744] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\d2w8ci4h.avi"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2bf1f00, ftCreationTime.dwHighDateTime=0x1d829e9, ftLastAccessTime.dwLowDateTime=0x58489690, ftLastAccessTime.dwHighDateTime=0x1d829f8, ftLastWriteTime.dwLowDateTime=0x8b022d42, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6a88)) returned 1 [0262.744] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0262.744] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\d2w8ci4h.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\d2w8Ci4H.avi.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\d2w8ci4h.avi.ampkcz")) returned 1 [0262.746] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\readme.txt", lpFilePart=0x0) returned 0x3a [0262.746] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0262.746] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0262.747] GetFileType (hFile=0x1f4) returned 0x1 [0262.747] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0262.747] GetFileType (hFile=0x1f4) returned 0x1 [0262.748] WriteFile (in: hFile=0x1f4, lpBuffer=0x269bdb8*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ec68, lpOverlapped=0x0 | out: lpBuffer=0x269bdb8*, lpNumberOfBytesWritten=0x14ec68*=0x6c6, lpOverlapped=0x0) returned 1 [0262.749] CloseHandle (hObject=0x1f4) returned 1 [0262.752] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv", lpFilePart=0x0) returned 0x42 [0262.752] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv", lpFilePart=0x0) returned 0x42 [0262.752] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv", dwFileAttributes=0x80) returned 1 [0262.754] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0262.754] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\t6yj2eg4istlbi.flv"), fInfoLevelId=0x0, lpFileInformation=0x269e310 | out: lpFileInformation=0x269e310*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5f8c51d0, ftCreationTime.dwHighDateTime=0x1d81a35, ftLastAccessTime.dwLowDateTime=0xa4fcabe0, ftLastAccessTime.dwHighDateTime=0x1d82555, ftLastWriteTime.dwLowDateTime=0xa4fcabe0, ftLastWriteTime.dwHighDateTime=0x1d82555, nFileSizeHigh=0x0, nFileSizeLow=0xfcb2)) returned 1 [0262.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0262.755] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv", lpFilePart=0x0) returned 0x42 [0262.755] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0262.755] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\t6yj2eg4istlbi.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0262.755] GetFileType (hFile=0x1f4) returned 0x1 [0262.755] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0262.755] GetFileType (hFile=0x1f4) returned 0x1 [0262.755] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0xfcb2 [0262.755] ReadFile (in: hFile=0x1f4, lpBuffer=0x269e800, nNumberOfBytesToRead=0xfcb2, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x269e800*, lpNumberOfBytesRead=0x14ecf8*=0xfcb2, lpOverlapped=0x0) returned 1 [0262.757] CloseHandle (hObject=0x1f4) returned 1 [0263.159] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv", lpFilePart=0x0) returned 0x42 [0263.160] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0263.160] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\t6yj2eg4istlbi.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0263.162] GetFileType (hFile=0x1f4) returned 0x1 [0263.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0263.162] GetFileType (hFile=0x1f4) returned 0x1 [0263.162] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.163] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.163] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.164] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.164] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.164] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.165] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.165] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.166] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.166] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.166] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.167] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.167] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.167] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.168] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.168] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.168] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.169] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.169] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.169] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0263.170] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebd8, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ebd8*=0x1000, lpOverlapped=0x0) returned 1 [0263.170] WriteFile (in: hFile=0x1f4, lpBuffer=0x25663f8*, nNumberOfBytesToWrite=0x1c8, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x25663f8*, lpNumberOfBytesWritten=0x14ebb8*=0x1c8, lpOverlapped=0x0) returned 1 [0263.170] CloseHandle (hObject=0x1f4) returned 1 [0263.173] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv", lpFilePart=0x0) returned 0x42 [0263.173] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv.ampkcz", lpFilePart=0x0) returned 0x49 [0263.173] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0263.173] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\t6yj2eg4istlbi.flv"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f8c51d0, ftCreationTime.dwHighDateTime=0x1d81a35, ftLastAccessTime.dwLowDateTime=0xa4fcabe0, ftLastAccessTime.dwHighDateTime=0x1d82555, ftLastWriteTime.dwLowDateTime=0x8b43b154, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x151c8)) returned 1 [0263.174] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0263.174] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\t6yj2eg4istlbi.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\T6Yj2eG4IStLBi.flv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\t6yj2eg4istlbi.flv.ampkcz")) returned 1 [0263.175] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0263.175] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx", lpFilePart=0x0) returned 0x2f [0263.175] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\", lpFilePart=0x0) returned 0x30 [0263.175] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x72d898c0, ftCreationTime.dwHighDateTime=0x1d82011, ftLastAccessTime.dwLowDateTime=0x8b43d7df, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8b43d7df, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0263.175] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x72d898c0, ftCreationTime.dwHighDateTime=0x1d82011, ftLastAccessTime.dwLowDateTime=0x8b43d7df, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8b43d7df, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0263.175] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2bf1f00, ftCreationTime.dwHighDateTime=0x1d829e9, ftLastAccessTime.dwLowDateTime=0x58489690, ftLastAccessTime.dwHighDateTime=0x1d829f8, ftLastWriteTime.dwLowDateTime=0x8b022d42, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6a88, dwReserved0=0x0, dwReserved1=0x0, cFileName="d2w8Ci4H.avi.ampkcz", cAlternateFileName="D2W8CI~1.AMP")) returned 1 [0263.176] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b02a9c8, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x8b02a9c8, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8b0316e7, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0263.176] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f8c51d0, ftCreationTime.dwHighDateTime=0x1d81a35, ftLastAccessTime.dwLowDateTime=0xa4fcabe0, ftLastAccessTime.dwHighDateTime=0x1d82555, ftLastWriteTime.dwLowDateTime=0x8b43b154, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x151c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="T6Yj2eG4IStLBi.flv.ampkcz", cAlternateFileName="T6YJ2E~1.AMP")) returned 1 [0263.176] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0faef00, ftCreationTime.dwHighDateTime=0x1d82074, ftLastAccessTime.dwLowDateTime=0xd6c822d0, ftLastAccessTime.dwHighDateTime=0x1d82627, ftLastWriteTime.dwLowDateTime=0xd6c822d0, ftLastWriteTime.dwHighDateTime=0x1d82627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="vso6J6hoPFuL_PO3n", cAlternateFileName="VSO6J6~1")) returned 1 [0263.176] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0263.176] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0263.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0263.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0263.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0263.177] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n", lpFilePart=0x0) returned 0x41 [0263.177] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\", lpFilePart=0x0) returned 0x42 [0263.177] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0faef00, ftCreationTime.dwHighDateTime=0x1d82074, ftLastAccessTime.dwLowDateTime=0xd6c822d0, ftLastAccessTime.dwHighDateTime=0x1d82627, ftLastWriteTime.dwLowDateTime=0xd6c822d0, ftLastWriteTime.dwHighDateTime=0x1d82627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0263.177] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0faef00, ftCreationTime.dwHighDateTime=0x1d82074, ftLastAccessTime.dwLowDateTime=0xd6c822d0, ftLastAccessTime.dwHighDateTime=0x1d82627, ftLastWriteTime.dwLowDateTime=0xd6c822d0, ftLastWriteTime.dwHighDateTime=0x1d82627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0263.178] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78640c20, ftCreationTime.dwHighDateTime=0x1d81f35, ftLastAccessTime.dwLowDateTime=0x26bc0430, ftLastAccessTime.dwHighDateTime=0x1d828b4, ftLastWriteTime.dwLowDateTime=0x26bc0430, ftLastWriteTime.dwHighDateTime=0x1d828b4, nFileSizeHigh=0x0, nFileSizeLow=0xc02, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ftt _xFpP8.mkv", cAlternateFileName="FTT_XF~1.MKV")) returned 1 [0263.178] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24cbe600, ftCreationTime.dwHighDateTime=0x1d8246c, ftLastAccessTime.dwLowDateTime=0x31e0ae20, ftLastAccessTime.dwHighDateTime=0x1d8271e, ftLastWriteTime.dwLowDateTime=0x31e0ae20, ftLastWriteTime.dwHighDateTime=0x1d8271e, nFileSizeHigh=0x0, nFileSizeLow=0x18c94, dwReserved0=0x0, dwReserved1=0x0, cFileName="TSr3nT8m9489LbmEJXW.mkv", cAlternateFileName="TSR3NT~1.MKV")) returned 1 [0263.178] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0263.178] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0263.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0263.178] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0263.179] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv", lpFilePart=0x0) returned 0x51 [0263.179] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv", lpFilePart=0x0) returned 0x51 [0263.179] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv", dwFileAttributes=0x80) returned 1 [0263.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0263.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\vso6j6hopful_po3n\\ftt _xfpp8.mkv"), fInfoLevelId=0x0, lpFileInformation=0x256a228 | out: lpFileInformation=0x256a228*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x78640c20, ftCreationTime.dwHighDateTime=0x1d81f35, ftLastAccessTime.dwLowDateTime=0x26bc0430, ftLastAccessTime.dwHighDateTime=0x1d828b4, ftLastWriteTime.dwLowDateTime=0x26bc0430, ftLastWriteTime.dwHighDateTime=0x1d828b4, nFileSizeHigh=0x0, nFileSizeLow=0xc02)) returned 1 [0263.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0263.180] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv", lpFilePart=0x0) returned 0x51 [0263.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0263.180] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\vso6j6hopful_po3n\\ftt _xfpp8.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0263.180] GetFileType (hFile=0x1f4) returned 0x1 [0263.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0263.180] GetFileType (hFile=0x1f4) returned 0x1 [0263.180] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0xc02 [0263.180] ReadFile (in: hFile=0x1f4, lpBuffer=0x256b388, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x256b388*, lpNumberOfBytesRead=0x14ec88*=0xc02, lpOverlapped=0x0) returned 1 [0263.181] CloseHandle (hObject=0x1f4) returned 1 [0263.546] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv", lpFilePart=0x0) returned 0x51 [0263.546] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0263.546] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\vso6j6hopful_po3n\\ftt _xfpp8.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0263.550] GetFileType (hFile=0x1f4) returned 0x1 [0263.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0263.550] GetFileType (hFile=0x1f4) returned 0x1 [0263.550] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ed6c8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14eb68, lpOverlapped=0x0 | out: lpBuffer=0x25ed6c8*, lpNumberOfBytesWritten=0x14eb68*=0x1000, lpOverlapped=0x0) returned 1 [0263.551] WriteFile (in: hFile=0x1f4, lpBuffer=0x25ed6c8*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x25ed6c8*, lpNumberOfBytesWritten=0x14eb48*=0xe0, lpOverlapped=0x0) returned 1 [0263.551] CloseHandle (hObject=0x1f4) returned 1 [0263.553] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv", lpFilePart=0x0) returned 0x51 [0263.553] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv.ampkcz", lpFilePart=0x0) returned 0x58 [0263.553] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0263.553] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\vso6j6hopful_po3n\\ftt _xfpp8.mkv"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78640c20, ftCreationTime.dwHighDateTime=0x1d81f35, ftLastAccessTime.dwLowDateTime=0x26bc0430, ftLastAccessTime.dwHighDateTime=0x1d828b4, ftLastWriteTime.dwLowDateTime=0x8b7dabb3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x10e0)) returned 1 [0263.553] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0263.553] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\vso6j6hopful_po3n\\ftt _xfpp8.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\Ftt _xFpP8.mkv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\vso6j6hopful_po3n\\ftt _xfpp8.mkv.ampkcz")) returned 1 [0263.561] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\readme.txt", lpFilePart=0x0) returned 0x4c [0263.561] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb50) returned 1 [0263.561] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\vso6j6hopful_po3n\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0263.735] GetFileType (hFile=0x1f4) returned 0x1 [0263.735] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eac0) returned 1 [0263.735] GetFileType (hFile=0x1f4) returned 0x1 [0263.738] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f0a20*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ebf8, lpOverlapped=0x0 | out: lpBuffer=0x25f0a20*, lpNumberOfBytesWritten=0x14ebf8*=0x6c6, lpOverlapped=0x0) returned 1 [0263.739] CloseHandle (hObject=0x1f4) returned 1 [0263.740] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv", lpFilePart=0x0) returned 0x59 [0263.740] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv", lpFilePart=0x0) returned 0x59 [0263.740] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv", dwFileAttributes=0x80) returned 1 [0263.741] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0263.741] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\vso6j6hopful_po3n\\tsr3nt8m9489lbmejxw.mkv"), fInfoLevelId=0x0, lpFileInformation=0x25f2940 | out: lpFileInformation=0x25f2940*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x24cbe600, ftCreationTime.dwHighDateTime=0x1d8246c, ftLastAccessTime.dwLowDateTime=0x31e0ae20, ftLastAccessTime.dwHighDateTime=0x1d8271e, ftLastWriteTime.dwLowDateTime=0x31e0ae20, ftLastWriteTime.dwHighDateTime=0x1d8271e, nFileSizeHigh=0x0, nFileSizeLow=0x18c94)) returned 1 [0263.741] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0263.741] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv", lpFilePart=0x0) returned 0x59 [0263.741] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0263.741] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\vso6j6hopful_po3n\\tsr3nt8m9489lbmejxw.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0263.741] GetFileType (hFile=0x1f4) returned 0x1 [0263.742] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0263.742] GetFileType (hFile=0x1f4) returned 0x1 [0263.742] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x18c94 [0263.742] ReadFile (in: hFile=0x1f4, lpBuffer=0x12640380, nNumberOfBytesToRead=0x18c94, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x12640380*, lpNumberOfBytesRead=0x14ec88*=0x18c94, lpOverlapped=0x0) returned 1 [0263.744] CloseHandle (hObject=0x1f4) returned 1 [0264.089] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv", lpFilePart=0x0) returned 0x59 [0264.089] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0264.089] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\vso6j6hopful_po3n\\tsr3nt8m9489lbmejxw.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0264.091] GetFileType (hFile=0x1f4) returned 0x1 [0264.091] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0264.091] GetFileType (hFile=0x1f4) returned 0x1 [0264.091] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.093] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.093] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.094] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.094] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.094] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.095] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.095] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.095] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.096] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.096] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.098] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.098] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.098] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.099] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.099] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.100] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.100] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.100] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.101] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.101] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.101] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.102] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.102] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.102] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.103] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.103] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.104] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.104] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.104] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.105] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.105] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0264.105] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14eb68, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14eb68*=0x1000, lpOverlapped=0x0) returned 1 [0264.106] WriteFile (in: hFile=0x1f4, lpBuffer=0x266c378*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x266c378*, lpNumberOfBytesWritten=0x14eb48*=0x1a0, lpOverlapped=0x0) returned 1 [0264.106] CloseHandle (hObject=0x1f4) returned 1 [0264.128] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv", lpFilePart=0x0) returned 0x59 [0264.128] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv.ampkcz", lpFilePart=0x0) returned 0x60 [0264.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0264.128] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\vso6j6hopful_po3n\\tsr3nt8m9489lbmejxw.mkv"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24cbe600, ftCreationTime.dwHighDateTime=0x1d8246c, ftLastAccessTime.dwLowDateTime=0x31e0ae20, ftLastAccessTime.dwHighDateTime=0x1d8271e, ftLastWriteTime.dwLowDateTime=0x8bd3abcf, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x211a0)) returned 1 [0264.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0264.128] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\vso6j6hopful_po3n\\tsr3nt8m9489lbmejxw.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\TSr3nT8m9489LbmEJXW.mkv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\tzcj_rpznwax\\vso6j6hopful_po3n\\tsr3nt8m9489lbmejxw.mkv.ampkcz")) returned 1 [0264.129] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0264.129] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n", lpFilePart=0x0) returned 0x41 [0264.129] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\", lpFilePart=0x0) returned 0x42 [0264.129] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\tZCj_rPznWAx\\vso6J6hoPFuL_PO3n\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0faef00, ftCreationTime.dwHighDateTime=0x1d82074, ftLastAccessTime.dwLowDateTime=0x8bd56cd4, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8bd56cd4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687cd0 [0264.130] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb0faef00, ftCreationTime.dwHighDateTime=0x1d82074, ftLastAccessTime.dwLowDateTime=0x8bd56cd4, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8bd56cd4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.130] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x78640c20, ftCreationTime.dwHighDateTime=0x1d81f35, ftLastAccessTime.dwLowDateTime=0x26bc0430, ftLastAccessTime.dwHighDateTime=0x1d828b4, ftLastWriteTime.dwLowDateTime=0x8b7dabb3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x10e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ftt _xFpP8.mkv.ampkcz", cAlternateFileName="FTT_XF~1.AMP")) returned 1 [0264.131] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8b7efa81, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x8b7efa81, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8b9a14f8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0264.131] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24cbe600, ftCreationTime.dwHighDateTime=0x1d8246c, ftLastAccessTime.dwLowDateTime=0x31e0ae20, ftLastAccessTime.dwHighDateTime=0x1d8271e, ftLastWriteTime.dwLowDateTime=0x8bd3abcf, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x211a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TSr3nT8m9489LbmEJXW.mkv.ampkcz", cAlternateFileName="TSR3NT~1.AMP")) returned 1 [0264.131] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x24cbe600, ftCreationTime.dwHighDateTime=0x1d8246c, ftLastAccessTime.dwLowDateTime=0x31e0ae20, ftLastAccessTime.dwHighDateTime=0x1d8271e, ftLastWriteTime.dwLowDateTime=0x8bd3abcf, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x211a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TSr3nT8m9489LbmEJXW.mkv.ampkcz", cAlternateFileName="TSR3NT~1.AMP")) returned 0 [0264.131] FindClose (in: hFindFile=0x687cd0 | out: hFindFile=0x687cd0) returned 1 [0264.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0264.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0264.131] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0264.131] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg", lpFilePart=0x0) returned 0x33 [0264.132] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\", lpFilePart=0x0) returned 0x34 [0264.132] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf0316b0, ftCreationTime.dwHighDateTime=0x1d82778, ftLastAccessTime.dwLowDateTime=0x5b8d8e70, ftLastAccessTime.dwHighDateTime=0x1d828f2, ftLastWriteTime.dwLowDateTime=0x5b8d8e70, ftLastWriteTime.dwHighDateTime=0x1d828f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0264.132] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf0316b0, ftCreationTime.dwHighDateTime=0x1d82778, ftLastAccessTime.dwLowDateTime=0x5b8d8e70, ftLastAccessTime.dwHighDateTime=0x1d828f2, ftLastWriteTime.dwLowDateTime=0x5b8d8e70, ftLastWriteTime.dwHighDateTime=0x1d828f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0264.132] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94e67e60, ftCreationTime.dwHighDateTime=0x1d82155, ftLastAccessTime.dwLowDateTime=0x709a1b30, ftLastAccessTime.dwHighDateTime=0x1d82316, ftLastWriteTime.dwLowDateTime=0x709a1b30, ftLastWriteTime.dwHighDateTime=0x1d82316, nFileSizeHigh=0x0, nFileSizeLow=0xcb2b, dwReserved0=0x0, dwReserved1=0x0, cFileName="OQLMX6gPB.swf", cAlternateFileName="OQLMX6~1.SWF")) returned 1 [0264.132] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4049b250, ftCreationTime.dwHighDateTime=0x1d82925, ftLastAccessTime.dwLowDateTime=0x6ddef0e0, ftLastAccessTime.dwHighDateTime=0x1d829bb, ftLastWriteTime.dwLowDateTime=0x6ddef0e0, ftLastWriteTime.dwHighDateTime=0x1d829bb, nFileSizeHigh=0x0, nFileSizeLow=0xb9c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="QHvjleVnvxZbmpA.swf", cAlternateFileName="QHVJLE~1.SWF")) returned 1 [0264.133] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad0429f0, ftCreationTime.dwHighDateTime=0x1d82675, ftLastAccessTime.dwLowDateTime=0x7e047b80, ftLastAccessTime.dwHighDateTime=0x1d826c7, ftLastWriteTime.dwLowDateTime=0x7e047b80, ftLastWriteTime.dwHighDateTime=0x1d826c7, nFileSizeHigh=0x0, nFileSizeLow=0x13d20, dwReserved0=0x0, dwReserved1=0x0, cFileName="TNCORH.avi", cAlternateFileName="")) returned 1 [0264.133] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fea3af0, ftCreationTime.dwHighDateTime=0x1d81fdb, ftLastAccessTime.dwLowDateTime=0x5e7c01d0, ftLastAccessTime.dwHighDateTime=0x1d828b0, ftLastWriteTime.dwLowDateTime=0x5e7c01d0, ftLastWriteTime.dwHighDateTime=0x1d828b0, nFileSizeHigh=0x0, nFileSizeLow=0x1bd7, dwReserved0=0x0, dwReserved1=0x0, cFileName="uLNR.avi", cAlternateFileName="")) returned 1 [0264.133] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5fd8c10, ftCreationTime.dwHighDateTime=0x1d82552, ftLastAccessTime.dwLowDateTime=0x5baddcc0, ftLastAccessTime.dwHighDateTime=0x1d82636, ftLastWriteTime.dwLowDateTime=0x5baddcc0, ftLastWriteTime.dwHighDateTime=0x1d82636, nFileSizeHigh=0x0, nFileSizeLow=0x16df5, dwReserved0=0x0, dwReserved1=0x0, cFileName="WHq0N bgYB7ImNhpgNuO.flv", cAlternateFileName="WHQ0NB~1.FLV")) returned 1 [0264.133] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55c825b0, ftCreationTime.dwHighDateTime=0x1d82765, ftLastAccessTime.dwLowDateTime=0x4ce289e0, ftLastAccessTime.dwHighDateTime=0x1d82788, ftLastWriteTime.dwLowDateTime=0x4ce289e0, ftLastWriteTime.dwHighDateTime=0x1d82788, nFileSizeHigh=0x0, nFileSizeLow=0xf63b, dwReserved0=0x0, dwReserved1=0x0, cFileName="WnOTqDGjOEevTHSSMo.avi", cAlternateFileName="WNOTQD~1.AVI")) returned 1 [0264.133] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x947cb500, ftCreationTime.dwHighDateTime=0x1d82292, ftLastAccessTime.dwLowDateTime=0x2670a20, ftLastAccessTime.dwHighDateTime=0x1d82351, ftLastWriteTime.dwLowDateTime=0x2670a20, ftLastWriteTime.dwHighDateTime=0x1d82351, nFileSizeHigh=0x0, nFileSizeLow=0x48de, dwReserved0=0x0, dwReserved1=0x0, cFileName="XynP8pFnEpWNOAYc.mp4", cAlternateFileName="XYNP8P~1.MP4")) returned 1 [0264.134] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0264.134] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0264.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0264.134] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0264.136] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf", lpFilePart=0x0) returned 0x41 [0264.136] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf", lpFilePart=0x0) returned 0x41 [0264.136] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf", dwFileAttributes=0x80) returned 1 [0264.136] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0264.136] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\oqlmx6gpb.swf"), fInfoLevelId=0x0, lpFileInformation=0x2671100 | out: lpFileInformation=0x2671100*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x94e67e60, ftCreationTime.dwHighDateTime=0x1d82155, ftLastAccessTime.dwLowDateTime=0x709a1b30, ftLastAccessTime.dwHighDateTime=0x1d82316, ftLastWriteTime.dwLowDateTime=0x709a1b30, ftLastWriteTime.dwHighDateTime=0x1d82316, nFileSizeHigh=0x0, nFileSizeLow=0xcb2b)) returned 1 [0264.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0264.137] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf", lpFilePart=0x0) returned 0x41 [0264.137] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0264.137] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\oqlmx6gpb.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0264.137] GetFileType (hFile=0x1f4) returned 0x1 [0264.137] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0264.137] GetFileType (hFile=0x1f4) returned 0x1 [0264.137] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0xcb2b [0264.137] ReadFile (in: hFile=0x1f4, lpBuffer=0x26715e0, nNumberOfBytesToRead=0xcb2b, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x26715e0*, lpNumberOfBytesRead=0x14ecf8*=0xcb2b, lpOverlapped=0x0) returned 1 [0264.138] CloseHandle (hObject=0x1f4) returned 1 [0264.466] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf", lpFilePart=0x0) returned 0x41 [0264.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0264.466] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\oqlmx6gpb.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0264.468] GetFileType (hFile=0x1f4) returned 0x1 [0264.468] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0264.468] GetFileType (hFile=0x1f4) returned 0x1 [0264.468] WriteFile (in: hFile=0x1f4, lpBuffer=0x271d740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x271d740*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.469] WriteFile (in: hFile=0x1f4, lpBuffer=0x271d740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x271d740*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.470] WriteFile (in: hFile=0x1f4, lpBuffer=0x271d740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x271d740*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.470] WriteFile (in: hFile=0x1f4, lpBuffer=0x271d740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x271d740*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.471] WriteFile (in: hFile=0x1f4, lpBuffer=0x271d740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x271d740*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.471] WriteFile (in: hFile=0x1f4, lpBuffer=0x271d740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x271d740*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.471] WriteFile (in: hFile=0x1f4, lpBuffer=0x271d740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x271d740*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.472] WriteFile (in: hFile=0x1f4, lpBuffer=0x271d740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x271d740*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.472] WriteFile (in: hFile=0x1f4, lpBuffer=0x271d740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x271d740*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.472] WriteFile (in: hFile=0x1f4, lpBuffer=0x271d740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x271d740*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.473] WriteFile (in: hFile=0x1f4, lpBuffer=0x271d740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x271d740*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.473] WriteFile (in: hFile=0x1f4, lpBuffer=0x271d740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x271d740*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.473] WriteFile (in: hFile=0x1f4, lpBuffer=0x271d740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x271d740*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.474] WriteFile (in: hFile=0x1f4, lpBuffer=0x271d740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x271d740*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.474] WriteFile (in: hFile=0x1f4, lpBuffer=0x271d740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x271d740*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.474] WriteFile (in: hFile=0x1f4, lpBuffer=0x271d740*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x271d740*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.475] WriteFile (in: hFile=0x1f4, lpBuffer=0x271d740*, nNumberOfBytesToWrite=0xfb4, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x271d740*, lpNumberOfBytesWritten=0x14ebb8*=0xfb4, lpOverlapped=0x0) returned 1 [0264.475] CloseHandle (hObject=0x1f4) returned 1 [0264.478] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf", lpFilePart=0x0) returned 0x41 [0264.478] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf.ampkcz", lpFilePart=0x0) returned 0x48 [0264.478] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0264.478] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\oqlmx6gpb.swf"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94e67e60, ftCreationTime.dwHighDateTime=0x1d82155, ftLastAccessTime.dwLowDateTime=0x709a1b30, ftLastAccessTime.dwHighDateTime=0x1d82316, ftLastWriteTime.dwLowDateTime=0x8c0ac44a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x10fb4)) returned 1 [0264.478] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0264.478] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\oqlmx6gpb.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\OQLMX6gPB.swf.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\oqlmx6gpb.swf.ampkcz")) returned 1 [0264.479] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\readme.txt", lpFilePart=0x0) returned 0x3e [0264.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0264.479] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0264.479] GetFileType (hFile=0x1f4) returned 0x1 [0264.479] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0264.480] GetFileType (hFile=0x1f4) returned 0x1 [0264.480] WriteFile (in: hFile=0x1f4, lpBuffer=0x27209f8*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ec68, lpOverlapped=0x0 | out: lpBuffer=0x27209f8*, lpNumberOfBytesWritten=0x14ec68*=0x6c6, lpOverlapped=0x0) returned 1 [0264.481] CloseHandle (hObject=0x1f4) returned 1 [0264.483] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf", lpFilePart=0x0) returned 0x47 [0264.484] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf", lpFilePart=0x0) returned 0x47 [0264.484] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf", dwFileAttributes=0x80) returned 1 [0264.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0264.484] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\qhvjlevnvxzbmpa.swf"), fInfoLevelId=0x0, lpFileInformation=0x2722d70 | out: lpFileInformation=0x2722d70*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4049b250, ftCreationTime.dwHighDateTime=0x1d82925, ftLastAccessTime.dwLowDateTime=0x6ddef0e0, ftLastAccessTime.dwHighDateTime=0x1d829bb, ftLastWriteTime.dwLowDateTime=0x6ddef0e0, ftLastWriteTime.dwHighDateTime=0x1d829bb, nFileSizeHigh=0x0, nFileSizeLow=0xb9c0)) returned 1 [0264.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0264.485] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf", lpFilePart=0x0) returned 0x47 [0264.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0264.485] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\qhvjlevnvxzbmpa.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0264.485] GetFileType (hFile=0x1f4) returned 0x1 [0264.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0264.485] GetFileType (hFile=0x1f4) returned 0x1 [0264.485] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0xb9c0 [0264.486] ReadFile (in: hFile=0x1f4, lpBuffer=0x2723278, nNumberOfBytesToRead=0xb9c0, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x2723278*, lpNumberOfBytesRead=0x14ecf8*=0xb9c0, lpOverlapped=0x0) returned 1 [0264.487] CloseHandle (hObject=0x1f4) returned 1 [0264.834] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf", lpFilePart=0x0) returned 0x47 [0264.834] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0264.834] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\qhvjlevnvxzbmpa.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0264.836] GetFileType (hFile=0x1f4) returned 0x1 [0264.836] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0264.836] GetFileType (hFile=0x1f4) returned 0x1 [0264.836] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d7418*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25d7418*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.837] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d7418*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25d7418*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.838] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d7418*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25d7418*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.838] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d7418*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25d7418*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.839] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d7418*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25d7418*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.839] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d7418*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25d7418*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.839] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d7418*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25d7418*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.840] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d7418*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25d7418*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.841] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d7418*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25d7418*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.841] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d7418*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25d7418*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.842] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d7418*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25d7418*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.842] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d7418*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25d7418*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.842] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d7418*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25d7418*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.843] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d7418*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25d7418*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.843] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d7418*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25d7418*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0264.843] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d7418*, nNumberOfBytesToWrite=0x888, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x25d7418*, lpNumberOfBytesWritten=0x14ebb8*=0x888, lpOverlapped=0x0) returned 1 [0264.843] CloseHandle (hObject=0x1f4) returned 1 [0264.847] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf", lpFilePart=0x0) returned 0x47 [0264.847] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf.ampkcz", lpFilePart=0x0) returned 0x4e [0264.847] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0264.847] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\qhvjlevnvxzbmpa.swf"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4049b250, ftCreationTime.dwHighDateTime=0x1d82925, ftLastAccessTime.dwLowDateTime=0x6ddef0e0, ftLastAccessTime.dwHighDateTime=0x1d829bb, ftLastWriteTime.dwLowDateTime=0x8c430f86, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xf888)) returned 1 [0264.847] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0264.847] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\qhvjlevnvxzbmpa.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\QHvjleVnvxZbmpA.swf.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\qhvjlevnvxzbmpa.swf.ampkcz")) returned 1 [0264.849] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi", lpFilePart=0x0) returned 0x3e [0264.849] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi", lpFilePart=0x0) returned 0x3e [0264.849] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi", dwFileAttributes=0x80) returned 1 [0264.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0264.851] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\tncorh.avi"), fInfoLevelId=0x0, lpFileInformation=0x25d8df8 | out: lpFileInformation=0x25d8df8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xad0429f0, ftCreationTime.dwHighDateTime=0x1d82675, ftLastAccessTime.dwLowDateTime=0x7e047b80, ftLastAccessTime.dwHighDateTime=0x1d826c7, ftLastWriteTime.dwLowDateTime=0x7e047b80, ftLastWriteTime.dwHighDateTime=0x1d826c7, nFileSizeHigh=0x0, nFileSizeLow=0x13d20)) returned 1 [0264.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0264.851] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi", lpFilePart=0x0) returned 0x3e [0264.851] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0264.851] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\tncorh.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0264.851] GetFileType (hFile=0x1f4) returned 0x1 [0264.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0264.851] GetFileType (hFile=0x1f4) returned 0x1 [0264.851] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x13d20 [0264.851] ReadFile (in: hFile=0x1f4, lpBuffer=0x25d92b0, nNumberOfBytesToRead=0x13d20, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x25d92b0*, lpNumberOfBytesRead=0x14ecf8*=0x13d20, lpOverlapped=0x0) returned 1 [0264.853] CloseHandle (hObject=0x1f4) returned 1 [0265.199] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi", lpFilePart=0x0) returned 0x3e [0265.199] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0265.200] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\tncorh.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0265.201] GetFileType (hFile=0x1f4) returned 0x1 [0265.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0265.201] GetFileType (hFile=0x1f4) returned 0x1 [0265.202] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.204] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.205] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.205] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.205] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.206] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.206] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.206] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.207] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.207] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.207] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.208] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.208] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.208] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.209] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.209] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.209] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.210] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.210] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.210] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.211] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.211] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.211] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.212] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.212] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.213] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.213] WriteFile (in: hFile=0x1f4, lpBuffer=0x25359d8*, nNumberOfBytesToWrite=0x7b4, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x25359d8*, lpNumberOfBytesWritten=0x14ebb8*=0x7b4, lpOverlapped=0x0) returned 1 [0265.213] CloseHandle (hObject=0x1f4) returned 1 [0265.217] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi", lpFilePart=0x0) returned 0x3e [0265.217] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi.ampkcz", lpFilePart=0x0) returned 0x45 [0265.217] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0265.217] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\tncorh.avi"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad0429f0, ftCreationTime.dwHighDateTime=0x1d82675, ftLastAccessTime.dwLowDateTime=0x7e047b80, ftLastAccessTime.dwHighDateTime=0x1d826c7, ftLastWriteTime.dwLowDateTime=0x8c7b92e2, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a7b4)) returned 1 [0265.217] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0265.217] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\tncorh.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\TNCORH.avi.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\tncorh.avi.ampkcz")) returned 1 [0265.219] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi", lpFilePart=0x0) returned 0x3c [0265.219] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi", lpFilePart=0x0) returned 0x3c [0265.219] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi", dwFileAttributes=0x80) returned 1 [0265.220] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0265.220] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\ulnr.avi"), fInfoLevelId=0x0, lpFileInformation=0x2537388 | out: lpFileInformation=0x2537388*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6fea3af0, ftCreationTime.dwHighDateTime=0x1d81fdb, ftLastAccessTime.dwLowDateTime=0x5e7c01d0, ftLastAccessTime.dwHighDateTime=0x1d828b0, ftLastWriteTime.dwLowDateTime=0x5e7c01d0, ftLastWriteTime.dwHighDateTime=0x1d828b0, nFileSizeHigh=0x0, nFileSizeLow=0x1bd7)) returned 1 [0265.220] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0265.220] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi", lpFilePart=0x0) returned 0x3c [0265.220] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0265.220] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\ulnr.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0265.220] GetFileType (hFile=0x1f4) returned 0x1 [0265.220] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0265.220] GetFileType (hFile=0x1f4) returned 0x1 [0265.220] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x1bd7 [0265.220] ReadFile (in: hFile=0x1f4, lpBuffer=0x2537840, nNumberOfBytesToRead=0x1bd7, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x2537840*, lpNumberOfBytesRead=0x14ecf8*=0x1bd7, lpOverlapped=0x0) returned 1 [0265.221] CloseHandle (hObject=0x1f4) returned 1 [0265.590] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi", lpFilePart=0x0) returned 0x3c [0265.590] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0265.590] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\ulnr.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0265.592] GetFileType (hFile=0x1f4) returned 0x1 [0265.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0265.592] GetFileType (hFile=0x1f4) returned 0x1 [0265.592] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c4a88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25c4a88*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.593] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c4a88*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25c4a88*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0265.594] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c4a88*, nNumberOfBytesToWrite=0x5f4, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x25c4a88*, lpNumberOfBytesWritten=0x14ebb8*=0x5f4, lpOverlapped=0x0) returned 1 [0265.594] CloseHandle (hObject=0x1f4) returned 1 [0265.595] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi", lpFilePart=0x0) returned 0x3c [0265.595] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi.ampkcz", lpFilePart=0x0) returned 0x43 [0265.595] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0265.595] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\ulnr.avi"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fea3af0, ftCreationTime.dwHighDateTime=0x1d81fdb, ftLastAccessTime.dwLowDateTime=0x5e7c01d0, ftLastAccessTime.dwHighDateTime=0x1d828b0, ftLastWriteTime.dwLowDateTime=0x8cb5478c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x25f4)) returned 1 [0265.596] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0265.596] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\ulnr.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\uLNR.avi.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\ulnr.avi.ampkcz")) returned 1 [0265.598] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv", lpFilePart=0x0) returned 0x4c [0265.598] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv", lpFilePart=0x0) returned 0x4c [0265.598] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv", dwFileAttributes=0x80) returned 1 [0265.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0265.599] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\whq0n bgyb7imnhpgnuo.flv"), fInfoLevelId=0x0, lpFileInformation=0x25c6a60 | out: lpFileInformation=0x25c6a60*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf5fd8c10, ftCreationTime.dwHighDateTime=0x1d82552, ftLastAccessTime.dwLowDateTime=0x5baddcc0, ftLastAccessTime.dwHighDateTime=0x1d82636, ftLastWriteTime.dwLowDateTime=0x5baddcc0, ftLastWriteTime.dwHighDateTime=0x1d82636, nFileSizeHigh=0x0, nFileSizeLow=0x16df5)) returned 1 [0265.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0265.599] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv", lpFilePart=0x0) returned 0x4c [0265.599] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0265.599] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\whq0n bgyb7imnhpgnuo.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0265.599] GetFileType (hFile=0x1f4) returned 0x1 [0265.599] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0265.599] GetFileType (hFile=0x1f4) returned 0x1 [0265.599] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x16df5 [0265.600] ReadFile (in: hFile=0x1f4, lpBuffer=0x12593fa8, nNumberOfBytesToRead=0x16df5, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x12593fa8*, lpNumberOfBytesRead=0x14ecf8*=0x16df5, lpOverlapped=0x0) returned 1 [0265.602] CloseHandle (hObject=0x1f4) returned 1 [0266.012] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv", lpFilePart=0x0) returned 0x4c [0266.012] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0266.012] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\whq0n bgyb7imnhpgnuo.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0266.015] GetFileType (hFile=0x1f4) returned 0x1 [0266.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0266.015] GetFileType (hFile=0x1f4) returned 0x1 [0266.015] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.017] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.017] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.018] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.018] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.019] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.019] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.021] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.021] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.022] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.023] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.024] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.024] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.024] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.025] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.025] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.026] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.026] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.026] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.027] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.027] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.027] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.028] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.028] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.029] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.029] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.029] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.030] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.030] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.030] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.031] WriteFile (in: hFile=0x1f4, lpBuffer=0x2640450*, nNumberOfBytesToWrite=0x8c8, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x2640450*, lpNumberOfBytesWritten=0x14ebb8*=0x8c8, lpOverlapped=0x0) returned 1 [0266.031] CloseHandle (hObject=0x1f4) returned 1 [0266.035] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv", lpFilePart=0x0) returned 0x4c [0266.035] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv.ampkcz", lpFilePart=0x0) returned 0x53 [0266.035] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0266.035] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\whq0n bgyb7imnhpgnuo.flv"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5fd8c10, ftCreationTime.dwHighDateTime=0x1d82552, ftLastAccessTime.dwLowDateTime=0x5baddcc0, ftLastAccessTime.dwHighDateTime=0x1d82636, ftLastWriteTime.dwLowDateTime=0x8cf86900, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1e8c8)) returned 1 [0266.036] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0266.036] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\whq0n bgyb7imnhpgnuo.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WHq0N bgYB7ImNhpgNuO.flv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\whq0n bgyb7imnhpgnuo.flv.ampkcz")) returned 1 [0266.037] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi", lpFilePart=0x0) returned 0x4a [0266.038] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi", lpFilePart=0x0) returned 0x4a [0266.038] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi", dwFileAttributes=0x80) returned 1 [0266.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0266.038] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\wnotqdgjoeevthssmo.avi"), fInfoLevelId=0x0, lpFileInformation=0x2641e68 | out: lpFileInformation=0x2641e68*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x55c825b0, ftCreationTime.dwHighDateTime=0x1d82765, ftLastAccessTime.dwLowDateTime=0x4ce289e0, ftLastAccessTime.dwHighDateTime=0x1d82788, ftLastWriteTime.dwLowDateTime=0x4ce289e0, ftLastWriteTime.dwHighDateTime=0x1d82788, nFileSizeHigh=0x0, nFileSizeLow=0xf63b)) returned 1 [0266.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0266.038] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi", lpFilePart=0x0) returned 0x4a [0266.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0266.038] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\wnotqdgjoeevthssmo.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0266.038] GetFileType (hFile=0x1f4) returned 0x1 [0266.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0266.038] GetFileType (hFile=0x1f4) returned 0x1 [0266.038] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0xf63b [0266.039] ReadFile (in: hFile=0x1f4, lpBuffer=0x2642398, nNumberOfBytesToRead=0xf63b, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x2642398*, lpNumberOfBytesRead=0x14ecf8*=0xf63b, lpOverlapped=0x0) returned 1 [0266.040] CloseHandle (hObject=0x1f4) returned 1 [0266.412] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi", lpFilePart=0x0) returned 0x4a [0266.412] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0266.412] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\wnotqdgjoeevthssmo.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0266.414] GetFileType (hFile=0x1f4) returned 0x1 [0266.414] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0266.414] GetFileType (hFile=0x1f4) returned 0x1 [0266.415] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.416] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.416] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.417] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.417] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.418] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.418] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.418] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.419] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.419] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.419] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.420] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.420] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.420] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.421] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.421] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.422] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.422] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.422] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.423] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0266.423] WriteFile (in: hFile=0x1f4, lpBuffer=0x26f9158*, nNumberOfBytesToWrite=0x920, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x26f9158*, lpNumberOfBytesWritten=0x14ebb8*=0x920, lpOverlapped=0x0) returned 1 [0266.423] CloseHandle (hObject=0x1f4) returned 1 [0266.480] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi", lpFilePart=0x0) returned 0x4a [0266.480] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi.ampkcz", lpFilePart=0x0) returned 0x51 [0266.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0266.480] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\wnotqdgjoeevthssmo.avi"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55c825b0, ftCreationTime.dwHighDateTime=0x1d82765, ftLastAccessTime.dwLowDateTime=0x4ce289e0, ftLastAccessTime.dwHighDateTime=0x1d82788, ftLastWriteTime.dwLowDateTime=0x8d3c4022, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x14920)) returned 1 [0266.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0266.480] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\wnotqdgjoeevthssmo.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\WnOTqDGjOEevTHSSMo.avi.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\wnotqdgjoeevthssmo.avi.ampkcz")) returned 1 [0266.483] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4", lpFilePart=0x0) returned 0x48 [0266.483] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4", lpFilePart=0x0) returned 0x48 [0266.483] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4", dwFileAttributes=0x80) returned 1 [0266.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0266.484] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\xynp8pfnepwnoayc.mp4"), fInfoLevelId=0x0, lpFileInformation=0x26faa28 | out: lpFileInformation=0x26faa28*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x947cb500, ftCreationTime.dwHighDateTime=0x1d82292, ftLastAccessTime.dwLowDateTime=0x2670a20, ftLastAccessTime.dwHighDateTime=0x1d82351, ftLastWriteTime.dwLowDateTime=0x2670a20, ftLastWriteTime.dwHighDateTime=0x1d82351, nFileSizeHigh=0x0, nFileSizeLow=0x48de)) returned 1 [0266.484] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0266.484] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4", lpFilePart=0x0) returned 0x48 [0266.484] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0266.484] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\xynp8pfnepwnoayc.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0266.484] GetFileType (hFile=0x1f4) returned 0x1 [0266.485] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0266.485] GetFileType (hFile=0x1f4) returned 0x1 [0266.485] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x48de [0266.485] ReadFile (in: hFile=0x1f4, lpBuffer=0x26faf58, nNumberOfBytesToRead=0x48de, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x26faf58*, lpNumberOfBytesRead=0x14ecf8*=0x48de, lpOverlapped=0x0) returned 1 [0266.486] CloseHandle (hObject=0x1f4) returned 1 [0267.026] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4", lpFilePart=0x0) returned 0x48 [0267.026] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0267.026] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\xynp8pfnepwnoayc.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0267.028] GetFileType (hFile=0x1f4) returned 0x1 [0267.028] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0267.028] GetFileType (hFile=0x1f4) returned 0x1 [0267.028] WriteFile (in: hFile=0x1f4, lpBuffer=0x25acf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25acf40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0267.029] WriteFile (in: hFile=0x1f4, lpBuffer=0x25acf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25acf40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0267.030] WriteFile (in: hFile=0x1f4, lpBuffer=0x25acf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25acf40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0267.030] WriteFile (in: hFile=0x1f4, lpBuffer=0x25acf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25acf40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0267.031] WriteFile (in: hFile=0x1f4, lpBuffer=0x25acf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec58, lpOverlapped=0x0 | out: lpBuffer=0x25acf40*, lpNumberOfBytesWritten=0x14ec58*=0x1000, lpOverlapped=0x0) returned 1 [0267.031] WriteFile (in: hFile=0x1f4, lpBuffer=0x25acf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebd8, lpOverlapped=0x0 | out: lpBuffer=0x25acf40*, lpNumberOfBytesWritten=0x14ebd8*=0x1000, lpOverlapped=0x0) returned 1 [0267.031] WriteFile (in: hFile=0x1f4, lpBuffer=0x25acf40*, nNumberOfBytesToWrite=0x1f4, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x25acf40*, lpNumberOfBytesWritten=0x14ebb8*=0x1f4, lpOverlapped=0x0) returned 1 [0267.032] CloseHandle (hObject=0x1f4) returned 1 [0267.034] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4", lpFilePart=0x0) returned 0x48 [0267.034] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4.ampkcz", lpFilePart=0x0) returned 0x4f [0267.034] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0267.034] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\xynp8pfnepwnoayc.mp4"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x947cb500, ftCreationTime.dwHighDateTime=0x1d82292, ftLastAccessTime.dwLowDateTime=0x2670a20, ftLastAccessTime.dwHighDateTime=0x1d82351, ftLastWriteTime.dwLowDateTime=0x8d90c5ea, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x61f4)) returned 1 [0267.034] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0267.034] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\xynp8pfnepwnoayc.mp4"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\XynP8pFnEpWNOAYc.mp4.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y11gp\\zy7mktg-1epztung\\xynp8pfnepwnoayc.mp4.ampkcz")) returned 1 [0267.035] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0267.035] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg", lpFilePart=0x0) returned 0x33 [0267.035] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\", lpFilePart=0x0) returned 0x34 [0267.035] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y11GP\\Zy7mKTg-1EpZTUNg\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf0316b0, ftCreationTime.dwHighDateTime=0x1d82778, ftLastAccessTime.dwLowDateTime=0x8d90e176, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8d90e176, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0267.035] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xdf0316b0, ftCreationTime.dwHighDateTime=0x1d82778, ftLastAccessTime.dwLowDateTime=0x8d90e176, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8d90e176, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0267.036] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94e67e60, ftCreationTime.dwHighDateTime=0x1d82155, ftLastAccessTime.dwLowDateTime=0x709a1b30, ftLastAccessTime.dwHighDateTime=0x1d82316, ftLastWriteTime.dwLowDateTime=0x8c0ac44a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x10fb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="OQLMX6gPB.swf.ampkcz", cAlternateFileName="OQLMX6~1.AMP")) returned 1 [0267.036] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4049b250, ftCreationTime.dwHighDateTime=0x1d82925, ftLastAccessTime.dwLowDateTime=0x6ddef0e0, ftLastAccessTime.dwHighDateTime=0x1d829bb, ftLastWriteTime.dwLowDateTime=0x8c430f86, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xf888, dwReserved0=0x0, dwReserved1=0x0, cFileName="QHvjleVnvxZbmpA.swf.ampkcz", cAlternateFileName="QHVJLE~1.AMP")) returned 1 [0267.036] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8c0afcdf, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x8c0afcdf, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8c0b5da8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0267.036] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad0429f0, ftCreationTime.dwHighDateTime=0x1d82675, ftLastAccessTime.dwLowDateTime=0x7e047b80, ftLastAccessTime.dwHighDateTime=0x1d826c7, ftLastWriteTime.dwLowDateTime=0x8c7b92e2, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a7b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="TNCORH.avi.ampkcz", cAlternateFileName="TNCORH~1.AMP")) returned 1 [0267.037] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6fea3af0, ftCreationTime.dwHighDateTime=0x1d81fdb, ftLastAccessTime.dwLowDateTime=0x5e7c01d0, ftLastAccessTime.dwHighDateTime=0x1d828b0, ftLastWriteTime.dwLowDateTime=0x8cb5478c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x25f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="uLNR.avi.ampkcz", cAlternateFileName="ULNRAV~1.AMP")) returned 1 [0267.037] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5fd8c10, ftCreationTime.dwHighDateTime=0x1d82552, ftLastAccessTime.dwLowDateTime=0x5baddcc0, ftLastAccessTime.dwHighDateTime=0x1d82636, ftLastWriteTime.dwLowDateTime=0x8cf86900, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1e8c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="WHq0N bgYB7ImNhpgNuO.flv.ampkcz", cAlternateFileName="WHQ0NB~1.AMP")) returned 1 [0267.037] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x55c825b0, ftCreationTime.dwHighDateTime=0x1d82765, ftLastAccessTime.dwLowDateTime=0x4ce289e0, ftLastAccessTime.dwHighDateTime=0x1d82788, ftLastWriteTime.dwLowDateTime=0x8d3c4022, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x14920, dwReserved0=0x0, dwReserved1=0x0, cFileName="WnOTqDGjOEevTHSSMo.avi.ampkcz", cAlternateFileName="WNOTQD~1.AMP")) returned 1 [0267.037] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x947cb500, ftCreationTime.dwHighDateTime=0x1d82292, ftLastAccessTime.dwLowDateTime=0x2670a20, ftLastAccessTime.dwHighDateTime=0x1d82351, ftLastWriteTime.dwLowDateTime=0x8d90c5ea, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x61f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="XynP8pFnEpWNOAYc.mp4.ampkcz", cAlternateFileName="XYNP8P~1.AMP")) returned 1 [0267.037] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x947cb500, ftCreationTime.dwHighDateTime=0x1d82292, ftLastAccessTime.dwLowDateTime=0x2670a20, ftLastAccessTime.dwHighDateTime=0x1d82351, ftLastWriteTime.dwLowDateTime=0x8d90c5ea, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x61f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="XynP8pFnEpWNOAYc.mp4.ampkcz", cAlternateFileName="XYNP8P~1.AMP")) returned 0 [0267.039] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0267.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0267.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0267.040] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0267.040] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y", lpFilePart=0x0) returned 0x31 [0267.040] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\", lpFilePart=0x0) returned 0x32 [0267.040] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf06144e0, ftCreationTime.dwHighDateTime=0x1d82854, ftLastAccessTime.dwLowDateTime=0x15995de0, ftLastAccessTime.dwHighDateTime=0x1d828d4, ftLastWriteTime.dwLowDateTime=0x15995de0, ftLastWriteTime.dwHighDateTime=0x1d828d4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0267.040] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf06144e0, ftCreationTime.dwHighDateTime=0x1d82854, ftLastAccessTime.dwLowDateTime=0x15995de0, ftLastAccessTime.dwHighDateTime=0x1d828d4, ftLastWriteTime.dwLowDateTime=0x15995de0, ftLastWriteTime.dwHighDateTime=0x1d828d4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0267.040] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf7e8060, ftCreationTime.dwHighDateTime=0x1d81c0f, ftLastAccessTime.dwLowDateTime=0x87eb19b0, ftLastAccessTime.dwHighDateTime=0x1d81d3a, ftLastWriteTime.dwLowDateTime=0x87eb19b0, ftLastWriteTime.dwHighDateTime=0x1d81d3a, nFileSizeHigh=0x0, nFileSizeLow=0xfb3c, dwReserved0=0x0, dwReserved1=0x0, cFileName="6ohv.mp4", cAlternateFileName="")) returned 1 [0267.041] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb940a480, ftCreationTime.dwHighDateTime=0x1d82a19, ftLastAccessTime.dwLowDateTime=0x17ed2be0, ftLastAccessTime.dwHighDateTime=0x1d82a27, ftLastWriteTime.dwLowDateTime=0x17ed2be0, ftLastWriteTime.dwHighDateTime=0x1d82a27, nFileSizeHigh=0x0, nFileSizeLow=0xc1ca, dwReserved0=0x0, dwReserved1=0x0, cFileName="B 90.mkv", cAlternateFileName="B90~1.MKV")) returned 1 [0267.041] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5f3ec50, ftCreationTime.dwHighDateTime=0x1d81b11, ftLastAccessTime.dwLowDateTime=0x56cf0f60, ftLastAccessTime.dwHighDateTime=0x1d824e9, ftLastWriteTime.dwLowDateTime=0x56cf0f60, ftLastWriteTime.dwHighDateTime=0x1d824e9, nFileSizeHigh=0x0, nFileSizeLow=0x7dba, dwReserved0=0x0, dwReserved1=0x0, cFileName="g94bPx1JI4dy2.mkv", cAlternateFileName="G94BPX~1.MKV")) returned 1 [0267.041] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8083c640, ftCreationTime.dwHighDateTime=0x1d8218b, ftLastAccessTime.dwLowDateTime=0x873561e0, ftLastAccessTime.dwHighDateTime=0x1d82417, ftLastWriteTime.dwLowDateTime=0x873561e0, ftLastWriteTime.dwHighDateTime=0x1d82417, nFileSizeHigh=0x0, nFileSizeLow=0xb4a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="uc3PBpZHPx5TW6b8.avi", cAlternateFileName="UC3PBP~1.AVI")) returned 1 [0267.041] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5ebb440, ftCreationTime.dwHighDateTime=0x1d81ea7, ftLastAccessTime.dwLowDateTime=0x507071e0, ftLastAccessTime.dwHighDateTime=0x1d82372, ftLastWriteTime.dwLowDateTime=0x507071e0, ftLastWriteTime.dwHighDateTime=0x1d82372, nFileSizeHigh=0x0, nFileSizeLow=0x5a76, dwReserved0=0x0, dwReserved1=0x0, cFileName="yyXZ.mp4", cAlternateFileName="")) returned 1 [0267.041] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0267.041] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0267.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0267.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0267.042] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4", lpFilePart=0x0) returned 0x3a [0267.042] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4", lpFilePart=0x0) returned 0x3a [0267.043] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4", dwFileAttributes=0x80) returned 1 [0267.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0267.043] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\6ohv.mp4"), fInfoLevelId=0x0, lpFileInformation=0x25b1968 | out: lpFileInformation=0x25b1968*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xaf7e8060, ftCreationTime.dwHighDateTime=0x1d81c0f, ftLastAccessTime.dwLowDateTime=0x87eb19b0, ftLastAccessTime.dwHighDateTime=0x1d81d3a, ftLastWriteTime.dwLowDateTime=0x87eb19b0, ftLastWriteTime.dwHighDateTime=0x1d81d3a, nFileSizeHigh=0x0, nFileSizeLow=0xfb3c)) returned 1 [0267.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0267.043] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4", lpFilePart=0x0) returned 0x3a [0267.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0267.043] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\6ohv.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0267.043] GetFileType (hFile=0x1f4) returned 0x1 [0267.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0267.044] GetFileType (hFile=0x1f4) returned 0x1 [0267.044] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xfb3c [0267.044] ReadFile (in: hFile=0x1f4, lpBuffer=0x25b1e08, nNumberOfBytesToRead=0xfb3c, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25b1e08*, lpNumberOfBytesRead=0x14ed68*=0xfb3c, lpOverlapped=0x0) returned 1 [0267.045] CloseHandle (hObject=0x1f4) returned 1 [0267.401] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4", lpFilePart=0x0) returned 0x3a [0267.401] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0267.401] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\6ohv.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0267.438] GetFileType (hFile=0x1f4) returned 0x1 [0267.439] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0267.439] GetFileType (hFile=0x1f4) returned 0x1 [0267.439] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.440] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.441] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.441] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.441] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.442] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.442] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.442] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.443] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.443] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.444] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.444] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.444] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.445] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.445] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.445] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.446] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.446] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.446] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.447] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.447] WriteFile (in: hFile=0x1f4, lpBuffer=0x2669f90*, nNumberOfBytesToWrite=0xfc8, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2669f90*, lpNumberOfBytesWritten=0x14ec28*=0xfc8, lpOverlapped=0x0) returned 1 [0267.447] CloseHandle (hObject=0x1f4) returned 1 [0267.451] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4", lpFilePart=0x0) returned 0x3a [0267.451] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4.ampkcz", lpFilePart=0x0) returned 0x41 [0267.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0267.451] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\6ohv.mp4"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf7e8060, ftCreationTime.dwHighDateTime=0x1d81c0f, ftLastAccessTime.dwLowDateTime=0x87eb19b0, ftLastAccessTime.dwHighDateTime=0x1d81d3a, ftLastWriteTime.dwLowDateTime=0x8dd06e1c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x14fc8)) returned 1 [0267.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0267.451] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\6ohv.mp4"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\6ohv.mp4.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\6ohv.mp4.ampkcz")) returned 1 [0267.452] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\readme.txt", lpFilePart=0x0) returned 0x3c [0267.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0267.452] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0267.453] GetFileType (hFile=0x1f4) returned 0x1 [0267.453] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0267.453] GetFileType (hFile=0x1f4) returned 0x1 [0267.454] WriteFile (in: hFile=0x1f4, lpBuffer=0x266d218*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ecd8, lpOverlapped=0x0 | out: lpBuffer=0x266d218*, lpNumberOfBytesWritten=0x14ecd8*=0x6c6, lpOverlapped=0x0) returned 1 [0267.455] CloseHandle (hObject=0x1f4) returned 1 [0267.459] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv", lpFilePart=0x0) returned 0x3a [0267.459] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv", lpFilePart=0x0) returned 0x3a [0267.460] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv", dwFileAttributes=0x80) returned 1 [0267.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0267.461] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\b 90.mkv"), fInfoLevelId=0x0, lpFileInformation=0x266f120 | out: lpFileInformation=0x266f120*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xb940a480, ftCreationTime.dwHighDateTime=0x1d82a19, ftLastAccessTime.dwLowDateTime=0x17ed2be0, ftLastAccessTime.dwHighDateTime=0x1d82a27, ftLastWriteTime.dwLowDateTime=0x17ed2be0, ftLastWriteTime.dwHighDateTime=0x1d82a27, nFileSizeHigh=0x0, nFileSizeLow=0xc1ca)) returned 1 [0267.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0267.462] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv", lpFilePart=0x0) returned 0x3a [0267.463] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0267.463] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\b 90.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0267.463] GetFileType (hFile=0x1f4) returned 0x1 [0267.463] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0267.464] GetFileType (hFile=0x1f4) returned 0x1 [0267.464] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xc1ca [0267.464] ReadFile (in: hFile=0x1f4, lpBuffer=0x266f5c0, nNumberOfBytesToRead=0xc1ca, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x266f5c0*, lpNumberOfBytesRead=0x14ed68*=0xc1ca, lpOverlapped=0x0) returned 1 [0267.465] CloseHandle (hObject=0x1f4) returned 1 [0267.983] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv", lpFilePart=0x0) returned 0x3a [0267.983] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0267.983] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\b 90.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0267.985] GetFileType (hFile=0x1f4) returned 0x1 [0267.985] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0267.985] GetFileType (hFile=0x1f4) returned 0x1 [0267.985] WriteFile (in: hFile=0x1f4, lpBuffer=0x2719188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2719188*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.986] WriteFile (in: hFile=0x1f4, lpBuffer=0x2719188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2719188*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.987] WriteFile (in: hFile=0x1f4, lpBuffer=0x2719188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2719188*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.987] WriteFile (in: hFile=0x1f4, lpBuffer=0x2719188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2719188*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.988] WriteFile (in: hFile=0x1f4, lpBuffer=0x2719188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2719188*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.988] WriteFile (in: hFile=0x1f4, lpBuffer=0x2719188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2719188*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.988] WriteFile (in: hFile=0x1f4, lpBuffer=0x2719188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2719188*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.989] WriteFile (in: hFile=0x1f4, lpBuffer=0x2719188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2719188*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.989] WriteFile (in: hFile=0x1f4, lpBuffer=0x2719188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2719188*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.993] WriteFile (in: hFile=0x1f4, lpBuffer=0x2719188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2719188*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.993] WriteFile (in: hFile=0x1f4, lpBuffer=0x2719188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2719188*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.994] WriteFile (in: hFile=0x1f4, lpBuffer=0x2719188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2719188*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.994] WriteFile (in: hFile=0x1f4, lpBuffer=0x2719188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2719188*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.995] WriteFile (in: hFile=0x1f4, lpBuffer=0x2719188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2719188*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.995] WriteFile (in: hFile=0x1f4, lpBuffer=0x2719188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x2719188*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0267.996] WriteFile (in: hFile=0x1f4, lpBuffer=0x2719188*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x2719188*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0267.996] WriteFile (in: hFile=0x1f4, lpBuffer=0x2719188*, nNumberOfBytesToWrite=0x334, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x2719188*, lpNumberOfBytesWritten=0x14ec28*=0x334, lpOverlapped=0x0) returned 1 [0267.997] CloseHandle (hObject=0x1f4) returned 1 [0268.000] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv", lpFilePart=0x0) returned 0x3a [0268.000] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv.ampkcz", lpFilePart=0x0) returned 0x41 [0268.000] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0268.000] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\b 90.mkv"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb940a480, ftCreationTime.dwHighDateTime=0x1d82a19, ftLastAccessTime.dwLowDateTime=0x17ed2be0, ftLastAccessTime.dwHighDateTime=0x1d82a27, ftLastWriteTime.dwLowDateTime=0x8e243142, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x10334)) returned 1 [0268.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0268.000] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\b 90.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\B 90.mkv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\b 90.mkv.ampkcz")) returned 1 [0268.002] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv", lpFilePart=0x0) returned 0x43 [0268.002] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv", lpFilePart=0x0) returned 0x43 [0268.002] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv", dwFileAttributes=0x80) returned 1 [0268.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0268.003] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\g94bpx1ji4dy2.mkv"), fInfoLevelId=0x0, lpFileInformation=0x271ab08 | out: lpFileInformation=0x271ab08*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xa5f3ec50, ftCreationTime.dwHighDateTime=0x1d81b11, ftLastAccessTime.dwLowDateTime=0x56cf0f60, ftLastAccessTime.dwHighDateTime=0x1d824e9, ftLastWriteTime.dwLowDateTime=0x56cf0f60, ftLastWriteTime.dwHighDateTime=0x1d824e9, nFileSizeHigh=0x0, nFileSizeLow=0x7dba)) returned 1 [0268.003] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0268.003] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv", lpFilePart=0x0) returned 0x43 [0268.003] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0268.004] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\g94bpx1ji4dy2.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0268.004] GetFileType (hFile=0x1f4) returned 0x1 [0268.004] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0268.004] GetFileType (hFile=0x1f4) returned 0x1 [0268.004] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x7dba [0268.004] ReadFile (in: hFile=0x1f4, lpBuffer=0x271aff8, nNumberOfBytesToRead=0x7dba, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x271aff8*, lpNumberOfBytesRead=0x14ed68*=0x7dba, lpOverlapped=0x0) returned 1 [0268.005] CloseHandle (hObject=0x1f4) returned 1 [0268.445] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv", lpFilePart=0x0) returned 0x43 [0268.445] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0268.445] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\g94bpx1ji4dy2.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0268.447] GetFileType (hFile=0x1f4) returned 0x1 [0268.447] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0268.447] GetFileType (hFile=0x1f4) returned 0x1 [0268.448] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d50a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d50a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0268.449] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d50a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d50a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0268.449] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d50a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d50a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0268.449] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d50a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d50a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0268.450] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d50a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d50a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0268.450] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d50a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d50a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0268.451] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d50a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d50a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0268.451] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d50a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d50a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0268.451] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d50a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d50a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0268.452] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d50a8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25d50a8*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0268.452] WriteFile (in: hFile=0x1f4, lpBuffer=0x25d50a8*, nNumberOfBytesToWrite=0x874, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25d50a8*, lpNumberOfBytesWritten=0x14ec28*=0x874, lpOverlapped=0x0) returned 1 [0268.452] CloseHandle (hObject=0x1f4) returned 1 [0268.462] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv", lpFilePart=0x0) returned 0x43 [0268.462] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv.ampkcz", lpFilePart=0x0) returned 0x4a [0268.462] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0268.462] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\g94bpx1ji4dy2.mkv"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5f3ec50, ftCreationTime.dwHighDateTime=0x1d81b11, ftLastAccessTime.dwLowDateTime=0x56cf0f60, ftLastAccessTime.dwHighDateTime=0x1d824e9, ftLastWriteTime.dwLowDateTime=0x8e6aa37f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xa874)) returned 1 [0268.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0268.462] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\g94bpx1ji4dy2.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\g94bPx1JI4dy2.mkv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\g94bpx1ji4dy2.mkv.ampkcz")) returned 1 [0268.464] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi", lpFilePart=0x0) returned 0x46 [0268.465] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi", lpFilePart=0x0) returned 0x46 [0268.465] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi", dwFileAttributes=0x80) returned 1 [0268.465] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0268.465] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\uc3pbpzhpx5tw6b8.avi"), fInfoLevelId=0x0, lpFileInformation=0x25d6a88 | out: lpFileInformation=0x25d6a88*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x8083c640, ftCreationTime.dwHighDateTime=0x1d8218b, ftLastAccessTime.dwLowDateTime=0x873561e0, ftLastAccessTime.dwHighDateTime=0x1d82417, ftLastWriteTime.dwLowDateTime=0x873561e0, ftLastWriteTime.dwHighDateTime=0x1d82417, nFileSizeHigh=0x0, nFileSizeLow=0xb4a4)) returned 1 [0268.465] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0268.465] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi", lpFilePart=0x0) returned 0x46 [0268.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0268.466] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\uc3pbpzhpx5tw6b8.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0268.466] GetFileType (hFile=0x1f4) returned 0x1 [0268.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0268.466] GetFileType (hFile=0x1f4) returned 0x1 [0268.466] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0xb4a4 [0268.466] ReadFile (in: hFile=0x1f4, lpBuffer=0x25d6fa0, nNumberOfBytesToRead=0xb4a4, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x25d6fa0*, lpNumberOfBytesRead=0x14ed68*=0xb4a4, lpOverlapped=0x0) returned 1 [0268.467] CloseHandle (hObject=0x1f4) returned 1 [0269.098] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi", lpFilePart=0x0) returned 0x46 [0269.098] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0269.098] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\uc3pbpzhpx5tw6b8.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0269.100] GetFileType (hFile=0x1f4) returned 0x1 [0269.100] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0269.100] GetFileType (hFile=0x1f4) returned 0x1 [0269.100] WriteFile (in: hFile=0x1f4, lpBuffer=0x25218d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25218d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.102] WriteFile (in: hFile=0x1f4, lpBuffer=0x25218d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25218d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.102] WriteFile (in: hFile=0x1f4, lpBuffer=0x25218d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25218d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.102] WriteFile (in: hFile=0x1f4, lpBuffer=0x25218d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25218d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.103] WriteFile (in: hFile=0x1f4, lpBuffer=0x25218d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25218d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.103] WriteFile (in: hFile=0x1f4, lpBuffer=0x25218d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25218d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.104] WriteFile (in: hFile=0x1f4, lpBuffer=0x25218d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25218d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.104] WriteFile (in: hFile=0x1f4, lpBuffer=0x25218d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25218d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.104] WriteFile (in: hFile=0x1f4, lpBuffer=0x25218d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25218d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.105] WriteFile (in: hFile=0x1f4, lpBuffer=0x25218d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25218d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.105] WriteFile (in: hFile=0x1f4, lpBuffer=0x25218d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25218d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.105] WriteFile (in: hFile=0x1f4, lpBuffer=0x25218d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25218d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.106] WriteFile (in: hFile=0x1f4, lpBuffer=0x25218d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25218d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.106] WriteFile (in: hFile=0x1f4, lpBuffer=0x25218d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25218d0*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.107] WriteFile (in: hFile=0x1f4, lpBuffer=0x25218d0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ec48, lpOverlapped=0x0 | out: lpBuffer=0x25218d0*, lpNumberOfBytesWritten=0x14ec48*=0x1000, lpOverlapped=0x0) returned 1 [0269.107] WriteFile (in: hFile=0x1f4, lpBuffer=0x25218d0*, nNumberOfBytesToWrite=0x1b4, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25218d0*, lpNumberOfBytesWritten=0x14ec28*=0x1b4, lpOverlapped=0x0) returned 1 [0269.107] CloseHandle (hObject=0x1f4) returned 1 [0269.110] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi", lpFilePart=0x0) returned 0x46 [0269.110] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi.ampkcz", lpFilePart=0x0) returned 0x4d [0269.110] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0269.110] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\uc3pbpzhpx5tw6b8.avi"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8083c640, ftCreationTime.dwHighDateTime=0x1d8218b, ftLastAccessTime.dwLowDateTime=0x873561e0, ftLastAccessTime.dwHighDateTime=0x1d82417, ftLastWriteTime.dwLowDateTime=0x8ecd9e56, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xf1b4)) returned 1 [0269.110] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0269.111] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\uc3pbpzhpx5tw6b8.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\uc3PBpZHPx5TW6b8.avi.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\uc3pbpzhpx5tw6b8.avi.ampkcz")) returned 1 [0269.112] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4", nBufferLength=0x105, lpBuffer=0x14e9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4", lpFilePart=0x0) returned 0x3a [0269.113] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4", nBufferLength=0x105, lpBuffer=0x14e810, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4", lpFilePart=0x0) returned 0x3a [0269.113] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4", dwFileAttributes=0x80) returned 1 [0269.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee30) returned 1 [0269.113] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\yyxz.mp4"), fInfoLevelId=0x0, lpFileInformation=0x2523170 | out: lpFileInformation=0x2523170*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xc5ebb440, ftCreationTime.dwHighDateTime=0x1d81ea7, ftLastAccessTime.dwLowDateTime=0x507071e0, ftLastAccessTime.dwHighDateTime=0x1d82372, ftLastWriteTime.dwLowDateTime=0x507071e0, ftLastWriteTime.dwHighDateTime=0x1d82372, nFileSizeHigh=0x0, nFileSizeLow=0x5a76)) returned 1 [0269.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edf0) returned 1 [0269.113] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4", lpFilePart=0x0) returned 0x3a [0269.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0269.113] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\yyxz.mp4"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0269.114] GetFileType (hFile=0x1f4) returned 0x1 [0269.114] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0269.114] GetFileType (hFile=0x1f4) returned 0x1 [0269.114] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ee38 | out: lpFileSizeHigh=0x14ee38*=0x0) returned 0x5a76 [0269.114] ReadFile (in: hFile=0x1f4, lpBuffer=0x2523610, nNumberOfBytesToRead=0x5a76, lpNumberOfBytesRead=0x14ed68, lpOverlapped=0x0 | out: lpBuffer=0x2523610*, lpNumberOfBytesRead=0x14ed68*=0x5a76, lpOverlapped=0x0) returned 1 [0269.115] CloseHandle (hObject=0x1f4) returned 1 [0269.470] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4", nBufferLength=0x105, lpBuffer=0x14e700, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4", lpFilePart=0x0) returned 0x3a [0269.470] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0269.470] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\yyxz.mp4"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0269.471] GetFileType (hFile=0x1f4) returned 0x1 [0269.471] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0269.471] GetFileType (hFile=0x1f4) returned 0x1 [0269.472] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dce10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dce10*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.473] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dce10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dce10*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.474] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dce10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dce10*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.474] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dce10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dce10*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.475] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dce10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dce10*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.475] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dce10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dce10*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.475] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dce10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecc8, lpOverlapped=0x0 | out: lpBuffer=0x25dce10*, lpNumberOfBytesWritten=0x14ecc8*=0x1000, lpOverlapped=0x0) returned 1 [0269.476] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dce10*, nNumberOfBytesToWrite=0x974, lpNumberOfBytesWritten=0x14ec28, lpOverlapped=0x0 | out: lpBuffer=0x25dce10*, lpNumberOfBytesWritten=0x14ec28*=0x974, lpOverlapped=0x0) returned 1 [0269.476] CloseHandle (hObject=0x1f4) returned 1 [0269.479] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4", lpFilePart=0x0) returned 0x3a [0269.479] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4.ampkcz", nBufferLength=0x105, lpBuffer=0x14e960, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4.ampkcz", lpFilePart=0x0) returned 0x41 [0269.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0269.479] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\yyxz.mp4"), fInfoLevelId=0x0, lpFileInformation=0x14ee80 | out: lpFileInformation=0x14ee80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5ebb440, ftCreationTime.dwHighDateTime=0x1d81ea7, ftLastAccessTime.dwLowDateTime=0x507071e0, ftLastAccessTime.dwHighDateTime=0x1d82372, ftLastWriteTime.dwLowDateTime=0x8f05db5f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x7974)) returned 1 [0269.479] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0269.479] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\yyxz.mp4"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\yyXZ.mp4.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\videos\\y8mlsukji v4n vwru7y\\yyxz.mp4.ampkcz")) returned 1 [0269.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0269.480] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y", lpFilePart=0x0) returned 0x31 [0269.480] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\", lpFilePart=0x0) returned 0x32 [0269.480] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\Videos\\y8MlsukjI V4N Vwru7Y\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf06144e0, ftCreationTime.dwHighDateTime=0x1d82854, ftLastAccessTime.dwLowDateTime=0x8f05f048, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8f05f048, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0269.481] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf06144e0, ftCreationTime.dwHighDateTime=0x1d82854, ftLastAccessTime.dwLowDateTime=0x8f05f048, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8f05f048, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0269.481] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf7e8060, ftCreationTime.dwHighDateTime=0x1d81c0f, ftLastAccessTime.dwLowDateTime=0x87eb19b0, ftLastAccessTime.dwHighDateTime=0x1d81d3a, ftLastWriteTime.dwLowDateTime=0x8dd06e1c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x14fc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="6ohv.mp4.ampkcz", cAlternateFileName="6OHVMP~1.AMP")) returned 1 [0269.481] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb940a480, ftCreationTime.dwHighDateTime=0x1d82a19, ftLastAccessTime.dwLowDateTime=0x17ed2be0, ftLastAccessTime.dwHighDateTime=0x1d82a27, ftLastWriteTime.dwLowDateTime=0x8e243142, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x10334, dwReserved0=0x0, dwReserved1=0x0, cFileName="B 90.mkv.ampkcz", cAlternateFileName="B90MKV~1.AMP")) returned 1 [0269.481] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa5f3ec50, ftCreationTime.dwHighDateTime=0x1d81b11, ftLastAccessTime.dwLowDateTime=0x56cf0f60, ftLastAccessTime.dwHighDateTime=0x1d824e9, ftLastWriteTime.dwLowDateTime=0x8e6aa37f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xa874, dwReserved0=0x0, dwReserved1=0x0, cFileName="g94bPx1JI4dy2.mkv.ampkcz", cAlternateFileName="G94BPX~1.AMP")) returned 1 [0269.481] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8dd0bdfb, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x8dd0bdfb, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8dd122f5, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0269.482] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8083c640, ftCreationTime.dwHighDateTime=0x1d8218b, ftLastAccessTime.dwLowDateTime=0x873561e0, ftLastAccessTime.dwHighDateTime=0x1d82417, ftLastWriteTime.dwLowDateTime=0x8ecd9e56, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xf1b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="uc3PBpZHPx5TW6b8.avi.ampkcz", cAlternateFileName="UC3PBP~1.AMP")) returned 1 [0269.482] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5ebb440, ftCreationTime.dwHighDateTime=0x1d81ea7, ftLastAccessTime.dwLowDateTime=0x507071e0, ftLastAccessTime.dwHighDateTime=0x1d82372, ftLastWriteTime.dwLowDateTime=0x8f05db5f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x7974, dwReserved0=0x0, dwReserved1=0x0, cFileName="yyXZ.mp4.ampkcz", cAlternateFileName="YYXZMP~1.AMP")) returned 1 [0269.482] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5ebb440, ftCreationTime.dwHighDateTime=0x1d81ea7, ftLastAccessTime.dwLowDateTime=0x507071e0, ftLastAccessTime.dwHighDateTime=0x1d82372, ftLastWriteTime.dwLowDateTime=0x8f05db5f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x7974, dwReserved0=0x0, dwReserved1=0x0, cFileName="yyXZ.mp4.ampkcz", cAlternateFileName="YYXZMP~1.AMP")) returned 0 [0269.482] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0269.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0269.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0269.484] CoTaskMemAlloc (cb=0x20c) returned 0x668690 [0269.484] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x668690 | out: pszPath="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming") returned 0x0 [0269.485] CoTaskMemFree (pv=0x668690) [0269.485] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x14e8e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0269.485] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0269.485] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0269.485] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\", lpFilePart=0x0) returned 0x26 [0269.485] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x404638b4, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x404638b4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0269.485] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x404638b4, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x404638b4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0269.486] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43c7ba50, ftCreationTime.dwHighDateTime=0x1d823e7, ftLastAccessTime.dwLowDateTime=0x22a46f70, ftLastAccessTime.dwHighDateTime=0x1d8259b, ftLastWriteTime.dwLowDateTime=0x22a46f70, ftLastWriteTime.dwHighDateTime=0x1d8259b, nFileSizeHigh=0x0, nFileSizeLow=0xc5ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="26m3wwJK.mkv", cAlternateFileName="")) returned 1 [0269.486] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51e8f3d0, ftCreationTime.dwHighDateTime=0x1d82340, ftLastAccessTime.dwLowDateTime=0x59dc5af0, ftLastAccessTime.dwHighDateTime=0x1d824df, ftLastWriteTime.dwLowDateTime=0x59dc5af0, ftLastWriteTime.dwHighDateTime=0x1d824df, nFileSizeHigh=0x0, nFileSizeLow=0x2f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="3bOu8OSr4O3XSdd2k.jpg", cAlternateFileName="3BOU8O~1.JPG")) returned 1 [0269.486] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x721f3d60, ftCreationTime.dwHighDateTime=0x1d824ff, ftLastAccessTime.dwLowDateTime=0x27fd7440, ftLastAccessTime.dwHighDateTime=0x1d829b9, ftLastWriteTime.dwLowDateTime=0x27fd7440, ftLastWriteTime.dwHighDateTime=0x1d829b9, nFileSizeHigh=0x0, nFileSizeLow=0x104fc, dwReserved0=0x0, dwReserved1=0x0, cFileName="5o9I RK.wav", cAlternateFileName="5O9IRK~1.WAV")) returned 1 [0269.486] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73939f80, ftCreationTime.dwHighDateTime=0x1d81a2b, ftLastAccessTime.dwLowDateTime=0x2212fce0, ftLastAccessTime.dwHighDateTime=0x1d81ea0, ftLastWriteTime.dwLowDateTime=0x2212fce0, ftLastWriteTime.dwHighDateTime=0x1d81ea0, nFileSizeHigh=0x0, nFileSizeLow=0xe334, dwReserved0=0x0, dwReserved1=0x0, cFileName="5T5cbKa9sbk.flv", cAlternateFileName="5T5CBK~1.FLV")) returned 1 [0269.486] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3aa1d100, ftCreationTime.dwHighDateTime=0x1d82977, ftLastAccessTime.dwLowDateTime=0x73fe42f0, ftLastAccessTime.dwHighDateTime=0x1d829a7, ftLastWriteTime.dwLowDateTime=0x73fe42f0, ftLastWriteTime.dwHighDateTime=0x1d829a7, nFileSizeHigh=0x0, nFileSizeLow=0x8c8a, dwReserved0=0x0, dwReserved1=0x0, cFileName="6zi3qr.mkv", cAlternateFileName="")) returned 1 [0269.486] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf51c2ba0, ftCreationTime.dwHighDateTime=0x1d82203, ftLastAccessTime.dwLowDateTime=0xba0bdc10, ftLastAccessTime.dwHighDateTime=0x1d8242c, ftLastWriteTime.dwLowDateTime=0xba0bdc10, ftLastWriteTime.dwHighDateTime=0x1d8242c, nFileSizeHigh=0x0, nFileSizeLow=0xde2f, dwReserved0=0x0, dwReserved1=0x0, cFileName="94ud1HrR9Y_WU.bmp", cAlternateFileName="94UD1H~1.BMP")) returned 1 [0269.487] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0974e00, ftCreationTime.dwHighDateTime=0x1d81b9a, ftLastAccessTime.dwLowDateTime=0x8dcc9de0, ftLastAccessTime.dwHighDateTime=0x1d82686, ftLastWriteTime.dwLowDateTime=0x8dcc9de0, ftLastWriteTime.dwHighDateTime=0x1d82686, nFileSizeHigh=0x0, nFileSizeLow=0x11892, dwReserved0=0x0, dwReserved1=0x0, cFileName="a ecqnOlpldze.wav", cAlternateFileName="AECQNO~1.WAV")) returned 1 [0269.487] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0269.487] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38073e40, ftCreationTime.dwHighDateTime=0x1d8224b, ftLastAccessTime.dwLowDateTime=0x116df7d0, ftLastAccessTime.dwHighDateTime=0x1d827d0, ftLastWriteTime.dwLowDateTime=0x116df7d0, ftLastWriteTime.dwHighDateTime=0x1d827d0, nFileSizeHigh=0x0, nFileSizeLow=0x133ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="anaF77a3Y2dxPrh-.mp3", cAlternateFileName="ANAF77~1.MP3")) returned 1 [0269.487] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x508b09f0, ftCreationTime.dwHighDateTime=0x1d8258f, ftLastAccessTime.dwLowDateTime=0xff2f5aa0, ftLastAccessTime.dwHighDateTime=0x1d829e6, ftLastWriteTime.dwLowDateTime=0xff2f5aa0, ftLastWriteTime.dwHighDateTime=0x1d829e6, nFileSizeHigh=0x0, nFileSizeLow=0x4bb1, dwReserved0=0x0, dwReserved1=0x0, cFileName="BHsw__kdcBRz2LW.avi", cAlternateFileName="BHSW__~1.AVI")) returned 1 [0269.487] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20f2230, ftCreationTime.dwHighDateTime=0x1d822b9, ftLastAccessTime.dwLowDateTime=0xbd4269e0, ftLastAccessTime.dwHighDateTime=0x1d828a9, ftLastWriteTime.dwLowDateTime=0xbd4269e0, ftLastWriteTime.dwHighDateTime=0x1d828a9, nFileSizeHigh=0x0, nFileSizeLow=0x417a, dwReserved0=0x0, dwReserved1=0x0, cFileName="BifB.jpg", cAlternateFileName="")) returned 1 [0269.487] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b860d10, ftCreationTime.dwHighDateTime=0x1d825e7, ftLastAccessTime.dwLowDateTime=0xcaa918e0, ftLastAccessTime.dwHighDateTime=0x1d827f5, ftLastWriteTime.dwLowDateTime=0xcaa918e0, ftLastWriteTime.dwHighDateTime=0x1d827f5, nFileSizeHigh=0x0, nFileSizeLow=0xf9f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="CdDJEyiS 6.mkv", cAlternateFileName="CDDJEY~1.MKV")) returned 1 [0269.488] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed789db0, ftCreationTime.dwHighDateTime=0x1d81ead, ftLastAccessTime.dwLowDateTime=0x817aaaa0, ftLastAccessTime.dwHighDateTime=0x1d82834, ftLastWriteTime.dwLowDateTime=0x817aaaa0, ftLastWriteTime.dwHighDateTime=0x1d82834, nFileSizeHigh=0x0, nFileSizeLow=0x4305, dwReserved0=0x0, dwReserved1=0x0, cFileName="dKt67585y2iGh.gif", cAlternateFileName="DKT675~1.GIF")) returned 1 [0269.488] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32cde0c0, ftCreationTime.dwHighDateTime=0x1d8250f, ftLastAccessTime.dwLowDateTime=0x75e6a720, ftLastAccessTime.dwHighDateTime=0x1d82898, ftLastWriteTime.dwLowDateTime=0x75e6a720, ftLastWriteTime.dwHighDateTime=0x1d82898, nFileSizeHigh=0x0, nFileSizeLow=0x9021, dwReserved0=0x0, dwReserved1=0x0, cFileName="eDqY.ppt", cAlternateFileName="")) returned 1 [0269.488] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd21b7f80, ftCreationTime.dwHighDateTime=0x1d81f28, ftLastAccessTime.dwLowDateTime=0xdad4bb40, ftLastAccessTime.dwHighDateTime=0x1d82483, ftLastWriteTime.dwLowDateTime=0xdad4bb40, ftLastWriteTime.dwHighDateTime=0x1d82483, nFileSizeHigh=0x0, nFileSizeLow=0x2544, dwReserved0=0x0, dwReserved1=0x0, cFileName="g4oiGp.swf", cAlternateFileName="")) returned 1 [0269.488] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbb718d50, ftCreationTime.dwHighDateTime=0x1d81d2b, ftLastAccessTime.dwLowDateTime=0x71e80d70, ftLastAccessTime.dwHighDateTime=0x1d82844, ftLastWriteTime.dwLowDateTime=0x71e80d70, ftLastWriteTime.dwHighDateTime=0x1d82844, nFileSizeHigh=0x0, nFileSizeLow=0x15fa7, dwReserved0=0x0, dwReserved1=0x0, cFileName="HKAU9J8_.swf", cAlternateFileName="")) returned 1 [0269.488] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x940d4d0, ftCreationTime.dwHighDateTime=0x1d82017, ftLastAccessTime.dwLowDateTime=0x23035520, ftLastAccessTime.dwHighDateTime=0x1d82808, ftLastWriteTime.dwLowDateTime=0x23035520, ftLastWriteTime.dwHighDateTime=0x1d82808, nFileSizeHigh=0x0, nFileSizeLow=0x15de, dwReserved0=0x0, dwReserved1=0x0, cFileName="IyItXNxhKc.xlsx", cAlternateFileName="IYITXN~1.XLS")) returned 1 [0269.488] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2483b40, ftCreationTime.dwHighDateTime=0x1d82300, ftLastAccessTime.dwLowDateTime=0xd4d8a940, ftLastAccessTime.dwHighDateTime=0x1d82924, ftLastWriteTime.dwLowDateTime=0xd4d8a940, ftLastWriteTime.dwHighDateTime=0x1d82924, nFileSizeHigh=0x0, nFileSizeLow=0x5070, dwReserved0=0x0, dwReserved1=0x0, cFileName="j VYlUbVRoO.flv", cAlternateFileName="JVYLUB~1.FLV")) returned 1 [0269.489] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b0d2180, ftCreationTime.dwHighDateTime=0x1d81cea, ftLastAccessTime.dwLowDateTime=0xa099fdd0, ftLastAccessTime.dwHighDateTime=0x1d81f9e, ftLastWriteTime.dwLowDateTime=0xa099fdd0, ftLastWriteTime.dwHighDateTime=0x1d81f9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="jzT8o_LwdcONDLO_.pps", cAlternateFileName="JZT8O_~1.PPS")) returned 1 [0269.489] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xa92f1c4e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa92f1c4e, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0269.489] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa34e52d0, ftCreationTime.dwHighDateTime=0x1d82609, ftLastAccessTime.dwLowDateTime=0x38f1bef0, ftLastAccessTime.dwHighDateTime=0x1d82725, ftLastWriteTime.dwLowDateTime=0x38f1bef0, ftLastWriteTime.dwHighDateTime=0x1d82725, nFileSizeHigh=0x0, nFileSizeLow=0x117cd, dwReserved0=0x0, dwReserved1=0x0, cFileName="OL-VA6G.pptx", cAlternateFileName="OL-VA6~1.PPT")) returned 1 [0269.489] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa53021f0, ftCreationTime.dwHighDateTime=0x1d81b23, ftLastAccessTime.dwLowDateTime=0xb9a2fcc0, ftLastAccessTime.dwHighDateTime=0x1d826cc, ftLastWriteTime.dwLowDateTime=0xb9a2fcc0, ftLastWriteTime.dwHighDateTime=0x1d826cc, nFileSizeHigh=0x0, nFileSizeLow=0x11767, dwReserved0=0x0, dwReserved1=0x0, cFileName="pBOkipeqaxRxf.png", cAlternateFileName="PBOKIP~1.PNG")) returned 1 [0269.489] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94ea6800, ftCreationTime.dwHighDateTime=0x1d82942, ftLastAccessTime.dwLowDateTime=0x7a0c3440, ftLastAccessTime.dwHighDateTime=0x1d829b1, ftLastWriteTime.dwLowDateTime=0x7a0c3440, ftLastWriteTime.dwHighDateTime=0x1d829b1, nFileSizeHigh=0x0, nFileSizeLow=0x1571, dwReserved0=0x0, dwReserved1=0x0, cFileName="rA7pKV6vb6NNjN3.mp3", cAlternateFileName="RA7PKV~1.MP3")) returned 1 [0269.489] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x466a7a30, ftCreationTime.dwHighDateTime=0x1d81b4b, ftLastAccessTime.dwLowDateTime=0xa129a670, ftLastAccessTime.dwHighDateTime=0x1d81c37, ftLastWriteTime.dwLowDateTime=0xa129a670, ftLastWriteTime.dwHighDateTime=0x1d81c37, nFileSizeHigh=0x0, nFileSizeLow=0x219b, dwReserved0=0x0, dwReserved1=0x0, cFileName="RoUyJhW.ppt", cAlternateFileName="")) returned 1 [0269.490] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e918e10, ftCreationTime.dwHighDateTime=0x1d81b82, ftLastAccessTime.dwLowDateTime=0xf0769e80, ftLastAccessTime.dwHighDateTime=0x1d82039, ftLastWriteTime.dwLowDateTime=0xf0769e80, ftLastWriteTime.dwHighDateTime=0x1d82039, nFileSizeHigh=0x0, nFileSizeLow=0x553f, dwReserved0=0x0, dwReserved1=0x0, cFileName="RWeWHj.m4a", cAlternateFileName="")) returned 1 [0269.490] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x404638b4, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x404638b4, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x263f5400, ftLastWriteTime.dwHighDateTime=0x1d858e1, nFileSizeHigh=0x0, nFileSizeLow=0x6800, dwReserved0=0x0, dwReserved1=0x0, cFileName="svchost.exe", cAlternateFileName="")) returned 1 [0269.490] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72aaeb90, ftCreationTime.dwHighDateTime=0x1d81f6d, ftLastAccessTime.dwLowDateTime=0x9aabb140, ftLastAccessTime.dwHighDateTime=0x1d823ac, ftLastWriteTime.dwLowDateTime=0x9aabb140, ftLastWriteTime.dwHighDateTime=0x1d823ac, nFileSizeHigh=0x0, nFileSizeLow=0x81e2, dwReserved0=0x0, dwReserved1=0x0, cFileName="UwqOYWykrtHeh.rtf", cAlternateFileName="UWQOYW~1.RTF")) returned 1 [0269.490] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed336df0, ftCreationTime.dwHighDateTime=0x1d8272a, ftLastAccessTime.dwLowDateTime=0x6e31b30, ftLastAccessTime.dwHighDateTime=0x1d82819, ftLastWriteTime.dwLowDateTime=0x6e31b30, ftLastWriteTime.dwHighDateTime=0x1d82819, nFileSizeHigh=0x0, nFileSizeLow=0xb29b, dwReserved0=0x0, dwReserved1=0x0, cFileName="vjk7n7dRr9wN-wBnko.gif", cAlternateFileName="VJK7N7~1.GIF")) returned 1 [0269.490] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e1bd040, ftCreationTime.dwHighDateTime=0x1d81a20, ftLastAccessTime.dwLowDateTime=0x39b2070, ftLastAccessTime.dwHighDateTime=0x1d828fb, ftLastWriteTime.dwLowDateTime=0x39b2070, ftLastWriteTime.dwHighDateTime=0x1d828fb, nFileSizeHigh=0x0, nFileSizeLow=0x176dc, dwReserved0=0x0, dwReserved1=0x0, cFileName="x9uC54 FI0qgRIFge.gif", cAlternateFileName="X9UC54~1.GIF")) returned 1 [0269.490] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x411cac10, ftCreationTime.dwHighDateTime=0x1d819b6, ftLastAccessTime.dwLowDateTime=0x205b0830, ftLastAccessTime.dwHighDateTime=0x1d81b75, ftLastWriteTime.dwLowDateTime=0x205b0830, ftLastWriteTime.dwHighDateTime=0x1d81b75, nFileSizeHigh=0x0, nFileSizeLow=0x8cc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="yAlAwl-_dR.m4a", cAlternateFileName="YALAWL~1.M4A")) returned 1 [0269.490] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2118dfa0, ftCreationTime.dwHighDateTime=0x1d8265a, ftLastAccessTime.dwLowDateTime=0x5ae71630, ftLastAccessTime.dwHighDateTime=0x1d8273a, ftLastWriteTime.dwLowDateTime=0x5ae71630, ftLastWriteTime.dwHighDateTime=0x1d8273a, nFileSizeHigh=0x0, nFileSizeLow=0x1815a, dwReserved0=0x0, dwReserved1=0x0, cFileName="YtqzzWONpfQlDit.m4a", cAlternateFileName="YTQZZW~1.M4A")) returned 1 [0269.491] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7ac3b00, ftCreationTime.dwHighDateTime=0x1d81f40, ftLastAccessTime.dwLowDateTime=0x21d567a0, ftLastAccessTime.dwHighDateTime=0x1d82543, ftLastWriteTime.dwLowDateTime=0x21d567a0, ftLastWriteTime.dwHighDateTime=0x1d82543, nFileSizeHigh=0x0, nFileSizeLow=0xc67c, dwReserved0=0x0, dwReserved1=0x0, cFileName="zk05xdEMdEfIxEq.wav", cAlternateFileName="ZK05XD~1.WAV")) returned 1 [0269.491] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66d2c300, ftCreationTime.dwHighDateTime=0x1d8231a, ftLastAccessTime.dwLowDateTime=0xf7831e90, ftLastAccessTime.dwHighDateTime=0x1d82379, ftLastWriteTime.dwLowDateTime=0xf7831e90, ftLastWriteTime.dwHighDateTime=0x1d82379, nFileSizeHigh=0x0, nFileSizeLow=0xf1a8, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZWpTfUw.mp3", cAlternateFileName="")) returned 1 [0269.491] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0269.491] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0269.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0269.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0269.493] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv", lpFilePart=0x0) returned 0x32 [0269.493] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv", lpFilePart=0x0) returned 0x32 [0269.493] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv", dwFileAttributes=0x80) returned 1 [0269.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0269.493] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\26m3wwjk.mkv"), fInfoLevelId=0x0, lpFileInformation=0x25e5238 | out: lpFileInformation=0x25e5238*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x43c7ba50, ftCreationTime.dwHighDateTime=0x1d823e7, ftLastAccessTime.dwLowDateTime=0x22a46f70, ftLastAccessTime.dwHighDateTime=0x1d8259b, ftLastWriteTime.dwLowDateTime=0x22a46f70, ftLastWriteTime.dwHighDateTime=0x1d8259b, nFileSizeHigh=0x0, nFileSizeLow=0xc5ea)) returned 1 [0269.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0269.495] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv", lpFilePart=0x0) returned 0x32 [0269.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0269.495] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\26m3wwjk.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0269.495] GetFileType (hFile=0x1f4) returned 0x1 [0269.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0269.495] GetFileType (hFile=0x1f4) returned 0x1 [0269.495] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0xc5ea [0269.495] ReadFile (in: hFile=0x1f4, lpBuffer=0x25e56b8, nNumberOfBytesToRead=0xc5ea, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25e56b8*, lpNumberOfBytesRead=0x14edd8*=0xc5ea, lpOverlapped=0x0) returned 1 [0269.497] CloseHandle (hObject=0x1f4) returned 1 [0269.839] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv", lpFilePart=0x0) returned 0x32 [0269.839] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0269.839] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\26m3wwjk.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0269.841] GetFileType (hFile=0x1f4) returned 0x1 [0269.841] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0269.841] GetFileType (hFile=0x1f4) returned 0x1 [0269.841] WriteFile (in: hFile=0x1f4, lpBuffer=0x26902f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26902f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0269.842] WriteFile (in: hFile=0x1f4, lpBuffer=0x26902f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26902f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0269.843] WriteFile (in: hFile=0x1f4, lpBuffer=0x26902f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26902f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0269.843] WriteFile (in: hFile=0x1f4, lpBuffer=0x26902f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26902f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0269.843] WriteFile (in: hFile=0x1f4, lpBuffer=0x26902f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26902f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0269.844] WriteFile (in: hFile=0x1f4, lpBuffer=0x26902f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26902f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0269.844] WriteFile (in: hFile=0x1f4, lpBuffer=0x26902f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26902f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0269.845] WriteFile (in: hFile=0x1f4, lpBuffer=0x26902f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26902f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0269.845] WriteFile (in: hFile=0x1f4, lpBuffer=0x26902f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26902f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0269.845] WriteFile (in: hFile=0x1f4, lpBuffer=0x26902f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26902f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0269.846] WriteFile (in: hFile=0x1f4, lpBuffer=0x26902f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26902f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0269.846] WriteFile (in: hFile=0x1f4, lpBuffer=0x26902f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26902f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0269.847] WriteFile (in: hFile=0x1f4, lpBuffer=0x26902f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26902f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0269.847] WriteFile (in: hFile=0x1f4, lpBuffer=0x26902f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26902f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0269.847] WriteFile (in: hFile=0x1f4, lpBuffer=0x26902f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26902f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0269.848] WriteFile (in: hFile=0x1f4, lpBuffer=0x26902f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26902f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0269.848] WriteFile (in: hFile=0x1f4, lpBuffer=0x26902f8*, nNumberOfBytesToWrite=0x8b4, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26902f8*, lpNumberOfBytesWritten=0x14ec98*=0x8b4, lpOverlapped=0x0) returned 1 [0269.848] CloseHandle (hObject=0x1f4) returned 1 [0269.927] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv", lpFilePart=0x0) returned 0x32 [0269.927] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv.ampkcz", lpFilePart=0x0) returned 0x39 [0269.927] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0269.927] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\26m3wwjk.mkv"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43c7ba50, ftCreationTime.dwHighDateTime=0x1d823e7, ftLastAccessTime.dwLowDateTime=0x22a46f70, ftLastAccessTime.dwHighDateTime=0x1d8259b, ftLastWriteTime.dwLowDateTime=0x8f4a2491, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x108b4)) returned 1 [0269.927] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0269.927] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\26m3wwjk.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\26m3wwJK.mkv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\26m3wwjk.mkv.ampkcz")) returned 1 [0269.928] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\readme.txt", lpFilePart=0x0) returned 0x30 [0269.928] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0269.928] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0269.929] GetFileType (hFile=0x1f4) returned 0x1 [0269.929] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0269.929] GetFileType (hFile=0x1f4) returned 0x1 [0269.930] WriteFile (in: hFile=0x1f4, lpBuffer=0x2693520*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ed48, lpOverlapped=0x0 | out: lpBuffer=0x2693520*, lpNumberOfBytesWritten=0x14ed48*=0x6c6, lpOverlapped=0x0) returned 1 [0269.931] CloseHandle (hObject=0x1f4) returned 1 [0269.932] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg", lpFilePart=0x0) returned 0x3b [0269.932] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg", lpFilePart=0x0) returned 0x3b [0269.932] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg", dwFileAttributes=0x80) returned 1 [0269.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0269.933] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\3bou8osr4o3xsdd2k.jpg"), fInfoLevelId=0x0, lpFileInformation=0x2694f90 | out: lpFileInformation=0x2694f90*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x51e8f3d0, ftCreationTime.dwHighDateTime=0x1d82340, ftLastAccessTime.dwLowDateTime=0x59dc5af0, ftLastAccessTime.dwHighDateTime=0x1d824df, ftLastWriteTime.dwLowDateTime=0x59dc5af0, ftLastWriteTime.dwHighDateTime=0x1d824df, nFileSizeHigh=0x0, nFileSizeLow=0x2f60)) returned 1 [0269.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0269.933] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg", lpFilePart=0x0) returned 0x3b [0269.933] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0269.933] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\3bou8osr4o3xsdd2k.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0269.933] GetFileType (hFile=0x1f4) returned 0x1 [0269.933] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0269.933] GetFileType (hFile=0x1f4) returned 0x1 [0269.933] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x2f60 [0269.933] ReadFile (in: hFile=0x1f4, lpBuffer=0x2695460, nNumberOfBytesToRead=0x2f60, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2695460*, lpNumberOfBytesRead=0x14edd8*=0x2f60, lpOverlapped=0x0) returned 1 [0269.935] CloseHandle (hObject=0x1f4) returned 1 [0270.472] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg", lpFilePart=0x0) returned 0x3b [0270.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0270.472] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\3bou8osr4o3xsdd2k.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0270.474] GetFileType (hFile=0x1f4) returned 0x1 [0270.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0270.474] GetFileType (hFile=0x1f4) returned 0x1 [0270.474] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532cd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532cd0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.476] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532cd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532cd0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.476] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532cd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532cd0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.477] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532cd0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecb8, lpOverlapped=0x0 | out: lpBuffer=0x2532cd0*, lpNumberOfBytesWritten=0x14ecb8*=0x1000, lpOverlapped=0x0) returned 1 [0270.477] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532cd0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2532cd0*, lpNumberOfBytesWritten=0x14ec98*=0x8, lpOverlapped=0x0) returned 1 [0270.477] CloseHandle (hObject=0x1f4) returned 1 [0270.480] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg", lpFilePart=0x0) returned 0x3b [0270.480] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg.ampkcz", lpFilePart=0x0) returned 0x42 [0270.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0270.480] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\3bou8osr4o3xsdd2k.jpg"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51e8f3d0, ftCreationTime.dwHighDateTime=0x1d82340, ftLastAccessTime.dwLowDateTime=0x59dc5af0, ftLastAccessTime.dwHighDateTime=0x1d824df, ftLastWriteTime.dwLowDateTime=0x8f9e945f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x4008)) returned 1 [0270.480] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0270.480] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\3bou8osr4o3xsdd2k.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\3bOu8OSr4O3XSdd2k.jpg.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\3bou8osr4o3xsdd2k.jpg.ampkcz")) returned 1 [0270.485] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav", lpFilePart=0x0) returned 0x31 [0270.485] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav", lpFilePart=0x0) returned 0x31 [0270.485] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav", dwFileAttributes=0x80) returned 1 [0270.486] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0270.486] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5o9i rk.wav"), fInfoLevelId=0x0, lpFileInformation=0x2534f78 | out: lpFileInformation=0x2534f78*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x721f3d60, ftCreationTime.dwHighDateTime=0x1d824ff, ftLastAccessTime.dwLowDateTime=0x27fd7440, ftLastAccessTime.dwHighDateTime=0x1d829b9, ftLastWriteTime.dwLowDateTime=0x27fd7440, ftLastWriteTime.dwHighDateTime=0x1d829b9, nFileSizeHigh=0x0, nFileSizeLow=0x104fc)) returned 1 [0270.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0270.486] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav", lpFilePart=0x0) returned 0x31 [0270.486] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0270.486] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5o9i rk.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0270.486] GetFileType (hFile=0x1f4) returned 0x1 [0270.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0270.486] GetFileType (hFile=0x1f4) returned 0x1 [0270.486] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x104fc [0270.487] ReadFile (in: hFile=0x1f4, lpBuffer=0x25353e8, nNumberOfBytesToRead=0x104fc, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25353e8*, lpNumberOfBytesRead=0x14edd8*=0x104fc, lpOverlapped=0x0) returned 1 [0270.489] CloseHandle (hObject=0x1f4) returned 1 [0270.832] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav", lpFilePart=0x0) returned 0x31 [0270.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0270.832] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5o9i rk.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0270.834] GetFileType (hFile=0x1f4) returned 0x1 [0270.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0270.834] GetFileType (hFile=0x1f4) returned 0x1 [0270.835] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.836] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.837] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.837] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.838] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.838] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.839] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.839] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.841] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.842] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.842] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.843] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.843] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.844] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.845] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.845] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.845] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.846] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.847] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.847] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.848] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0270.848] WriteFile (in: hFile=0x1f4, lpBuffer=0x25efc60*, nNumberOfBytesToWrite=0xcc8, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25efc60*, lpNumberOfBytesWritten=0x14ec98*=0xcc8, lpOverlapped=0x0) returned 1 [0270.848] CloseHandle (hObject=0x1f4) returned 1 [0270.886] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav", lpFilePart=0x0) returned 0x31 [0270.886] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav.ampkcz", lpFilePart=0x0) returned 0x38 [0270.886] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0270.887] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5o9i rk.wav"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x721f3d60, ftCreationTime.dwHighDateTime=0x1d824ff, ftLastAccessTime.dwLowDateTime=0x27fd7440, ftLastAccessTime.dwHighDateTime=0x1d829b9, ftLastWriteTime.dwLowDateTime=0x8fdc8ea1, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x15cc8)) returned 1 [0270.887] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0270.887] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5o9i rk.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5o9I RK.wav.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5o9i rk.wav.ampkcz")) returned 1 [0270.896] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv", lpFilePart=0x0) returned 0x35 [0270.896] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv", lpFilePart=0x0) returned 0x35 [0270.896] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv", dwFileAttributes=0x80) returned 1 [0270.896] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0270.897] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5t5cbka9sbk.flv"), fInfoLevelId=0x0, lpFileInformation=0x25f1be8 | out: lpFileInformation=0x25f1be8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x73939f80, ftCreationTime.dwHighDateTime=0x1d81a2b, ftLastAccessTime.dwLowDateTime=0x2212fce0, ftLastAccessTime.dwHighDateTime=0x1d81ea0, ftLastWriteTime.dwLowDateTime=0x2212fce0, ftLastWriteTime.dwHighDateTime=0x1d81ea0, nFileSizeHigh=0x0, nFileSizeLow=0xe334)) returned 1 [0270.897] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0270.897] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv", lpFilePart=0x0) returned 0x35 [0270.897] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0270.897] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5t5cbka9sbk.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0270.897] GetFileType (hFile=0x1f4) returned 0x1 [0270.897] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0270.897] GetFileType (hFile=0x1f4) returned 0x1 [0270.897] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0xe334 [0270.897] ReadFile (in: hFile=0x1f4, lpBuffer=0x25f2080, nNumberOfBytesToRead=0xe334, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25f2080*, lpNumberOfBytesRead=0x14edd8*=0xe334, lpOverlapped=0x0) returned 1 [0270.898] CloseHandle (hObject=0x1f4) returned 1 [0271.407] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv", lpFilePart=0x0) returned 0x35 [0271.407] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0271.407] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5t5cbka9sbk.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0271.409] GetFileType (hFile=0x1f4) returned 0x1 [0271.409] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0271.409] GetFileType (hFile=0x1f4) returned 0x1 [0271.409] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.412] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.413] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.413] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.414] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.414] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.415] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.415] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.415] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.416] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.416] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.417] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.417] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.417] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.418] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.418] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.418] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.418] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.419] WriteFile (in: hFile=0x1f4, lpBuffer=0x26a4208*, nNumberOfBytesToWrite=0xfc8, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26a4208*, lpNumberOfBytesWritten=0x14ec98*=0xfc8, lpOverlapped=0x0) returned 1 [0271.419] CloseHandle (hObject=0x1f4) returned 1 [0271.422] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv", lpFilePart=0x0) returned 0x35 [0271.422] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv.ampkcz", lpFilePart=0x0) returned 0x3c [0271.422] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0271.422] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5t5cbka9sbk.flv"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73939f80, ftCreationTime.dwHighDateTime=0x1d81a2b, ftLastAccessTime.dwLowDateTime=0x2212fce0, ftLastAccessTime.dwHighDateTime=0x1d81ea0, ftLastWriteTime.dwLowDateTime=0x902da607, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x12fc8)) returned 1 [0271.422] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0271.422] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5t5cbka9sbk.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\5T5cbKa9sbk.flv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\5t5cbka9sbk.flv.ampkcz")) returned 1 [0271.424] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv", lpFilePart=0x0) returned 0x30 [0271.424] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv", lpFilePart=0x0) returned 0x30 [0271.424] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv", dwFileAttributes=0x80) returned 1 [0271.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0271.425] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\6zi3qr.mkv"), fInfoLevelId=0x0, lpFileInformation=0x26a5b60 | out: lpFileInformation=0x26a5b60*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x3aa1d100, ftCreationTime.dwHighDateTime=0x1d82977, ftLastAccessTime.dwLowDateTime=0x73fe42f0, ftLastAccessTime.dwHighDateTime=0x1d829a7, ftLastWriteTime.dwLowDateTime=0x73fe42f0, ftLastWriteTime.dwHighDateTime=0x1d829a7, nFileSizeHigh=0x0, nFileSizeLow=0x8c8a)) returned 1 [0271.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0271.425] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv", lpFilePart=0x0) returned 0x30 [0271.425] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0271.425] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\6zi3qr.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0271.425] GetFileType (hFile=0x1f4) returned 0x1 [0271.425] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0271.425] GetFileType (hFile=0x1f4) returned 0x1 [0271.425] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x8c8a [0271.426] ReadFile (in: hFile=0x1f4, lpBuffer=0x26a5fd0, nNumberOfBytesToRead=0x8c8a, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x26a5fd0*, lpNumberOfBytesRead=0x14edd8*=0x8c8a, lpOverlapped=0x0) returned 1 [0271.427] CloseHandle (hObject=0x1f4) returned 1 [0271.817] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv", lpFilePart=0x0) returned 0x30 [0271.817] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0271.817] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\6zi3qr.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0271.818] GetFileType (hFile=0x1f4) returned 0x1 [0271.818] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0271.819] GetFileType (hFile=0x1f4) returned 0x1 [0271.819] WriteFile (in: hFile=0x1f4, lpBuffer=0x2561ce8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2561ce8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.820] WriteFile (in: hFile=0x1f4, lpBuffer=0x2561ce8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2561ce8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.821] WriteFile (in: hFile=0x1f4, lpBuffer=0x2561ce8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2561ce8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.821] WriteFile (in: hFile=0x1f4, lpBuffer=0x2561ce8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2561ce8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.821] WriteFile (in: hFile=0x1f4, lpBuffer=0x2561ce8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2561ce8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.822] WriteFile (in: hFile=0x1f4, lpBuffer=0x2561ce8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2561ce8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.822] WriteFile (in: hFile=0x1f4, lpBuffer=0x2561ce8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2561ce8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.823] WriteFile (in: hFile=0x1f4, lpBuffer=0x2561ce8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2561ce8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.823] WriteFile (in: hFile=0x1f4, lpBuffer=0x2561ce8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2561ce8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.823] WriteFile (in: hFile=0x1f4, lpBuffer=0x2561ce8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2561ce8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.824] WriteFile (in: hFile=0x1f4, lpBuffer=0x2561ce8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2561ce8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0271.824] WriteFile (in: hFile=0x1f4, lpBuffer=0x2561ce8*, nNumberOfBytesToWrite=0xc34, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2561ce8*, lpNumberOfBytesWritten=0x14ec98*=0xc34, lpOverlapped=0x0) returned 1 [0271.824] CloseHandle (hObject=0x1f4) returned 1 [0271.827] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv", lpFilePart=0x0) returned 0x30 [0271.827] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv.ampkcz", lpFilePart=0x0) returned 0x37 [0271.827] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0271.827] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\6zi3qr.mkv"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3aa1d100, ftCreationTime.dwHighDateTime=0x1d82977, ftLastAccessTime.dwLowDateTime=0x73fe42f0, ftLastAccessTime.dwHighDateTime=0x1d829a7, ftLastWriteTime.dwLowDateTime=0x906c1fb3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xbc34)) returned 1 [0271.827] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0271.827] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\6zi3qr.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\6zi3qr.mkv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\6zi3qr.mkv.ampkcz")) returned 1 [0271.829] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp", lpFilePart=0x0) returned 0x37 [0271.829] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp", lpFilePart=0x0) returned 0x37 [0271.829] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp", dwFileAttributes=0x80) returned 1 [0271.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0271.829] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\94ud1hrr9y_wu.bmp"), fInfoLevelId=0x0, lpFileInformation=0x2563600 | out: lpFileInformation=0x2563600*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xf51c2ba0, ftCreationTime.dwHighDateTime=0x1d82203, ftLastAccessTime.dwLowDateTime=0xba0bdc10, ftLastAccessTime.dwHighDateTime=0x1d8242c, ftLastWriteTime.dwLowDateTime=0xba0bdc10, ftLastWriteTime.dwHighDateTime=0x1d8242c, nFileSizeHigh=0x0, nFileSizeLow=0xde2f)) returned 1 [0271.829] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0271.829] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp", lpFilePart=0x0) returned 0x37 [0271.829] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0271.857] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\94ud1hrr9y_wu.bmp"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0271.857] GetFileType (hFile=0x1f4) returned 0x1 [0271.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0271.858] GetFileType (hFile=0x1f4) returned 0x1 [0271.858] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0xde2f [0271.858] ReadFile (in: hFile=0x1f4, lpBuffer=0x2563aa8, nNumberOfBytesToRead=0xde2f, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2563aa8*, lpNumberOfBytesRead=0x14edd8*=0xde2f, lpOverlapped=0x0) returned 1 [0271.859] CloseHandle (hObject=0x1f4) returned 1 [0272.249] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp", lpFilePart=0x0) returned 0x37 [0272.249] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0272.249] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\94ud1hrr9y_wu.bmp"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0272.251] GetFileType (hFile=0x1f4) returned 0x1 [0272.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0272.251] GetFileType (hFile=0x1f4) returned 0x1 [0272.252] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.253] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.254] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.254] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.255] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.255] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.256] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.256] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.256] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.257] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.258] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.258] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.259] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.259] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.260] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.260] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.261] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.261] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.262] WriteFile (in: hFile=0x1f4, lpBuffer=0x26147f8*, nNumberOfBytesToWrite=0x908, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26147f8*, lpNumberOfBytesWritten=0x14ec98*=0x908, lpOverlapped=0x0) returned 1 [0272.262] CloseHandle (hObject=0x1f4) returned 1 [0272.269] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp", lpFilePart=0x0) returned 0x37 [0272.269] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp.ampkcz", lpFilePart=0x0) returned 0x3e [0272.269] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0272.269] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\94ud1hrr9y_wu.bmp"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf51c2ba0, ftCreationTime.dwHighDateTime=0x1d82203, ftLastAccessTime.dwLowDateTime=0xba0bdc10, ftLastAccessTime.dwHighDateTime=0x1d8242c, ftLastWriteTime.dwLowDateTime=0x90af7caf, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x12908)) returned 1 [0272.270] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0272.270] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\94ud1hrr9y_wu.bmp"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\94ud1HrR9Y_WU.bmp.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\94ud1hrr9y_wu.bmp.ampkcz")) returned 1 [0272.277] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav", lpFilePart=0x0) returned 0x37 [0272.277] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav", lpFilePart=0x0) returned 0x37 [0272.277] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav", dwFileAttributes=0x80) returned 1 [0272.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0272.278] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\a ecqnolpldze.wav"), fInfoLevelId=0x0, lpFileInformation=0x2616a98 | out: lpFileInformation=0x2616a98*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd0974e00, ftCreationTime.dwHighDateTime=0x1d81b9a, ftLastAccessTime.dwLowDateTime=0x8dcc9de0, ftLastAccessTime.dwHighDateTime=0x1d82686, ftLastWriteTime.dwLowDateTime=0x8dcc9de0, ftLastWriteTime.dwHighDateTime=0x1d82686, nFileSizeHigh=0x0, nFileSizeLow=0x11892)) returned 1 [0272.278] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0272.278] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav", lpFilePart=0x0) returned 0x37 [0272.278] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0272.278] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\a ecqnolpldze.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0272.279] GetFileType (hFile=0x1f4) returned 0x1 [0272.279] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0272.279] GetFileType (hFile=0x1f4) returned 0x1 [0272.279] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x11892 [0272.279] ReadFile (in: hFile=0x1f4, lpBuffer=0x2616f40, nNumberOfBytesToRead=0x11892, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2616f40*, lpNumberOfBytesRead=0x14edd8*=0x11892, lpOverlapped=0x0) returned 1 [0272.280] CloseHandle (hObject=0x1f4) returned 1 [0272.624] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav", lpFilePart=0x0) returned 0x37 [0272.625] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0272.625] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\a ecqnolpldze.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0272.627] GetFileType (hFile=0x1f4) returned 0x1 [0272.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0272.627] GetFileType (hFile=0x1f4) returned 0x1 [0272.627] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.628] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.629] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.629] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.630] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.630] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.631] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.631] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.631] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.632] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.632] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.632] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.633] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.633] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.633] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.634] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.634] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.635] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.635] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.635] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.636] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.636] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.637] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0272.637] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d6650*, nNumberOfBytesToWrite=0x6f4, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26d6650*, lpNumberOfBytesWritten=0x14ec98*=0x6f4, lpOverlapped=0x0) returned 1 [0272.637] CloseHandle (hObject=0x1f4) returned 1 [0272.641] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav", lpFilePart=0x0) returned 0x37 [0272.641] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav.ampkcz", lpFilePart=0x0) returned 0x3e [0272.641] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0272.641] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\a ecqnolpldze.wav"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0974e00, ftCreationTime.dwHighDateTime=0x1d81b9a, ftLastAccessTime.dwLowDateTime=0x8dcc9de0, ftLastAccessTime.dwHighDateTime=0x1d82686, ftLastWriteTime.dwLowDateTime=0x90e857d4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x176f4)) returned 1 [0272.641] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0272.641] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\a ecqnolpldze.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\a ecqnOlpldze.wav.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\a ecqnolpldze.wav.ampkcz")) returned 1 [0272.643] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3", lpFilePart=0x0) returned 0x3a [0272.643] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3", lpFilePart=0x0) returned 0x3a [0272.643] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3", dwFileAttributes=0x80) returned 1 [0272.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0272.644] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\anaf77a3y2dxprh-.mp3"), fInfoLevelId=0x0, lpFileInformation=0x26d7e80 | out: lpFileInformation=0x26d7e80*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x38073e40, ftCreationTime.dwHighDateTime=0x1d8224b, ftLastAccessTime.dwLowDateTime=0x116df7d0, ftLastAccessTime.dwHighDateTime=0x1d827d0, ftLastWriteTime.dwLowDateTime=0x116df7d0, ftLastWriteTime.dwHighDateTime=0x1d827d0, nFileSizeHigh=0x0, nFileSizeLow=0x133ac)) returned 1 [0272.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0272.644] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3", lpFilePart=0x0) returned 0x3a [0272.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0272.644] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\anaf77a3y2dxprh-.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0272.644] GetFileType (hFile=0x1f4) returned 0x1 [0272.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0272.644] GetFileType (hFile=0x1f4) returned 0x1 [0272.644] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x133ac [0272.644] ReadFile (in: hFile=0x1f4, lpBuffer=0x26d8350, nNumberOfBytesToRead=0x133ac, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x26d8350*, lpNumberOfBytesRead=0x14edd8*=0x133ac, lpOverlapped=0x0) returned 1 [0272.646] CloseHandle (hObject=0x1f4) returned 1 [0273.128] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3", lpFilePart=0x0) returned 0x3a [0273.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0273.129] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\anaf77a3y2dxprh-.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0273.130] GetFileType (hFile=0x1f4) returned 0x1 [0273.130] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0273.130] GetFileType (hFile=0x1f4) returned 0x1 [0273.131] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.132] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.132] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.133] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.133] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.133] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.134] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.134] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.134] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.135] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.135] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.135] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.136] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.136] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.137] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.137] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.137] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.138] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.138] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.139] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.139] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.139] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.140] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.140] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.140] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.141] WriteFile (in: hFile=0x1f4, lpBuffer=0x25c39f0*, nNumberOfBytesToWrite=0xb08, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25c39f0*, lpNumberOfBytesWritten=0x14ec98*=0xb08, lpOverlapped=0x0) returned 1 [0273.141] CloseHandle (hObject=0x1f4) returned 1 [0273.215] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3", lpFilePart=0x0) returned 0x3a [0273.216] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3.ampkcz", lpFilePart=0x0) returned 0x41 [0273.216] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0273.216] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\anaf77a3y2dxprh-.mp3"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38073e40, ftCreationTime.dwHighDateTime=0x1d8224b, ftLastAccessTime.dwLowDateTime=0x116df7d0, ftLastAccessTime.dwHighDateTime=0x1d827d0, ftLastWriteTime.dwLowDateTime=0x913ff65b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x19b08)) returned 1 [0273.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0273.216] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\anaf77a3y2dxprh-.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\anaF77a3Y2dxPrh-.mp3.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\anaf77a3y2dxprh-.mp3.ampkcz")) returned 1 [0273.220] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi", lpFilePart=0x0) returned 0x39 [0273.220] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi", lpFilePart=0x0) returned 0x39 [0273.220] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi", dwFileAttributes=0x80) returned 1 [0273.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0273.221] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bhsw__kdcbrz2lw.avi"), fInfoLevelId=0x0, lpFileInformation=0x25c5398 | out: lpFileInformation=0x25c5398*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x508b09f0, ftCreationTime.dwHighDateTime=0x1d8258f, ftLastAccessTime.dwLowDateTime=0xff2f5aa0, ftLastAccessTime.dwHighDateTime=0x1d829e6, ftLastWriteTime.dwLowDateTime=0xff2f5aa0, ftLastWriteTime.dwHighDateTime=0x1d829e6, nFileSizeHigh=0x0, nFileSizeLow=0x4bb1)) returned 1 [0273.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0273.221] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi", lpFilePart=0x0) returned 0x39 [0273.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0273.221] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bhsw__kdcbrz2lw.avi"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0273.221] GetFileType (hFile=0x1f4) returned 0x1 [0273.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0273.221] GetFileType (hFile=0x1f4) returned 0x1 [0273.221] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x4bb1 [0273.222] ReadFile (in: hFile=0x1f4, lpBuffer=0x25c5858, nNumberOfBytesToRead=0x4bb1, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25c5858*, lpNumberOfBytesRead=0x14edd8*=0x4bb1, lpOverlapped=0x0) returned 1 [0273.223] CloseHandle (hObject=0x1f4) returned 1 [0273.624] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi", lpFilePart=0x0) returned 0x39 [0273.624] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0273.624] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bhsw__kdcbrz2lw.avi"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0273.626] GetFileType (hFile=0x1f4) returned 0x1 [0273.626] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0273.626] GetFileType (hFile=0x1f4) returned 0x1 [0273.626] WriteFile (in: hFile=0x1f4, lpBuffer=0x2674938*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2674938*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.627] WriteFile (in: hFile=0x1f4, lpBuffer=0x2674938*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2674938*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.628] WriteFile (in: hFile=0x1f4, lpBuffer=0x2674938*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2674938*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.628] WriteFile (in: hFile=0x1f4, lpBuffer=0x2674938*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2674938*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.629] WriteFile (in: hFile=0x1f4, lpBuffer=0x2674938*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2674938*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.629] WriteFile (in: hFile=0x1f4, lpBuffer=0x2674938*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2674938*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.629] WriteFile (in: hFile=0x1f4, lpBuffer=0x2674938*, nNumberOfBytesToWrite=0x5c8, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2674938*, lpNumberOfBytesWritten=0x14ec98*=0x5c8, lpOverlapped=0x0) returned 1 [0273.629] CloseHandle (hObject=0x1f4) returned 1 [0273.631] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi", lpFilePart=0x0) returned 0x39 [0273.631] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi.ampkcz", lpFilePart=0x0) returned 0x40 [0273.631] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0273.631] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bhsw__kdcbrz2lw.avi"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x508b09f0, ftCreationTime.dwHighDateTime=0x1d8258f, ftLastAccessTime.dwLowDateTime=0xff2f5aa0, ftLastAccessTime.dwHighDateTime=0x1d829e6, ftLastWriteTime.dwLowDateTime=0x917f7bb8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x65c8)) returned 1 [0273.632] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0273.632] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bhsw__kdcbrz2lw.avi"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BHsw__kdcBRz2LW.avi.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bhsw__kdcbrz2lw.avi.ampkcz")) returned 1 [0273.634] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg", lpFilePart=0x0) returned 0x2e [0273.634] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg", lpFilePart=0x0) returned 0x2e [0273.634] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg", dwFileAttributes=0x80) returned 1 [0273.634] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0273.634] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bifb.jpg"), fInfoLevelId=0x0, lpFileInformation=0x2675df8 | out: lpFileInformation=0x2675df8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x20f2230, ftCreationTime.dwHighDateTime=0x1d822b9, ftLastAccessTime.dwLowDateTime=0xbd4269e0, ftLastAccessTime.dwHighDateTime=0x1d828a9, ftLastWriteTime.dwLowDateTime=0xbd4269e0, ftLastWriteTime.dwHighDateTime=0x1d828a9, nFileSizeHigh=0x0, nFileSizeLow=0x417a)) returned 1 [0273.634] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0273.635] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg", lpFilePart=0x0) returned 0x2e [0273.635] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0273.635] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bifb.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0273.635] GetFileType (hFile=0x1f4) returned 0x1 [0273.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0273.635] GetFileType (hFile=0x1f4) returned 0x1 [0273.635] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x417a [0273.635] ReadFile (in: hFile=0x1f4, lpBuffer=0x2676250, nNumberOfBytesToRead=0x417a, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2676250*, lpNumberOfBytesRead=0x14edd8*=0x417a, lpOverlapped=0x0) returned 1 [0273.636] CloseHandle (hObject=0x1f4) returned 1 [0273.984] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg", lpFilePart=0x0) returned 0x2e [0273.984] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0273.984] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bifb.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0273.985] GetFileType (hFile=0x1f4) returned 0x1 [0273.985] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0273.985] GetFileType (hFile=0x1f4) returned 0x1 [0273.986] WriteFile (in: hFile=0x1f4, lpBuffer=0x271dee8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271dee8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.987] WriteFile (in: hFile=0x1f4, lpBuffer=0x271dee8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271dee8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.987] WriteFile (in: hFile=0x1f4, lpBuffer=0x271dee8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271dee8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.987] WriteFile (in: hFile=0x1f4, lpBuffer=0x271dee8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271dee8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.988] WriteFile (in: hFile=0x1f4, lpBuffer=0x271dee8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x271dee8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0273.988] WriteFile (in: hFile=0x1f4, lpBuffer=0x271dee8*, nNumberOfBytesToWrite=0x820, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x271dee8*, lpNumberOfBytesWritten=0x14ec98*=0x820, lpOverlapped=0x0) returned 1 [0273.988] CloseHandle (hObject=0x1f4) returned 1 [0274.046] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg", lpFilePart=0x0) returned 0x2e [0274.046] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg.ampkcz", lpFilePart=0x0) returned 0x35 [0274.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0274.046] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bifb.jpg"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20f2230, ftCreationTime.dwHighDateTime=0x1d822b9, ftLastAccessTime.dwLowDateTime=0xbd4269e0, ftLastAccessTime.dwHighDateTime=0x1d828a9, ftLastWriteTime.dwLowDateTime=0x91beb9b3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x5820)) returned 1 [0274.046] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0274.046] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bifb.jpg"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\BifB.jpg.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\bifb.jpg.ampkcz")) returned 1 [0274.049] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv", lpFilePart=0x0) returned 0x34 [0274.049] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv", lpFilePart=0x0) returned 0x34 [0274.049] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv", dwFileAttributes=0x80) returned 1 [0274.050] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0274.050] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\cddjeyis 6.mkv"), fInfoLevelId=0x0, lpFileInformation=0x271f818 | out: lpFileInformation=0x271f818*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x6b860d10, ftCreationTime.dwHighDateTime=0x1d825e7, ftLastAccessTime.dwLowDateTime=0xcaa918e0, ftLastAccessTime.dwHighDateTime=0x1d827f5, ftLastWriteTime.dwLowDateTime=0xcaa918e0, ftLastWriteTime.dwHighDateTime=0x1d827f5, nFileSizeHigh=0x0, nFileSizeLow=0xf9f3)) returned 1 [0274.050] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0274.050] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv", lpFilePart=0x0) returned 0x34 [0274.050] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0274.050] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\cddjeyis 6.mkv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0274.050] GetFileType (hFile=0x1f4) returned 0x1 [0274.050] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0274.050] GetFileType (hFile=0x1f4) returned 0x1 [0274.050] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0xf9f3 [0274.051] ReadFile (in: hFile=0x1f4, lpBuffer=0x271fcb0, nNumberOfBytesToRead=0xf9f3, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x271fcb0*, lpNumberOfBytesRead=0x14edd8*=0xf9f3, lpOverlapped=0x0) returned 1 [0274.052] CloseHandle (hObject=0x1f4) returned 1 [0274.479] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv", lpFilePart=0x0) returned 0x34 [0274.479] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0274.479] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\cddjeyis 6.mkv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0274.481] GetFileType (hFile=0x1f4) returned 0x1 [0274.481] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0274.481] GetFileType (hFile=0x1f4) returned 0x1 [0274.482] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.483] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.484] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.484] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.485] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.485] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.486] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.486] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.487] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.487] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.487] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.488] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.488] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.489] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.489] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.490] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.491] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.491] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.491] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.494] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.494] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532058*, nNumberOfBytesToWrite=0xe20, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2532058*, lpNumberOfBytesWritten=0x14ec98*=0xe20, lpOverlapped=0x0) returned 1 [0274.495] CloseHandle (hObject=0x1f4) returned 1 [0274.499] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv", lpFilePart=0x0) returned 0x34 [0274.499] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv.ampkcz", lpFilePart=0x0) returned 0x3b [0274.499] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0274.499] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\cddjeyis 6.mkv"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b860d10, ftCreationTime.dwHighDateTime=0x1d825e7, ftLastAccessTime.dwLowDateTime=0xcaa918e0, ftLastAccessTime.dwHighDateTime=0x1d827f5, ftLastWriteTime.dwLowDateTime=0x9203d1f9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x14e20)) returned 1 [0274.499] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0274.499] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\cddjeyis 6.mkv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\CdDJEyiS 6.mkv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\cddjeyis 6.mkv.ampkcz")) returned 1 [0274.503] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif", lpFilePart=0x0) returned 0x37 [0274.503] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif", lpFilePart=0x0) returned 0x37 [0274.504] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif", dwFileAttributes=0x80) returned 1 [0274.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0274.504] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\dkt67585y2igh.gif"), fInfoLevelId=0x0, lpFileInformation=0x2534540 | out: lpFileInformation=0x2534540*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xed789db0, ftCreationTime.dwHighDateTime=0x1d81ead, ftLastAccessTime.dwLowDateTime=0x817aaaa0, ftLastAccessTime.dwHighDateTime=0x1d82834, ftLastWriteTime.dwLowDateTime=0x817aaaa0, ftLastWriteTime.dwHighDateTime=0x1d82834, nFileSizeHigh=0x0, nFileSizeLow=0x4305)) returned 1 [0274.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0274.504] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif", lpFilePart=0x0) returned 0x37 [0274.504] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0274.504] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\dkt67585y2igh.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0274.505] GetFileType (hFile=0x1f4) returned 0x1 [0274.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0274.505] GetFileType (hFile=0x1f4) returned 0x1 [0274.505] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x4305 [0274.505] ReadFile (in: hFile=0x1f4, lpBuffer=0x25349e8, nNumberOfBytesToRead=0x4305, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25349e8*, lpNumberOfBytesRead=0x14edd8*=0x4305, lpOverlapped=0x0) returned 1 [0274.506] CloseHandle (hObject=0x1f4) returned 1 [0274.895] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif", lpFilePart=0x0) returned 0x37 [0274.895] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0274.896] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\dkt67585y2igh.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0274.897] GetFileType (hFile=0x1f4) returned 0x1 [0274.897] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0274.898] GetFileType (hFile=0x1f4) returned 0x1 [0274.898] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dd850*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25dd850*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.900] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dd850*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25dd850*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.900] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dd850*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25dd850*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.901] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dd850*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25dd850*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.901] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dd850*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25dd850*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0274.902] WriteFile (in: hFile=0x1f4, lpBuffer=0x25dd850*, nNumberOfBytesToWrite=0xa34, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25dd850*, lpNumberOfBytesWritten=0x14ec98*=0xa34, lpOverlapped=0x0) returned 1 [0274.902] CloseHandle (hObject=0x1f4) returned 1 [0274.904] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif", lpFilePart=0x0) returned 0x37 [0274.904] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif.ampkcz", lpFilePart=0x0) returned 0x3e [0274.904] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0274.904] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\dkt67585y2igh.gif"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed789db0, ftCreationTime.dwHighDateTime=0x1d81ead, ftLastAccessTime.dwLowDateTime=0x817aaaa0, ftLastAccessTime.dwHighDateTime=0x1d82834, ftLastWriteTime.dwLowDateTime=0x9241b2df, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x5a34)) returned 1 [0274.905] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0274.905] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\dkt67585y2igh.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\dKt67585y2iGh.gif.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\dkt67585y2igh.gif.ampkcz")) returned 1 [0274.907] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt", lpFilePart=0x0) returned 0x2e [0274.907] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt", lpFilePart=0x0) returned 0x2e [0274.907] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt", dwFileAttributes=0x80) returned 1 [0274.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0274.908] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\edqy.ppt"), fInfoLevelId=0x0, lpFileInformation=0x25dec80 | out: lpFileInformation=0x25dec80*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x32cde0c0, ftCreationTime.dwHighDateTime=0x1d8250f, ftLastAccessTime.dwLowDateTime=0x75e6a720, ftLastAccessTime.dwHighDateTime=0x1d82898, ftLastWriteTime.dwLowDateTime=0x75e6a720, ftLastWriteTime.dwHighDateTime=0x1d82898, nFileSizeHigh=0x0, nFileSizeLow=0x9021)) returned 1 [0274.908] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0274.908] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt", lpFilePart=0x0) returned 0x2e [0274.908] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0274.908] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\edqy.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0274.909] GetFileType (hFile=0x1f4) returned 0x1 [0274.909] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0274.909] GetFileType (hFile=0x1f4) returned 0x1 [0274.909] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x9021 [0274.909] ReadFile (in: hFile=0x1f4, lpBuffer=0x25df0d8, nNumberOfBytesToRead=0x9021, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25df0d8*, lpNumberOfBytesRead=0x14edd8*=0x9021, lpOverlapped=0x0) returned 1 [0274.911] CloseHandle (hObject=0x1f4) returned 1 [0275.317] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt", lpFilePart=0x0) returned 0x2e [0275.317] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0275.317] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\edqy.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0275.318] GetFileType (hFile=0x1f4) returned 0x1 [0275.318] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0275.318] GetFileType (hFile=0x1f4) returned 0x1 [0275.319] WriteFile (in: hFile=0x1f4, lpBuffer=0x268e660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x268e660*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0275.320] WriteFile (in: hFile=0x1f4, lpBuffer=0x268e660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x268e660*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0275.320] WriteFile (in: hFile=0x1f4, lpBuffer=0x268e660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x268e660*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0275.320] WriteFile (in: hFile=0x1f4, lpBuffer=0x268e660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x268e660*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0275.321] WriteFile (in: hFile=0x1f4, lpBuffer=0x268e660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x268e660*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0275.321] WriteFile (in: hFile=0x1f4, lpBuffer=0x268e660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x268e660*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0275.321] WriteFile (in: hFile=0x1f4, lpBuffer=0x268e660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x268e660*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0275.321] WriteFile (in: hFile=0x1f4, lpBuffer=0x268e660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x268e660*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0275.322] WriteFile (in: hFile=0x1f4, lpBuffer=0x268e660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x268e660*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0275.322] WriteFile (in: hFile=0x1f4, lpBuffer=0x268e660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x268e660*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0275.322] WriteFile (in: hFile=0x1f4, lpBuffer=0x268e660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x268e660*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0275.323] WriteFile (in: hFile=0x1f4, lpBuffer=0x268e660*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecb8, lpOverlapped=0x0 | out: lpBuffer=0x268e660*, lpNumberOfBytesWritten=0x14ecb8*=0x1000, lpOverlapped=0x0) returned 1 [0275.323] WriteFile (in: hFile=0x1f4, lpBuffer=0x268e660*, nNumberOfBytesToWrite=0x108, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x268e660*, lpNumberOfBytesWritten=0x14ec98*=0x108, lpOverlapped=0x0) returned 1 [0275.323] CloseHandle (hObject=0x1f4) returned 1 [0275.430] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt", lpFilePart=0x0) returned 0x2e [0275.430] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt.ampkcz", lpFilePart=0x0) returned 0x35 [0275.430] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0275.430] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\edqy.ppt"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32cde0c0, ftCreationTime.dwHighDateTime=0x1d8250f, ftLastAccessTime.dwLowDateTime=0x75e6a720, ftLastAccessTime.dwHighDateTime=0x1d82898, ftLastWriteTime.dwLowDateTime=0x9291f554, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc108)) returned 1 [0275.431] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0275.431] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\edqy.ppt"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\eDqY.ppt.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\edqy.ppt.ampkcz")) returned 1 [0275.449] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf", lpFilePart=0x0) returned 0x30 [0275.450] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf", lpFilePart=0x0) returned 0x30 [0275.450] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf", dwFileAttributes=0x80) returned 1 [0275.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0275.450] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\g4oigp.swf"), fInfoLevelId=0x0, lpFileInformation=0x26903e8 | out: lpFileInformation=0x26903e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xd21b7f80, ftCreationTime.dwHighDateTime=0x1d81f28, ftLastAccessTime.dwLowDateTime=0xdad4bb40, ftLastAccessTime.dwHighDateTime=0x1d82483, ftLastWriteTime.dwLowDateTime=0xdad4bb40, ftLastWriteTime.dwHighDateTime=0x1d82483, nFileSizeHigh=0x0, nFileSizeLow=0x2544)) returned 1 [0275.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0275.451] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf", lpFilePart=0x0) returned 0x30 [0275.451] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0275.451] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\g4oigp.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0275.451] GetFileType (hFile=0x1f4) returned 0x1 [0275.451] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0275.451] GetFileType (hFile=0x1f4) returned 0x1 [0275.451] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x2544 [0275.452] ReadFile (in: hFile=0x1f4, lpBuffer=0x2690858, nNumberOfBytesToRead=0x2544, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2690858*, lpNumberOfBytesRead=0x14edd8*=0x2544, lpOverlapped=0x0) returned 1 [0275.453] CloseHandle (hObject=0x1f4) returned 1 [0275.874] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf", lpFilePart=0x0) returned 0x30 [0275.874] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0275.874] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\g4oigp.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0275.876] GetFileType (hFile=0x1f4) returned 0x1 [0275.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0275.876] GetFileType (hFile=0x1f4) returned 0x1 [0275.877] WriteFile (in: hFile=0x1f4, lpBuffer=0x2724578*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2724578*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0275.878] WriteFile (in: hFile=0x1f4, lpBuffer=0x2724578*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2724578*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0275.878] WriteFile (in: hFile=0x1f4, lpBuffer=0x2724578*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecb8, lpOverlapped=0x0 | out: lpBuffer=0x2724578*, lpNumberOfBytesWritten=0x14ecb8*=0x1000, lpOverlapped=0x0) returned 1 [0275.879] WriteFile (in: hFile=0x1f4, lpBuffer=0x2724578*, nNumberOfBytesToWrite=0x288, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2724578*, lpNumberOfBytesWritten=0x14ec98*=0x288, lpOverlapped=0x0) returned 1 [0275.879] CloseHandle (hObject=0x1f4) returned 1 [0276.131] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf", lpFilePart=0x0) returned 0x30 [0276.131] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf.ampkcz", lpFilePart=0x0) returned 0x37 [0276.131] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0276.131] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\g4oigp.swf"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd21b7f80, ftCreationTime.dwHighDateTime=0x1d81f28, ftLastAccessTime.dwLowDateTime=0xdad4bb40, ftLastAccessTime.dwHighDateTime=0x1d82483, ftLastWriteTime.dwLowDateTime=0x92fccbb1, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x3288)) returned 1 [0276.131] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0276.131] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\g4oigp.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\g4oiGp.swf.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\g4oigp.swf.ampkcz")) returned 1 [0276.137] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf", lpFilePart=0x0) returned 0x32 [0276.137] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf", lpFilePart=0x0) returned 0x32 [0276.137] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf", dwFileAttributes=0x80) returned 1 [0276.138] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0276.138] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\hkau9j8_.swf"), fInfoLevelId=0x0, lpFileInformation=0x2726310 | out: lpFileInformation=0x2726310*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xbb718d50, ftCreationTime.dwHighDateTime=0x1d81d2b, ftLastAccessTime.dwLowDateTime=0x71e80d70, ftLastAccessTime.dwHighDateTime=0x1d82844, ftLastWriteTime.dwLowDateTime=0x71e80d70, ftLastWriteTime.dwHighDateTime=0x1d82844, nFileSizeHigh=0x0, nFileSizeLow=0x15fa7)) returned 1 [0276.139] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0276.139] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf", lpFilePart=0x0) returned 0x32 [0276.139] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0276.139] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\hkau9j8_.swf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0276.139] GetFileType (hFile=0x1f4) returned 0x1 [0276.139] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0276.139] GetFileType (hFile=0x1f4) returned 0x1 [0276.139] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x15fa7 [0276.140] ReadFile (in: hFile=0x1f4, lpBuffer=0x125adc68, nNumberOfBytesToRead=0x15fa7, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x125adc68*, lpNumberOfBytesRead=0x14edd8*=0x15fa7, lpOverlapped=0x0) returned 1 [0276.143] CloseHandle (hObject=0x1f4) returned 1 [0276.542] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf", lpFilePart=0x0) returned 0x32 [0276.543] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0276.543] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\hkau9j8_.swf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0276.545] GetFileType (hFile=0x1f4) returned 0x1 [0276.545] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0276.545] GetFileType (hFile=0x1f4) returned 0x1 [0276.545] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.546] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.547] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.547] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.548] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.548] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.548] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.549] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.549] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.550] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.550] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.550] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.551] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.551] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.552] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.552] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.553] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.553] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.554] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.554] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.554] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.555] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.555] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.556] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.556] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.557] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.557] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.558] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.558] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0276.558] WriteFile (in: hFile=0x1f4, lpBuffer=0x259fc30*, nNumberOfBytesToWrite=0x5b4, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x259fc30*, lpNumberOfBytesWritten=0x14ec98*=0x5b4, lpOverlapped=0x0) returned 1 [0276.558] CloseHandle (hObject=0x1f4) returned 1 [0276.714] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf", lpFilePart=0x0) returned 0x32 [0276.714] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf.ampkcz", lpFilePart=0x0) returned 0x39 [0276.715] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0276.715] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\hkau9j8_.swf"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbb718d50, ftCreationTime.dwHighDateTime=0x1d81d2b, ftLastAccessTime.dwLowDateTime=0x71e80d70, ftLastAccessTime.dwHighDateTime=0x1d82844, ftLastWriteTime.dwLowDateTime=0x9355ec15, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d5b4)) returned 1 [0276.715] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0276.715] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\hkau9j8_.swf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\HKAU9J8_.swf.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\hkau9j8_.swf.ampkcz")) returned 1 [0276.716] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx", lpFilePart=0x0) returned 0x35 [0276.716] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx", lpFilePart=0x0) returned 0x35 [0276.717] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx", dwFileAttributes=0x80) returned 1 [0276.717] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0276.717] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\iyitxnxhkc.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x25a1028 | out: lpFileInformation=0x25a1028*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x940d4d0, ftCreationTime.dwHighDateTime=0x1d82017, ftLastAccessTime.dwLowDateTime=0x23035520, ftLastAccessTime.dwHighDateTime=0x1d82808, ftLastWriteTime.dwLowDateTime=0x23035520, ftLastWriteTime.dwHighDateTime=0x1d82808, nFileSizeHigh=0x0, nFileSizeLow=0x15de)) returned 1 [0276.717] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0276.717] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx", lpFilePart=0x0) returned 0x35 [0276.717] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0276.718] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\iyitxnxhkc.xlsx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0276.718] GetFileType (hFile=0x1f4) returned 0x1 [0276.718] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0276.718] GetFileType (hFile=0x1f4) returned 0x1 [0276.718] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x15de [0276.718] ReadFile (in: hFile=0x1f4, lpBuffer=0x25a14c0, nNumberOfBytesToRead=0x15de, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25a14c0*, lpNumberOfBytesRead=0x14edd8*=0x15de, lpOverlapped=0x0) returned 1 [0276.719] CloseHandle (hObject=0x1f4) returned 1 [0277.156] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx", lpFilePart=0x0) returned 0x35 [0277.156] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0277.156] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\iyitxnxhkc.xlsx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0277.157] GetFileType (hFile=0x1f4) returned 0x1 [0277.157] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0277.157] GetFileType (hFile=0x1f4) returned 0x1 [0277.158] WriteFile (in: hFile=0x1f4, lpBuffer=0x262a300*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x262a300*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0277.159] WriteFile (in: hFile=0x1f4, lpBuffer=0x262a300*, nNumberOfBytesToWrite=0xdf4, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x262a300*, lpNumberOfBytesWritten=0x14ec98*=0xdf4, lpOverlapped=0x0) returned 1 [0277.159] CloseHandle (hObject=0x1f4) returned 1 [0277.345] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx", lpFilePart=0x0) returned 0x35 [0277.345] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx.ampkcz", lpFilePart=0x0) returned 0x3c [0277.345] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0277.345] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\iyitxnxhkc.xlsx"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x940d4d0, ftCreationTime.dwHighDateTime=0x1d82017, ftLastAccessTime.dwLowDateTime=0x23035520, ftLastAccessTime.dwHighDateTime=0x1d82808, ftLastWriteTime.dwLowDateTime=0x93b61a42, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1df4)) returned 1 [0277.346] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0277.346] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\iyitxnxhkc.xlsx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\IyItXNxhKc.xlsx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\iyitxnxhkc.xlsx.ampkcz")) returned 1 [0277.349] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv", lpFilePart=0x0) returned 0x35 [0277.349] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv", lpFilePart=0x0) returned 0x35 [0277.350] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv", dwFileAttributes=0x80) returned 1 [0277.350] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0277.350] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\j vylubvroo.flv"), fInfoLevelId=0x0, lpFileInformation=0x262c2a0 | out: lpFileInformation=0x262c2a0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xb2483b40, ftCreationTime.dwHighDateTime=0x1d82300, ftLastAccessTime.dwLowDateTime=0xd4d8a940, ftLastAccessTime.dwHighDateTime=0x1d82924, ftLastWriteTime.dwLowDateTime=0xd4d8a940, ftLastWriteTime.dwHighDateTime=0x1d82924, nFileSizeHigh=0x0, nFileSizeLow=0x5070)) returned 1 [0277.350] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0277.351] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv", lpFilePart=0x0) returned 0x35 [0277.351] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0277.351] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\j vylubvroo.flv"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0277.351] GetFileType (hFile=0x1f4) returned 0x1 [0277.351] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0277.351] GetFileType (hFile=0x1f4) returned 0x1 [0277.351] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x5070 [0277.351] ReadFile (in: hFile=0x1f4, lpBuffer=0x262c738, nNumberOfBytesToRead=0x5070, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x262c738*, lpNumberOfBytesRead=0x14edd8*=0x5070, lpOverlapped=0x0) returned 1 [0277.353] CloseHandle (hObject=0x1f4) returned 1 [0277.806] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv", lpFilePart=0x0) returned 0x35 [0277.806] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0277.806] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\j vylubvroo.flv"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0277.808] GetFileType (hFile=0x1f4) returned 0x1 [0277.808] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0277.808] GetFileType (hFile=0x1f4) returned 0x1 [0277.809] WriteFile (in: hFile=0x1f4, lpBuffer=0x26dede0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26dede0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0277.810] WriteFile (in: hFile=0x1f4, lpBuffer=0x26dede0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26dede0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0277.810] WriteFile (in: hFile=0x1f4, lpBuffer=0x26dede0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26dede0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0277.811] WriteFile (in: hFile=0x1f4, lpBuffer=0x26dede0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26dede0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0277.811] WriteFile (in: hFile=0x1f4, lpBuffer=0x26dede0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26dede0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0277.811] WriteFile (in: hFile=0x1f4, lpBuffer=0x26dede0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26dede0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0277.812] WriteFile (in: hFile=0x1f4, lpBuffer=0x26dede0*, nNumberOfBytesToWrite=0xc20, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26dede0*, lpNumberOfBytesWritten=0x14ec98*=0xc20, lpOverlapped=0x0) returned 1 [0277.812] CloseHandle (hObject=0x1f4) returned 1 [0277.814] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv", lpFilePart=0x0) returned 0x35 [0277.814] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv.ampkcz", lpFilePart=0x0) returned 0x3c [0277.814] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0277.814] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\j vylubvroo.flv"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2483b40, ftCreationTime.dwHighDateTime=0x1d82300, ftLastAccessTime.dwLowDateTime=0xd4d8a940, ftLastAccessTime.dwHighDateTime=0x1d82924, ftLastWriteTime.dwLowDateTime=0x93fdb68c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c20)) returned 1 [0277.815] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0277.815] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\j vylubvroo.flv"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\j VYlUbVRoO.flv.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\j vylubvroo.flv.ampkcz")) returned 1 [0277.819] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps", lpFilePart=0x0) returned 0x3a [0277.819] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps", lpFilePart=0x0) returned 0x3a [0277.819] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps", dwFileAttributes=0x80) returned 1 [0277.820] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0277.820] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jzt8o_lwdcondlo_.pps"), fInfoLevelId=0x0, lpFileInformation=0x26e1808 | out: lpFileInformation=0x26e1808*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x1b0d2180, ftCreationTime.dwHighDateTime=0x1d81cea, ftLastAccessTime.dwLowDateTime=0xa099fdd0, ftLastAccessTime.dwHighDateTime=0x1d81f9e, ftLastWriteTime.dwLowDateTime=0xa099fdd0, ftLastWriteTime.dwHighDateTime=0x1d81f9e, nFileSizeHigh=0x0, nFileSizeLow=0xb3d6)) returned 1 [0277.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0277.820] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps", lpFilePart=0x0) returned 0x3a [0277.820] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0277.820] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jzt8o_lwdcondlo_.pps"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0277.820] GetFileType (hFile=0x1f4) returned 0x1 [0277.820] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0277.820] GetFileType (hFile=0x1f4) returned 0x1 [0277.820] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0xb3d6 [0277.820] ReadFile (in: hFile=0x1f4, lpBuffer=0x26e1cd8, nNumberOfBytesToRead=0xb3d6, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x26e1cd8*, lpNumberOfBytesRead=0x14edd8*=0xb3d6, lpOverlapped=0x0) returned 1 [0277.821] CloseHandle (hObject=0x1f4) returned 1 [0278.299] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps", lpFilePart=0x0) returned 0x3a [0278.299] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0278.299] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jzt8o_lwdcondlo_.pps"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0278.301] GetFileType (hFile=0x1f4) returned 0x1 [0278.301] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0278.301] GetFileType (hFile=0x1f4) returned 0x1 [0278.302] WriteFile (in: hFile=0x1f4, lpBuffer=0x2593258*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2593258*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.304] WriteFile (in: hFile=0x1f4, lpBuffer=0x2593258*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2593258*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.304] WriteFile (in: hFile=0x1f4, lpBuffer=0x2593258*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2593258*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.304] WriteFile (in: hFile=0x1f4, lpBuffer=0x2593258*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2593258*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.305] WriteFile (in: hFile=0x1f4, lpBuffer=0x2593258*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2593258*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.305] WriteFile (in: hFile=0x1f4, lpBuffer=0x2593258*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2593258*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.306] WriteFile (in: hFile=0x1f4, lpBuffer=0x2593258*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2593258*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.306] WriteFile (in: hFile=0x1f4, lpBuffer=0x2593258*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2593258*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.306] WriteFile (in: hFile=0x1f4, lpBuffer=0x2593258*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2593258*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.307] WriteFile (in: hFile=0x1f4, lpBuffer=0x2593258*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2593258*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.307] WriteFile (in: hFile=0x1f4, lpBuffer=0x2593258*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2593258*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.308] WriteFile (in: hFile=0x1f4, lpBuffer=0x2593258*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2593258*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.308] WriteFile (in: hFile=0x1f4, lpBuffer=0x2593258*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2593258*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.309] WriteFile (in: hFile=0x1f4, lpBuffer=0x2593258*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2593258*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.309] WriteFile (in: hFile=0x1f4, lpBuffer=0x2593258*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecb8, lpOverlapped=0x0 | out: lpBuffer=0x2593258*, lpNumberOfBytesWritten=0x14ecb8*=0x1000, lpOverlapped=0x0) returned 1 [0278.309] WriteFile (in: hFile=0x1f4, lpBuffer=0x2593258*, nNumberOfBytesToWrite=0xa0, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2593258*, lpNumberOfBytesWritten=0x14ec98*=0xa0, lpOverlapped=0x0) returned 1 [0278.310] CloseHandle (hObject=0x1f4) returned 1 [0278.313] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps", lpFilePart=0x0) returned 0x3a [0278.313] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps.ampkcz", lpFilePart=0x0) returned 0x41 [0278.313] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0278.313] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jzt8o_lwdcondlo_.pps"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b0d2180, ftCreationTime.dwHighDateTime=0x1d81cea, ftLastAccessTime.dwLowDateTime=0xa099fdd0, ftLastAccessTime.dwHighDateTime=0x1d81f9e, ftLastWriteTime.dwLowDateTime=0x9449d8a4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xf0a0)) returned 1 [0278.314] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0278.314] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jzt8o_lwdcondlo_.pps"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\jzT8o_LwdcONDLO_.pps.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\jzt8o_lwdcondlo_.pps.ampkcz")) returned 1 [0278.315] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx", lpFilePart=0x0) returned 0x32 [0278.315] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx", lpFilePart=0x0) returned 0x32 [0278.315] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx", dwFileAttributes=0x80) returned 1 [0278.319] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0278.319] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ol-va6g.pptx"), fInfoLevelId=0x0, lpFileInformation=0x25946d0 | out: lpFileInformation=0x25946d0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xa34e52d0, ftCreationTime.dwHighDateTime=0x1d82609, ftLastAccessTime.dwLowDateTime=0x38f1bef0, ftLastAccessTime.dwHighDateTime=0x1d82725, ftLastWriteTime.dwLowDateTime=0x38f1bef0, ftLastWriteTime.dwHighDateTime=0x1d82725, nFileSizeHigh=0x0, nFileSizeLow=0x117cd)) returned 1 [0278.319] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0278.319] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx", lpFilePart=0x0) returned 0x32 [0278.319] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0278.319] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ol-va6g.pptx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0278.320] GetFileType (hFile=0x1f4) returned 0x1 [0278.320] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0278.320] GetFileType (hFile=0x1f4) returned 0x1 [0278.320] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x117cd [0278.320] ReadFile (in: hFile=0x1f4, lpBuffer=0x2594b50, nNumberOfBytesToRead=0x117cd, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2594b50*, lpNumberOfBytesRead=0x14edd8*=0x117cd, lpOverlapped=0x0) returned 1 [0278.322] CloseHandle (hObject=0x1f4) returned 1 [0278.727] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx", lpFilePart=0x0) returned 0x32 [0278.728] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0278.728] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ol-va6g.pptx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0278.730] GetFileType (hFile=0x1f4) returned 0x1 [0278.730] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0278.730] GetFileType (hFile=0x1f4) returned 0x1 [0278.731] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.732] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.733] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.733] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.734] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.734] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.735] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.736] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.736] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.737] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.738] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.738] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.739] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.739] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.740] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.740] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.741] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.742] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.742] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.743] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.743] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.743] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.744] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0278.744] WriteFile (in: hFile=0x1f4, lpBuffer=0x2653f10*, nNumberOfBytesToWrite=0x5e0, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2653f10*, lpNumberOfBytesWritten=0x14ec98*=0x5e0, lpOverlapped=0x0) returned 1 [0278.745] CloseHandle (hObject=0x1f4) returned 1 [0278.749] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx", lpFilePart=0x0) returned 0x32 [0278.749] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx.ampkcz", lpFilePart=0x0) returned 0x39 [0278.749] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0278.749] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ol-va6g.pptx"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa34e52d0, ftCreationTime.dwHighDateTime=0x1d82609, ftLastAccessTime.dwLowDateTime=0x38f1bef0, ftLastAccessTime.dwHighDateTime=0x1d82725, ftLastWriteTime.dwLowDateTime=0x948c636d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x175e0)) returned 1 [0278.750] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0278.750] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ol-va6g.pptx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\OL-VA6G.pptx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ol-va6g.pptx.ampkcz")) returned 1 [0278.752] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png", lpFilePart=0x0) returned 0x37 [0278.752] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png", lpFilePart=0x0) returned 0x37 [0278.752] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png", dwFileAttributes=0x80) returned 1 [0278.753] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0278.753] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\pbokipeqaxrxf.png"), fInfoLevelId=0x0, lpFileInformation=0x2655450 | out: lpFileInformation=0x2655450*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xa53021f0, ftCreationTime.dwHighDateTime=0x1d81b23, ftLastAccessTime.dwLowDateTime=0xb9a2fcc0, ftLastAccessTime.dwHighDateTime=0x1d826cc, ftLastWriteTime.dwLowDateTime=0xb9a2fcc0, ftLastWriteTime.dwHighDateTime=0x1d826cc, nFileSizeHigh=0x0, nFileSizeLow=0x11767)) returned 1 [0278.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0278.753] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png", lpFilePart=0x0) returned 0x37 [0278.753] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0278.753] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\pbokipeqaxrxf.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0278.753] GetFileType (hFile=0x1f4) returned 0x1 [0278.753] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0278.753] GetFileType (hFile=0x1f4) returned 0x1 [0278.754] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x11767 [0278.754] ReadFile (in: hFile=0x1f4, lpBuffer=0x26558f8, nNumberOfBytesToRead=0x11767, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x26558f8*, lpNumberOfBytesRead=0x14edd8*=0x11767, lpOverlapped=0x0) returned 1 [0278.755] CloseHandle (hObject=0x1f4) returned 1 [0279.102] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png", lpFilePart=0x0) returned 0x37 [0279.102] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0279.102] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\pbokipeqaxrxf.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0279.104] GetFileType (hFile=0x1f4) returned 0x1 [0279.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0279.104] GetFileType (hFile=0x1f4) returned 0x1 [0279.104] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.105] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.106] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.106] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.107] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.107] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.108] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.108] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.108] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.109] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.109] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.110] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.110] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.110] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.111] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.111] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.111] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.112] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.112] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.113] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.113] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.113] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.114] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.114] WriteFile (in: hFile=0x1f4, lpBuffer=0x2714b48*, nNumberOfBytesToWrite=0x560, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2714b48*, lpNumberOfBytesWritten=0x14ec98*=0x560, lpOverlapped=0x0) returned 1 [0279.114] CloseHandle (hObject=0x1f4) returned 1 [0279.241] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png", lpFilePart=0x0) returned 0x37 [0279.241] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png.ampkcz", lpFilePart=0x0) returned 0x3e [0279.241] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0279.241] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\pbokipeqaxrxf.png"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa53021f0, ftCreationTime.dwHighDateTime=0x1d81b23, ftLastAccessTime.dwLowDateTime=0xb9a2fcc0, ftLastAccessTime.dwHighDateTime=0x1d826cc, ftLastWriteTime.dwLowDateTime=0x94d7603c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x17560)) returned 1 [0279.241] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0279.241] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\pbokipeqaxrxf.png"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\pBOkipeqaxRxf.png.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\pbokipeqaxrxf.png.ampkcz")) returned 1 [0279.243] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3", lpFilePart=0x0) returned 0x39 [0279.243] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3", lpFilePart=0x0) returned 0x39 [0279.243] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3", dwFileAttributes=0x80) returned 1 [0279.244] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0279.244] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ra7pkv6vb6nnjn3.mp3"), fInfoLevelId=0x0, lpFileInformation=0x2716370 | out: lpFileInformation=0x2716370*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x94ea6800, ftCreationTime.dwHighDateTime=0x1d82942, ftLastAccessTime.dwLowDateTime=0x7a0c3440, ftLastAccessTime.dwHighDateTime=0x1d829b1, ftLastWriteTime.dwLowDateTime=0x7a0c3440, ftLastWriteTime.dwHighDateTime=0x1d829b1, nFileSizeHigh=0x0, nFileSizeLow=0x1571)) returned 1 [0279.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0279.244] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3", lpFilePart=0x0) returned 0x39 [0279.244] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0279.244] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ra7pkv6vb6nnjn3.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0279.244] GetFileType (hFile=0x1f4) returned 0x1 [0279.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0279.244] GetFileType (hFile=0x1f4) returned 0x1 [0279.244] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x1571 [0279.244] ReadFile (in: hFile=0x1f4, lpBuffer=0x2716830, nNumberOfBytesToRead=0x1571, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2716830*, lpNumberOfBytesRead=0x14edd8*=0x1571, lpOverlapped=0x0) returned 1 [0279.245] CloseHandle (hObject=0x1f4) returned 1 [0279.647] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3", lpFilePart=0x0) returned 0x39 [0279.647] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0279.647] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ra7pkv6vb6nnjn3.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0279.649] GetFileType (hFile=0x1f4) returned 0x1 [0279.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0279.649] GetFileType (hFile=0x1f4) returned 0x1 [0279.651] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a0ea0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a0ea0*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0279.653] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a0ea0*, nNumberOfBytesToWrite=0xd74, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25a0ea0*, lpNumberOfBytesWritten=0x14ec98*=0xd74, lpOverlapped=0x0) returned 1 [0279.655] CloseHandle (hObject=0x1f4) returned 1 [0279.657] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3", lpFilePart=0x0) returned 0x39 [0279.657] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3.ampkcz", lpFilePart=0x0) returned 0x40 [0279.657] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0279.657] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ra7pkv6vb6nnjn3.mp3"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94ea6800, ftCreationTime.dwHighDateTime=0x1d82942, ftLastAccessTime.dwLowDateTime=0x7a0c3440, ftLastAccessTime.dwHighDateTime=0x1d829b1, ftLastWriteTime.dwLowDateTime=0x9516ee63, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d74)) returned 1 [0279.657] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0279.658] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ra7pkv6vb6nnjn3.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\rA7pKV6vb6NNjN3.mp3.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ra7pkv6vb6nnjn3.mp3.ampkcz")) returned 1 [0279.659] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt", lpFilePart=0x0) returned 0x31 [0279.659] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt", lpFilePart=0x0) returned 0x31 [0279.659] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt", dwFileAttributes=0x80) returned 1 [0279.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0279.660] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\rouyjhw.ppt"), fInfoLevelId=0x0, lpFileInformation=0x25a22e8 | out: lpFileInformation=0x25a22e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x466a7a30, ftCreationTime.dwHighDateTime=0x1d81b4b, ftLastAccessTime.dwLowDateTime=0xa129a670, ftLastAccessTime.dwHighDateTime=0x1d81c37, ftLastWriteTime.dwLowDateTime=0xa129a670, ftLastWriteTime.dwHighDateTime=0x1d81c37, nFileSizeHigh=0x0, nFileSizeLow=0x219b)) returned 1 [0279.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0279.660] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt", lpFilePart=0x0) returned 0x31 [0279.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0279.661] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\rouyjhw.ppt"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0279.661] GetFileType (hFile=0x1f4) returned 0x1 [0279.661] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0279.661] GetFileType (hFile=0x1f4) returned 0x1 [0279.661] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x219b [0279.661] ReadFile (in: hFile=0x1f4, lpBuffer=0x25a2758, nNumberOfBytesToRead=0x219b, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25a2758*, lpNumberOfBytesRead=0x14edd8*=0x219b, lpOverlapped=0x0) returned 1 [0279.662] CloseHandle (hObject=0x1f4) returned 1 [0280.038] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt", lpFilePart=0x0) returned 0x31 [0280.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0280.038] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\rouyjhw.ppt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0280.039] GetFileType (hFile=0x1f4) returned 0x1 [0280.039] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0280.039] GetFileType (hFile=0x1f4) returned 0x1 [0280.040] WriteFile (in: hFile=0x1f4, lpBuffer=0x2633ab8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2633ab8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0280.041] WriteFile (in: hFile=0x1f4, lpBuffer=0x2633ab8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2633ab8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0280.041] WriteFile (in: hFile=0x1f4, lpBuffer=0x2633ab8*, nNumberOfBytesToWrite=0xda0, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2633ab8*, lpNumberOfBytesWritten=0x14ec98*=0xda0, lpOverlapped=0x0) returned 1 [0280.042] CloseHandle (hObject=0x1f4) returned 1 [0280.043] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt", lpFilePart=0x0) returned 0x31 [0280.043] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt.ampkcz", lpFilePart=0x0) returned 0x38 [0280.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0280.043] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\rouyjhw.ppt"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x466a7a30, ftCreationTime.dwHighDateTime=0x1d81b4b, ftLastAccessTime.dwLowDateTime=0xa129a670, ftLastAccessTime.dwHighDateTime=0x1d81c37, ftLastWriteTime.dwLowDateTime=0x9551e266, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2da0)) returned 1 [0280.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0280.044] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\rouyjhw.ppt"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RoUyJhW.ppt.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\rouyjhw.ppt.ampkcz")) returned 1 [0280.046] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a", lpFilePart=0x0) returned 0x30 [0280.046] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a", lpFilePart=0x0) returned 0x30 [0280.047] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a", dwFileAttributes=0x80) returned 1 [0280.047] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0280.047] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\rwewhj.m4a"), fInfoLevelId=0x0, lpFileInformation=0x26359e8 | out: lpFileInformation=0x26359e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x4e918e10, ftCreationTime.dwHighDateTime=0x1d81b82, ftLastAccessTime.dwLowDateTime=0xf0769e80, ftLastAccessTime.dwHighDateTime=0x1d82039, ftLastWriteTime.dwLowDateTime=0xf0769e80, ftLastWriteTime.dwHighDateTime=0x1d82039, nFileSizeHigh=0x0, nFileSizeLow=0x553f)) returned 1 [0280.047] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0280.047] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a", lpFilePart=0x0) returned 0x30 [0280.047] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0280.047] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\rwewhj.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0280.047] GetFileType (hFile=0x1f4) returned 0x1 [0280.047] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0280.047] GetFileType (hFile=0x1f4) returned 0x1 [0280.048] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x553f [0280.048] ReadFile (in: hFile=0x1f4, lpBuffer=0x2635e58, nNumberOfBytesToRead=0x553f, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x2635e58*, lpNumberOfBytesRead=0x14edd8*=0x553f, lpOverlapped=0x0) returned 1 [0280.049] CloseHandle (hObject=0x1f4) returned 1 [0280.387] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a", lpFilePart=0x0) returned 0x30 [0280.387] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0280.387] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\rwewhj.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0280.388] GetFileType (hFile=0x1f4) returned 0x1 [0280.388] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0280.388] GetFileType (hFile=0x1f4) returned 0x1 [0280.389] WriteFile (in: hFile=0x1f4, lpBuffer=0x26ebac8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ebac8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0280.390] WriteFile (in: hFile=0x1f4, lpBuffer=0x26ebac8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ebac8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0280.390] WriteFile (in: hFile=0x1f4, lpBuffer=0x26ebac8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ebac8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0280.391] WriteFile (in: hFile=0x1f4, lpBuffer=0x26ebac8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ebac8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0280.391] WriteFile (in: hFile=0x1f4, lpBuffer=0x26ebac8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ebac8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0280.391] WriteFile (in: hFile=0x1f4, lpBuffer=0x26ebac8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26ebac8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0280.392] WriteFile (in: hFile=0x1f4, lpBuffer=0x26ebac8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecb8, lpOverlapped=0x0 | out: lpBuffer=0x26ebac8*, lpNumberOfBytesWritten=0x14ecb8*=0x1000, lpOverlapped=0x0) returned 1 [0280.392] WriteFile (in: hFile=0x1f4, lpBuffer=0x26ebac8*, nNumberOfBytesToWrite=0x274, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26ebac8*, lpNumberOfBytesWritten=0x14ec98*=0x274, lpOverlapped=0x0) returned 1 [0280.392] CloseHandle (hObject=0x1f4) returned 1 [0280.431] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a", lpFilePart=0x0) returned 0x30 [0280.431] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a.ampkcz", lpFilePart=0x0) returned 0x37 [0280.432] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0280.432] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\rwewhj.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e918e10, ftCreationTime.dwHighDateTime=0x1d81b82, ftLastAccessTime.dwLowDateTime=0xf0769e80, ftLastAccessTime.dwHighDateTime=0x1d82039, ftLastWriteTime.dwLowDateTime=0x958cf06f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x7274)) returned 1 [0280.432] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0280.432] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\rwewhj.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\RWeWHj.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\rwewhj.m4a.ampkcz")) returned 1 [0280.439] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf", lpFilePart=0x0) returned 0x37 [0280.439] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf", lpFilePart=0x0) returned 0x37 [0280.439] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf", dwFileAttributes=0x80) returned 1 [0280.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0280.439] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\uwqoywykrtheh.rtf"), fInfoLevelId=0x0, lpFileInformation=0x26efdf8 | out: lpFileInformation=0x26efdf8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x72aaeb90, ftCreationTime.dwHighDateTime=0x1d81f6d, ftLastAccessTime.dwLowDateTime=0x9aabb140, ftLastAccessTime.dwHighDateTime=0x1d823ac, ftLastWriteTime.dwLowDateTime=0x9aabb140, ftLastWriteTime.dwHighDateTime=0x1d823ac, nFileSizeHigh=0x0, nFileSizeLow=0x81e2)) returned 1 [0280.440] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0280.440] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf", lpFilePart=0x0) returned 0x37 [0280.440] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0280.440] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\uwqoywykrtheh.rtf"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0280.440] GetFileType (hFile=0x1f4) returned 0x1 [0280.440] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0280.440] GetFileType (hFile=0x1f4) returned 0x1 [0280.440] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x81e2 [0280.440] ReadFile (in: hFile=0x1f4, lpBuffer=0x26f02a0, nNumberOfBytesToRead=0x81e2, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x26f02a0*, lpNumberOfBytesRead=0x14edd8*=0x81e2, lpOverlapped=0x0) returned 1 [0280.441] CloseHandle (hObject=0x1f4) returned 1 [0280.878] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf", lpFilePart=0x0) returned 0x37 [0280.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0280.878] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\uwqoywykrtheh.rtf"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0280.881] GetFileType (hFile=0x1f4) returned 0x1 [0280.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0280.881] GetFileType (hFile=0x1f4) returned 0x1 [0280.882] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a5680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a5680*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0280.883] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a5680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a5680*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0280.884] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a5680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a5680*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0280.884] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a5680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a5680*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0280.885] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a5680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a5680*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0280.885] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a5680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a5680*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0280.886] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a5680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a5680*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0280.886] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a5680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a5680*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0280.887] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a5680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a5680*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0280.887] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a5680*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a5680*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0280.889] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a5680*, nNumberOfBytesToWrite=0xe08, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25a5680*, lpNumberOfBytesWritten=0x14ec98*=0xe08, lpOverlapped=0x0) returned 1 [0280.889] CloseHandle (hObject=0x1f4) returned 1 [0280.892] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf", lpFilePart=0x0) returned 0x37 [0280.893] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf.ampkcz", lpFilePart=0x0) returned 0x3e [0280.893] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0280.893] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\uwqoywykrtheh.rtf"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72aaeb90, ftCreationTime.dwHighDateTime=0x1d81f6d, ftLastAccessTime.dwLowDateTime=0x9aabb140, ftLastAccessTime.dwHighDateTime=0x1d823ac, ftLastWriteTime.dwLowDateTime=0x95d36e12, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xae08)) returned 1 [0280.893] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0280.893] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\uwqoywykrtheh.rtf"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\UwqOYWykrtHeh.rtf.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\uwqoywykrtheh.rtf.ampkcz")) returned 1 [0280.897] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif", lpFilePart=0x0) returned 0x3c [0280.897] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif", lpFilePart=0x0) returned 0x3c [0280.898] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif", dwFileAttributes=0x80) returned 1 [0280.898] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0280.898] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\vjk7n7drr9wn-wbnko.gif"), fInfoLevelId=0x0, lpFileInformation=0x25a7b80 | out: lpFileInformation=0x25a7b80*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xed336df0, ftCreationTime.dwHighDateTime=0x1d8272a, ftLastAccessTime.dwLowDateTime=0x6e31b30, ftLastAccessTime.dwHighDateTime=0x1d82819, ftLastWriteTime.dwLowDateTime=0x6e31b30, ftLastWriteTime.dwHighDateTime=0x1d82819, nFileSizeHigh=0x0, nFileSizeLow=0xb29b)) returned 1 [0280.899] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0280.899] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif", lpFilePart=0x0) returned 0x3c [0280.899] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0280.899] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\vjk7n7drr9wn-wbnko.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0280.900] GetFileType (hFile=0x1f4) returned 0x1 [0280.900] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0280.900] GetFileType (hFile=0x1f4) returned 0x1 [0280.900] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0xb29b [0280.901] ReadFile (in: hFile=0x1f4, lpBuffer=0x25a8068, nNumberOfBytesToRead=0xb29b, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25a8068*, lpNumberOfBytesRead=0x14edd8*=0xb29b, lpOverlapped=0x0) returned 1 [0280.902] CloseHandle (hObject=0x1f4) returned 1 [0281.434] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif", lpFilePart=0x0) returned 0x3c [0281.434] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0281.434] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\vjk7n7drr9wn-wbnko.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0281.437] GetFileType (hFile=0x1f4) returned 0x1 [0281.437] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0281.437] GetFileType (hFile=0x1f4) returned 0x1 [0281.437] WriteFile (in: hFile=0x1f4, lpBuffer=0x252d9e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x252d9e8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.439] WriteFile (in: hFile=0x1f4, lpBuffer=0x252d9e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x252d9e8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.439] WriteFile (in: hFile=0x1f4, lpBuffer=0x252d9e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x252d9e8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.440] WriteFile (in: hFile=0x1f4, lpBuffer=0x252d9e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x252d9e8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.440] WriteFile (in: hFile=0x1f4, lpBuffer=0x252d9e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x252d9e8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.440] WriteFile (in: hFile=0x1f4, lpBuffer=0x252d9e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x252d9e8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.441] WriteFile (in: hFile=0x1f4, lpBuffer=0x252d9e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x252d9e8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.441] WriteFile (in: hFile=0x1f4, lpBuffer=0x252d9e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x252d9e8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.441] WriteFile (in: hFile=0x1f4, lpBuffer=0x252d9e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x252d9e8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.442] WriteFile (in: hFile=0x1f4, lpBuffer=0x252d9e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x252d9e8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.442] WriteFile (in: hFile=0x1f4, lpBuffer=0x252d9e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x252d9e8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.443] WriteFile (in: hFile=0x1f4, lpBuffer=0x252d9e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x252d9e8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.443] WriteFile (in: hFile=0x1f4, lpBuffer=0x252d9e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x252d9e8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.443] WriteFile (in: hFile=0x1f4, lpBuffer=0x252d9e8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x252d9e8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.444] WriteFile (in: hFile=0x1f4, lpBuffer=0x252d9e8*, nNumberOfBytesToWrite=0xef4, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x252d9e8*, lpNumberOfBytesWritten=0x14ec98*=0xef4, lpOverlapped=0x0) returned 1 [0281.444] CloseHandle (hObject=0x1f4) returned 1 [0281.448] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif", lpFilePart=0x0) returned 0x3c [0281.448] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif.ampkcz", lpFilePart=0x0) returned 0x43 [0281.448] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0281.448] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\vjk7n7drr9wn-wbnko.gif"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed336df0, ftCreationTime.dwHighDateTime=0x1d8272a, ftLastAccessTime.dwLowDateTime=0x6e31b30, ftLastAccessTime.dwHighDateTime=0x1d82819, ftLastWriteTime.dwLowDateTime=0x9627f284, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xeef4)) returned 1 [0281.449] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0281.449] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\vjk7n7drr9wn-wbnko.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\vjk7n7dRr9wN-wBnko.gif.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\vjk7n7drr9wn-wbnko.gif.ampkcz")) returned 1 [0281.458] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif", lpFilePart=0x0) returned 0x3b [0281.458] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif", lpFilePart=0x0) returned 0x3b [0281.458] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif", dwFileAttributes=0x80) returned 1 [0281.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0281.459] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\x9uc54 fi0qgrifge.gif"), fInfoLevelId=0x0, lpFileInformation=0x252ff08 | out: lpFileInformation=0x252ff08*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2e1bd040, ftCreationTime.dwHighDateTime=0x1d81a20, ftLastAccessTime.dwLowDateTime=0x39b2070, ftLastAccessTime.dwHighDateTime=0x1d828fb, ftLastWriteTime.dwLowDateTime=0x39b2070, ftLastWriteTime.dwHighDateTime=0x1d828fb, nFileSizeHigh=0x0, nFileSizeLow=0x176dc)) returned 1 [0281.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0281.459] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif", lpFilePart=0x0) returned 0x3b [0281.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0281.459] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\x9uc54 fi0qgrifge.gif"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0281.459] GetFileType (hFile=0x1f4) returned 0x1 [0281.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0281.459] GetFileType (hFile=0x1f4) returned 0x1 [0281.459] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x176dc [0281.460] ReadFile (in: hFile=0x1f4, lpBuffer=0x12565ca8, nNumberOfBytesToRead=0x176dc, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x12565ca8*, lpNumberOfBytesRead=0x14edd8*=0x176dc, lpOverlapped=0x0) returned 1 [0281.463] CloseHandle (hObject=0x1f4) returned 1 [0281.870] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif", lpFilePart=0x0) returned 0x3b [0281.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0281.870] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\x9uc54 fi0qgrifge.gif"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0281.872] GetFileType (hFile=0x1f4) returned 0x1 [0281.872] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0281.872] GetFileType (hFile=0x1f4) returned 0x1 [0281.873] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.874] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.875] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.876] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.876] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.877] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.877] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.877] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.878] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.878] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.879] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.879] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.879] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.880] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.880] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.881] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.881] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.882] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.882] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.883] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.883] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.884] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.884] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.885] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.885] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.886] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.886] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.887] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.887] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.888] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.888] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0281.889] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a9838*, nNumberOfBytesToWrite=0x4a0, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x25a9838*, lpNumberOfBytesWritten=0x14ec98*=0x4a0, lpOverlapped=0x0) returned 1 [0281.889] CloseHandle (hObject=0x1f4) returned 1 [0281.942] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif", lpFilePart=0x0) returned 0x3b [0281.942] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif.ampkcz", lpFilePart=0x0) returned 0x42 [0281.942] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0281.942] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\x9uc54 fi0qgrifge.gif"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e1bd040, ftCreationTime.dwHighDateTime=0x1d81a20, ftLastAccessTime.dwLowDateTime=0x39b2070, ftLastAccessTime.dwHighDateTime=0x1d828fb, ftLastWriteTime.dwLowDateTime=0x96738a25, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1f4a0)) returned 1 [0281.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0281.942] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\x9uc54 fi0qgrifge.gif"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\x9uC54 FI0qgRIFge.gif.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\x9uc54 fi0qgrifge.gif.ampkcz")) returned 1 [0281.946] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a", lpFilePart=0x0) returned 0x34 [0281.946] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a", lpFilePart=0x0) returned 0x34 [0281.946] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a", dwFileAttributes=0x80) returned 1 [0281.947] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0281.947] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\yalawl-_dr.m4a"), fInfoLevelId=0x0, lpFileInformation=0x25ab7a0 | out: lpFileInformation=0x25ab7a0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x411cac10, ftCreationTime.dwHighDateTime=0x1d819b6, ftLastAccessTime.dwLowDateTime=0x205b0830, ftLastAccessTime.dwHighDateTime=0x1d81b75, ftLastWriteTime.dwLowDateTime=0x205b0830, ftLastWriteTime.dwHighDateTime=0x1d81b75, nFileSizeHigh=0x0, nFileSizeLow=0x8cc4)) returned 1 [0281.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0281.947] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a", lpFilePart=0x0) returned 0x34 [0281.947] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0281.947] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\yalawl-_dr.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0281.947] GetFileType (hFile=0x1f4) returned 0x1 [0281.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0281.947] GetFileType (hFile=0x1f4) returned 0x1 [0281.947] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x8cc4 [0281.947] ReadFile (in: hFile=0x1f4, lpBuffer=0x25abc38, nNumberOfBytesToRead=0x8cc4, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25abc38*, lpNumberOfBytesRead=0x14edd8*=0x8cc4, lpOverlapped=0x0) returned 1 [0281.949] CloseHandle (hObject=0x1f4) returned 1 [0282.428] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a", lpFilePart=0x0) returned 0x34 [0282.428] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0282.428] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\yalawl-_dr.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0282.430] GetFileType (hFile=0x1f4) returned 0x1 [0282.430] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0282.430] GetFileType (hFile=0x1f4) returned 0x1 [0282.430] WriteFile (in: hFile=0x1f4, lpBuffer=0x2659d98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2659d98*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.432] WriteFile (in: hFile=0x1f4, lpBuffer=0x2659d98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2659d98*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.432] WriteFile (in: hFile=0x1f4, lpBuffer=0x2659d98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2659d98*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.433] WriteFile (in: hFile=0x1f4, lpBuffer=0x2659d98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2659d98*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.433] WriteFile (in: hFile=0x1f4, lpBuffer=0x2659d98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2659d98*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.434] WriteFile (in: hFile=0x1f4, lpBuffer=0x2659d98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2659d98*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.434] WriteFile (in: hFile=0x1f4, lpBuffer=0x2659d98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2659d98*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.434] WriteFile (in: hFile=0x1f4, lpBuffer=0x2659d98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2659d98*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.435] WriteFile (in: hFile=0x1f4, lpBuffer=0x2659d98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2659d98*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.435] WriteFile (in: hFile=0x1f4, lpBuffer=0x2659d98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2659d98*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.436] WriteFile (in: hFile=0x1f4, lpBuffer=0x2659d98*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2659d98*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.436] WriteFile (in: hFile=0x1f4, lpBuffer=0x2659d98*, nNumberOfBytesToWrite=0xc88, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2659d98*, lpNumberOfBytesWritten=0x14ec98*=0xc88, lpOverlapped=0x0) returned 1 [0282.436] CloseHandle (hObject=0x1f4) returned 1 [0282.439] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a", lpFilePart=0x0) returned 0x34 [0282.439] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a.ampkcz", lpFilePart=0x0) returned 0x3b [0282.440] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0282.440] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\yalawl-_dr.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x411cac10, ftCreationTime.dwHighDateTime=0x1d819b6, ftLastAccessTime.dwLowDateTime=0x205b0830, ftLastAccessTime.dwHighDateTime=0x1d81b75, ftLastWriteTime.dwLowDateTime=0x96bf79ae, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xbc88)) returned 1 [0282.440] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0282.440] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\yalawl-_dr.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\yAlAwl-_dR.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\yalawl-_dr.m4a.ampkcz")) returned 1 [0282.443] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a", lpFilePart=0x0) returned 0x39 [0282.443] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a", lpFilePart=0x0) returned 0x39 [0282.443] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a", dwFileAttributes=0x80) returned 1 [0282.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0282.444] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ytqzzwonpfqldit.m4a"), fInfoLevelId=0x0, lpFileInformation=0x265bce0 | out: lpFileInformation=0x265bce0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x2118dfa0, ftCreationTime.dwHighDateTime=0x1d8265a, ftLastAccessTime.dwLowDateTime=0x5ae71630, ftLastAccessTime.dwHighDateTime=0x1d8273a, ftLastWriteTime.dwLowDateTime=0x5ae71630, ftLastWriteTime.dwHighDateTime=0x1d8273a, nFileSizeHigh=0x0, nFileSizeLow=0x1815a)) returned 1 [0282.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0282.444] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a", lpFilePart=0x0) returned 0x39 [0282.444] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0282.444] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ytqzzwonpfqldit.m4a"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0282.444] GetFileType (hFile=0x1f4) returned 0x1 [0282.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0282.445] GetFileType (hFile=0x1f4) returned 0x1 [0282.445] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0x1815a [0282.445] ReadFile (in: hFile=0x1f4, lpBuffer=0x1269e940, nNumberOfBytesToRead=0x1815a, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x1269e940*, lpNumberOfBytesRead=0x14edd8*=0x1815a, lpOverlapped=0x0) returned 1 [0282.448] CloseHandle (hObject=0x1f4) returned 1 [0282.859] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a", lpFilePart=0x0) returned 0x39 [0282.859] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0282.859] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ytqzzwonpfqldit.m4a"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0282.861] GetFileType (hFile=0x1f4) returned 0x1 [0282.861] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0282.861] GetFileType (hFile=0x1f4) returned 0x1 [0282.861] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.862] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.863] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.863] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.864] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.864] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.864] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.865] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.865] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.865] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.866] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.866] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.866] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.867] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.867] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.868] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.868] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.868] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.869] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.869] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.869] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.871] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.871] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.872] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.872] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.873] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.874] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.875] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.875] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.875] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.876] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0282.876] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecb8, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ecb8*=0x1000, lpOverlapped=0x0) returned 1 [0282.876] WriteFile (in: hFile=0x1f4, lpBuffer=0x26d55f8*, nNumberOfBytesToWrite=0x2a0, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x26d55f8*, lpNumberOfBytesWritten=0x14ec98*=0x2a0, lpOverlapped=0x0) returned 1 [0282.876] CloseHandle (hObject=0x1f4) returned 1 [0282.877] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a", lpFilePart=0x0) returned 0x39 [0282.877] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a.ampkcz", lpFilePart=0x0) returned 0x40 [0282.877] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0282.877] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ytqzzwonpfqldit.m4a"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2118dfa0, ftCreationTime.dwHighDateTime=0x1d8265a, ftLastAccessTime.dwLowDateTime=0x5ae71630, ftLastAccessTime.dwHighDateTime=0x1d8273a, ftLastWriteTime.dwLowDateTime=0x97023a74, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x202a0)) returned 1 [0282.877] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0282.877] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ytqzzwonpfqldit.m4a"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\YtqzzWONpfQlDit.m4a.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\ytqzzwonpfqldit.m4a.ampkcz")) returned 1 [0282.881] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav", lpFilePart=0x0) returned 0x39 [0282.881] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav", lpFilePart=0x0) returned 0x39 [0282.881] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav", dwFileAttributes=0x80) returned 1 [0282.881] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0282.881] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\zk05xdemdefixeq.wav"), fInfoLevelId=0x0, lpFileInformation=0x26d78b0 | out: lpFileInformation=0x26d78b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xa7ac3b00, ftCreationTime.dwHighDateTime=0x1d81f40, ftLastAccessTime.dwLowDateTime=0x21d567a0, ftLastAccessTime.dwHighDateTime=0x1d82543, ftLastWriteTime.dwLowDateTime=0x21d567a0, ftLastWriteTime.dwHighDateTime=0x1d82543, nFileSizeHigh=0x0, nFileSizeLow=0xc67c)) returned 1 [0282.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0282.881] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav", lpFilePart=0x0) returned 0x39 [0282.881] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0282.882] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\zk05xdemdefixeq.wav"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0282.882] GetFileType (hFile=0x1f4) returned 0x1 [0282.882] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0282.882] GetFileType (hFile=0x1f4) returned 0x1 [0282.882] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0xc67c [0282.882] ReadFile (in: hFile=0x1f4, lpBuffer=0x26d7d70, nNumberOfBytesToRead=0xc67c, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x26d7d70*, lpNumberOfBytesRead=0x14edd8*=0xc67c, lpOverlapped=0x0) returned 1 [0282.883] CloseHandle (hObject=0x1f4) returned 1 [0283.293] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav", lpFilePart=0x0) returned 0x39 [0283.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0283.293] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\zk05xdemdefixeq.wav"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0283.295] GetFileType (hFile=0x1f4) returned 0x1 [0283.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0283.296] GetFileType (hFile=0x1f4) returned 0x1 [0283.296] WriteFile (in: hFile=0x1f4, lpBuffer=0x258f900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x258f900*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.297] WriteFile (in: hFile=0x1f4, lpBuffer=0x258f900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x258f900*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.298] WriteFile (in: hFile=0x1f4, lpBuffer=0x258f900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x258f900*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.298] WriteFile (in: hFile=0x1f4, lpBuffer=0x258f900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x258f900*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.299] WriteFile (in: hFile=0x1f4, lpBuffer=0x258f900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x258f900*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.299] WriteFile (in: hFile=0x1f4, lpBuffer=0x258f900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x258f900*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.299] WriteFile (in: hFile=0x1f4, lpBuffer=0x258f900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x258f900*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.300] WriteFile (in: hFile=0x1f4, lpBuffer=0x258f900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x258f900*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.300] WriteFile (in: hFile=0x1f4, lpBuffer=0x258f900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x258f900*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.301] WriteFile (in: hFile=0x1f4, lpBuffer=0x258f900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x258f900*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.301] WriteFile (in: hFile=0x1f4, lpBuffer=0x258f900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x258f900*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.302] WriteFile (in: hFile=0x1f4, lpBuffer=0x258f900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x258f900*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.302] WriteFile (in: hFile=0x1f4, lpBuffer=0x258f900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x258f900*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.302] WriteFile (in: hFile=0x1f4, lpBuffer=0x258f900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x258f900*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.303] WriteFile (in: hFile=0x1f4, lpBuffer=0x258f900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x258f900*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.303] WriteFile (in: hFile=0x1f4, lpBuffer=0x258f900*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x258f900*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.303] WriteFile (in: hFile=0x1f4, lpBuffer=0x258f900*, nNumberOfBytesToWrite=0x974, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x258f900*, lpNumberOfBytesWritten=0x14ec98*=0x974, lpOverlapped=0x0) returned 1 [0283.304] CloseHandle (hObject=0x1f4) returned 1 [0283.304] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav", lpFilePart=0x0) returned 0x39 [0283.304] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav.ampkcz", lpFilePart=0x0) returned 0x40 [0283.304] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0283.304] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\zk05xdemdefixeq.wav"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7ac3b00, ftCreationTime.dwHighDateTime=0x1d81f40, ftLastAccessTime.dwLowDateTime=0x21d567a0, ftLastAccessTime.dwHighDateTime=0x1d82543, ftLastWriteTime.dwLowDateTime=0x97436046, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x10974)) returned 1 [0283.304] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0283.304] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\zk05xdemdefixeq.wav"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\zk05xdEMdEfIxEq.wav.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\zk05xdemdefixeq.wav.ampkcz")) returned 1 [0283.306] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3", nBufferLength=0x105, lpBuffer=0x14ea20, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3", lpFilePart=0x0) returned 0x31 [0283.306] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3", lpFilePart=0x0) returned 0x31 [0283.306] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3", dwFileAttributes=0x80) returned 1 [0283.306] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eea0) returned 1 [0283.306] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\zwptfuw.mp3"), fInfoLevelId=0x0, lpFileInformation=0x2591130 | out: lpFileInformation=0x2591130*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x66d2c300, ftCreationTime.dwHighDateTime=0x1d8231a, ftLastAccessTime.dwLowDateTime=0xf7831e90, ftLastAccessTime.dwHighDateTime=0x1d82379, ftLastWriteTime.dwLowDateTime=0xf7831e90, ftLastWriteTime.dwHighDateTime=0x1d82379, nFileSizeHigh=0x0, nFileSizeLow=0xf1a8)) returned 1 [0283.306] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ee60) returned 1 [0283.306] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3", lpFilePart=0x0) returned 0x31 [0283.307] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed10) returned 1 [0283.307] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\zwptfuw.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0283.307] GetFileType (hFile=0x1f4) returned 0x1 [0283.307] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0283.307] GetFileType (hFile=0x1f4) returned 0x1 [0283.307] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eea8 | out: lpFileSizeHigh=0x14eea8*=0x0) returned 0xf1a8 [0283.307] ReadFile (in: hFile=0x1f4, lpBuffer=0x25915a0, nNumberOfBytesToRead=0xf1a8, lpNumberOfBytesRead=0x14edd8, lpOverlapped=0x0 | out: lpBuffer=0x25915a0*, lpNumberOfBytesRead=0x14edd8*=0xf1a8, lpOverlapped=0x0) returned 1 [0283.308] CloseHandle (hObject=0x1f4) returned 1 [0283.648] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3", nBufferLength=0x105, lpBuffer=0x14e770, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3", lpFilePart=0x0) returned 0x31 [0283.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0283.648] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\zwptfuw.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0283.650] GetFileType (hFile=0x1f4) returned 0x1 [0283.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebc0) returned 1 [0283.650] GetFileType (hFile=0x1f4) returned 0x1 [0283.651] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.652] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.652] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.653] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.653] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.653] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.654] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.654] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.655] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.655] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.655] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.656] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.656] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.656] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.657] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.657] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.658] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.658] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.658] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ed38, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ed38*=0x1000, lpOverlapped=0x0) returned 1 [0283.659] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ecb8, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ecb8*=0x1000, lpOverlapped=0x0) returned 1 [0283.659] WriteFile (in: hFile=0x1f4, lpBuffer=0x2522610*, nNumberOfBytesToWrite=0x308, lpNumberOfBytesWritten=0x14ec98, lpOverlapped=0x0 | out: lpBuffer=0x2522610*, lpNumberOfBytesWritten=0x14ec98*=0x308, lpOverlapped=0x0) returned 1 [0283.659] CloseHandle (hObject=0x1f4) returned 1 [0283.659] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3", lpFilePart=0x0) returned 0x31 [0283.659] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3.ampkcz", nBufferLength=0x105, lpBuffer=0x14e9d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3.ampkcz", lpFilePart=0x0) returned 0x38 [0283.659] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0283.659] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\zwptfuw.mp3"), fInfoLevelId=0x0, lpFileInformation=0x14eef0 | out: lpFileInformation=0x14eef0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66d2c300, ftCreationTime.dwHighDateTime=0x1d8231a, ftLastAccessTime.dwLowDateTime=0xf7831e90, ftLastAccessTime.dwHighDateTime=0x1d82379, ftLastWriteTime.dwLowDateTime=0x9779a807, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x14308)) returned 1 [0283.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0283.660] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\zwptfuw.mp3"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\ZWpTfUw.mp3.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\zwptfuw.mp3.ampkcz")) returned 1 [0283.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee80) returned 1 [0283.661] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", nBufferLength=0x105, lpBuffer=0x14e970, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming", lpFilePart=0x0) returned 0x25 [0283.661] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\", nBufferLength=0x105, lpBuffer=0x14e910, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\", lpFilePart=0x0) returned 0x26 [0283.661] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\*", lpFindFileData=0x14eb20 | out: lpFindFileData=0x14eb20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x9779bb7b, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9779bb7b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0283.661] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x9779bb7b, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9779bb7b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.661] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x43c7ba50, ftCreationTime.dwHighDateTime=0x1d823e7, ftLastAccessTime.dwLowDateTime=0x22a46f70, ftLastAccessTime.dwHighDateTime=0x1d8259b, ftLastWriteTime.dwLowDateTime=0x8f4a2491, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x108b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="26m3wwJK.mkv.ampkcz", cAlternateFileName="26M3WW~1.AMP")) returned 1 [0283.662] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x51e8f3d0, ftCreationTime.dwHighDateTime=0x1d82340, ftLastAccessTime.dwLowDateTime=0x59dc5af0, ftLastAccessTime.dwHighDateTime=0x1d824df, ftLastWriteTime.dwLowDateTime=0x8f9e945f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x4008, dwReserved0=0x0, dwReserved1=0x0, cFileName="3bOu8OSr4O3XSdd2k.jpg.ampkcz", cAlternateFileName="3BOU8O~1.AMP")) returned 1 [0283.662] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x721f3d60, ftCreationTime.dwHighDateTime=0x1d824ff, ftLastAccessTime.dwLowDateTime=0x27fd7440, ftLastAccessTime.dwHighDateTime=0x1d829b9, ftLastWriteTime.dwLowDateTime=0x8fdc8ea1, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x15cc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="5o9I RK.wav.ampkcz", cAlternateFileName="5O9IRK~1.AMP")) returned 1 [0283.662] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x73939f80, ftCreationTime.dwHighDateTime=0x1d81a2b, ftLastAccessTime.dwLowDateTime=0x2212fce0, ftLastAccessTime.dwHighDateTime=0x1d81ea0, ftLastWriteTime.dwLowDateTime=0x902da607, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x12fc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="5T5cbKa9sbk.flv.ampkcz", cAlternateFileName="5T5CBK~1.AMP")) returned 1 [0283.662] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3aa1d100, ftCreationTime.dwHighDateTime=0x1d82977, ftLastAccessTime.dwLowDateTime=0x73fe42f0, ftLastAccessTime.dwHighDateTime=0x1d829a7, ftLastWriteTime.dwLowDateTime=0x906c1fb3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xbc34, dwReserved0=0x0, dwReserved1=0x0, cFileName="6zi3qr.mkv.ampkcz", cAlternateFileName="6ZI3QR~1.AMP")) returned 1 [0283.662] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf51c2ba0, ftCreationTime.dwHighDateTime=0x1d82203, ftLastAccessTime.dwLowDateTime=0xba0bdc10, ftLastAccessTime.dwHighDateTime=0x1d8242c, ftLastWriteTime.dwLowDateTime=0x90af7caf, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x12908, dwReserved0=0x0, dwReserved1=0x0, cFileName="94ud1HrR9Y_WU.bmp.ampkcz", cAlternateFileName="94UD1H~1.AMP")) returned 1 [0283.662] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd0974e00, ftCreationTime.dwHighDateTime=0x1d81b9a, ftLastAccessTime.dwLowDateTime=0x8dcc9de0, ftLastAccessTime.dwHighDateTime=0x1d82686, ftLastWriteTime.dwLowDateTime=0x90e857d4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x176f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="a ecqnOlpldze.wav.ampkcz", cAlternateFileName="AECQNO~1.AMP")) returned 1 [0283.663] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0283.663] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x38073e40, ftCreationTime.dwHighDateTime=0x1d8224b, ftLastAccessTime.dwLowDateTime=0x116df7d0, ftLastAccessTime.dwHighDateTime=0x1d827d0, ftLastWriteTime.dwLowDateTime=0x913ff65b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x19b08, dwReserved0=0x0, dwReserved1=0x0, cFileName="anaF77a3Y2dxPrh-.mp3.ampkcz", cAlternateFileName="ANAF77~1.AMP")) returned 1 [0283.663] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x508b09f0, ftCreationTime.dwHighDateTime=0x1d8258f, ftLastAccessTime.dwLowDateTime=0xff2f5aa0, ftLastAccessTime.dwHighDateTime=0x1d829e6, ftLastWriteTime.dwLowDateTime=0x917f7bb8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x65c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="BHsw__kdcBRz2LW.avi.ampkcz", cAlternateFileName="BHSW__~1.AMP")) returned 1 [0283.663] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x20f2230, ftCreationTime.dwHighDateTime=0x1d822b9, ftLastAccessTime.dwLowDateTime=0xbd4269e0, ftLastAccessTime.dwHighDateTime=0x1d828a9, ftLastWriteTime.dwLowDateTime=0x91beb9b3, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x5820, dwReserved0=0x0, dwReserved1=0x0, cFileName="BifB.jpg.ampkcz", cAlternateFileName="BIFBJP~1.AMP")) returned 1 [0283.663] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b860d10, ftCreationTime.dwHighDateTime=0x1d825e7, ftLastAccessTime.dwLowDateTime=0xcaa918e0, ftLastAccessTime.dwHighDateTime=0x1d827f5, ftLastWriteTime.dwLowDateTime=0x9203d1f9, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x14e20, dwReserved0=0x0, dwReserved1=0x0, cFileName="CdDJEyiS 6.mkv.ampkcz", cAlternateFileName="CDDJEY~1.AMP")) returned 1 [0283.664] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed789db0, ftCreationTime.dwHighDateTime=0x1d81ead, ftLastAccessTime.dwLowDateTime=0x817aaaa0, ftLastAccessTime.dwHighDateTime=0x1d82834, ftLastWriteTime.dwLowDateTime=0x9241b2df, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x5a34, dwReserved0=0x0, dwReserved1=0x0, cFileName="dKt67585y2iGh.gif.ampkcz", cAlternateFileName="DKT675~1.AMP")) returned 1 [0283.664] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x32cde0c0, ftCreationTime.dwHighDateTime=0x1d8250f, ftLastAccessTime.dwLowDateTime=0x75e6a720, ftLastAccessTime.dwHighDateTime=0x1d82898, ftLastWriteTime.dwLowDateTime=0x9291f554, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xc108, dwReserved0=0x0, dwReserved1=0x0, cFileName="eDqY.ppt.ampkcz", cAlternateFileName="EDQYPP~1.AMP")) returned 1 [0283.664] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd21b7f80, ftCreationTime.dwHighDateTime=0x1d81f28, ftLastAccessTime.dwLowDateTime=0xdad4bb40, ftLastAccessTime.dwHighDateTime=0x1d82483, ftLastWriteTime.dwLowDateTime=0x92fccbb1, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x3288, dwReserved0=0x0, dwReserved1=0x0, cFileName="g4oiGp.swf.ampkcz", cAlternateFileName="G4OIGP~1.AMP")) returned 1 [0283.664] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbb718d50, ftCreationTime.dwHighDateTime=0x1d81d2b, ftLastAccessTime.dwLowDateTime=0x71e80d70, ftLastAccessTime.dwHighDateTime=0x1d82844, ftLastWriteTime.dwLowDateTime=0x9355ec15, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d5b4, dwReserved0=0x0, dwReserved1=0x0, cFileName="HKAU9J8_.swf.ampkcz", cAlternateFileName="HKAU9J~1.AMP")) returned 1 [0283.664] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x940d4d0, ftCreationTime.dwHighDateTime=0x1d82017, ftLastAccessTime.dwLowDateTime=0x23035520, ftLastAccessTime.dwHighDateTime=0x1d82808, ftLastWriteTime.dwLowDateTime=0x93b61a42, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1df4, dwReserved0=0x0, dwReserved1=0x0, cFileName="IyItXNxhKc.xlsx.ampkcz", cAlternateFileName="IYITXN~1.AMP")) returned 1 [0283.665] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb2483b40, ftCreationTime.dwHighDateTime=0x1d82300, ftLastAccessTime.dwLowDateTime=0xd4d8a940, ftLastAccessTime.dwHighDateTime=0x1d82924, ftLastWriteTime.dwLowDateTime=0x93fdb68c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c20, dwReserved0=0x0, dwReserved1=0x0, cFileName="j VYlUbVRoO.flv.ampkcz", cAlternateFileName="JVYLUB~1.AMP")) returned 1 [0283.665] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b0d2180, ftCreationTime.dwHighDateTime=0x1d81cea, ftLastAccessTime.dwLowDateTime=0xa099fdd0, ftLastAccessTime.dwHighDateTime=0x1d81f9e, ftLastWriteTime.dwLowDateTime=0x9449d8a4, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xf0a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="jzT8o_LwdcONDLO_.pps.ampkcz", cAlternateFileName="JZT8O_~1.AMP")) returned 1 [0283.665] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xa92f1c4e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa92f1c4e, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0283.665] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa34e52d0, ftCreationTime.dwHighDateTime=0x1d82609, ftLastAccessTime.dwLowDateTime=0x38f1bef0, ftLastAccessTime.dwHighDateTime=0x1d82725, ftLastWriteTime.dwLowDateTime=0x948c636d, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x175e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OL-VA6G.pptx.ampkcz", cAlternateFileName="OL-VA6~1.AMP")) returned 1 [0283.665] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa53021f0, ftCreationTime.dwHighDateTime=0x1d81b23, ftLastAccessTime.dwLowDateTime=0xb9a2fcc0, ftLastAccessTime.dwHighDateTime=0x1d826cc, ftLastWriteTime.dwLowDateTime=0x94d7603c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x17560, dwReserved0=0x0, dwReserved1=0x0, cFileName="pBOkipeqaxRxf.png.ampkcz", cAlternateFileName="PBOKIP~1.AMP")) returned 1 [0283.665] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x94ea6800, ftCreationTime.dwHighDateTime=0x1d82942, ftLastAccessTime.dwLowDateTime=0x7a0c3440, ftLastAccessTime.dwHighDateTime=0x1d829b1, ftLastWriteTime.dwLowDateTime=0x9516ee63, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1d74, dwReserved0=0x0, dwReserved1=0x0, cFileName="rA7pKV6vb6NNjN3.mp3.ampkcz", cAlternateFileName="RA7PKV~1.AMP")) returned 1 [0283.666] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8f4a875c, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x8f4a875c, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x8f4ac17e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0283.666] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x466a7a30, ftCreationTime.dwHighDateTime=0x1d81b4b, ftLastAccessTime.dwLowDateTime=0xa129a670, ftLastAccessTime.dwHighDateTime=0x1d81c37, ftLastWriteTime.dwLowDateTime=0x9551e266, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x2da0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RoUyJhW.ppt.ampkcz", cAlternateFileName="ROUYJH~1.AMP")) returned 1 [0283.666] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4e918e10, ftCreationTime.dwHighDateTime=0x1d81b82, ftLastAccessTime.dwLowDateTime=0xf0769e80, ftLastAccessTime.dwHighDateTime=0x1d82039, ftLastWriteTime.dwLowDateTime=0x958cf06f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x7274, dwReserved0=0x0, dwReserved1=0x0, cFileName="RWeWHj.m4a.ampkcz", cAlternateFileName="RWEWHJ~1.AMP")) returned 1 [0283.666] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x404638b4, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x404638b4, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x263f5400, ftLastWriteTime.dwHighDateTime=0x1d858e1, nFileSizeHigh=0x0, nFileSizeLow=0x6800, dwReserved0=0x0, dwReserved1=0x0, cFileName="svchost.exe", cAlternateFileName="")) returned 1 [0283.666] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x72aaeb90, ftCreationTime.dwHighDateTime=0x1d81f6d, ftLastAccessTime.dwLowDateTime=0x9aabb140, ftLastAccessTime.dwHighDateTime=0x1d823ac, ftLastWriteTime.dwLowDateTime=0x95d36e12, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xae08, dwReserved0=0x0, dwReserved1=0x0, cFileName="UwqOYWykrtHeh.rtf.ampkcz", cAlternateFileName="UWQOYW~1.AMP")) returned 1 [0283.667] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xed336df0, ftCreationTime.dwHighDateTime=0x1d8272a, ftLastAccessTime.dwLowDateTime=0x6e31b30, ftLastAccessTime.dwHighDateTime=0x1d82819, ftLastWriteTime.dwLowDateTime=0x9627f284, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xeef4, dwReserved0=0x0, dwReserved1=0x0, cFileName="vjk7n7dRr9wN-wBnko.gif.ampkcz", cAlternateFileName="VJK7N7~1.AMP")) returned 1 [0283.667] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2e1bd040, ftCreationTime.dwHighDateTime=0x1d81a20, ftLastAccessTime.dwLowDateTime=0x39b2070, ftLastAccessTime.dwHighDateTime=0x1d828fb, ftLastWriteTime.dwLowDateTime=0x96738a25, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1f4a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="x9uC54 FI0qgRIFge.gif.ampkcz", cAlternateFileName="X9UC54~1.AMP")) returned 1 [0283.667] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x411cac10, ftCreationTime.dwHighDateTime=0x1d819b6, ftLastAccessTime.dwLowDateTime=0x205b0830, ftLastAccessTime.dwHighDateTime=0x1d81b75, ftLastWriteTime.dwLowDateTime=0x96bf79ae, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xbc88, dwReserved0=0x0, dwReserved1=0x0, cFileName="yAlAwl-_dR.m4a.ampkcz", cAlternateFileName="YALAWL~1.AMP")) returned 1 [0283.667] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2118dfa0, ftCreationTime.dwHighDateTime=0x1d8265a, ftLastAccessTime.dwLowDateTime=0x5ae71630, ftLastAccessTime.dwHighDateTime=0x1d8273a, ftLastWriteTime.dwLowDateTime=0x97023a74, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x202a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="YtqzzWONpfQlDit.m4a.ampkcz", cAlternateFileName="YTQZZW~1.AMP")) returned 1 [0283.667] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa7ac3b00, ftCreationTime.dwHighDateTime=0x1d81f40, ftLastAccessTime.dwLowDateTime=0x21d567a0, ftLastAccessTime.dwHighDateTime=0x1d82543, ftLastWriteTime.dwLowDateTime=0x97436046, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x10974, dwReserved0=0x0, dwReserved1=0x0, cFileName="zk05xdEMdEfIxEq.wav.ampkcz", cAlternateFileName="ZK05XD~1.AMP")) returned 1 [0283.668] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66d2c300, ftCreationTime.dwHighDateTime=0x1d8231a, ftLastAccessTime.dwLowDateTime=0xf7831e90, ftLastAccessTime.dwHighDateTime=0x1d82379, ftLastWriteTime.dwLowDateTime=0x9779a807, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x14308, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZWpTfUw.mp3.ampkcz", cAlternateFileName="ZWPTFU~1.AMP")) returned 1 [0283.668] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14eb70 | out: lpFindFileData=0x14eb70*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x66d2c300, ftCreationTime.dwHighDateTime=0x1d8231a, ftLastAccessTime.dwLowDateTime=0xf7831e90, ftLastAccessTime.dwHighDateTime=0x1d82379, ftLastWriteTime.dwLowDateTime=0x9779a807, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x14308, dwReserved0=0x0, dwReserved1=0x0, cFileName="ZWpTfUw.mp3.ampkcz", cAlternateFileName="ZWPTFU~1.AMP")) returned 0 [0283.668] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0283.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14edd0) returned 1 [0283.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed90) returned 1 [0283.668] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0283.668] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe", lpFilePart=0x0) returned 0x2b [0283.668] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\", lpFilePart=0x0) returned 0x2c [0283.668] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0283.669] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.669] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0283.669] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 0 [0283.670] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0283.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0283.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0283.670] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0283.670] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe", lpFilePart=0x0) returned 0x2b [0283.670] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\", lpFilePart=0x0) returned 0x2c [0283.670] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0283.670] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.670] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Flash Player", cAlternateFileName="FLASHP~1")) returned 1 [0283.671] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0283.671] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0283.671] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0283.671] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0283.671] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0283.671] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player", lpFilePart=0x0) returned 0x38 [0283.671] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\", lpFilePart=0x0) returned 0x39 [0283.671] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0283.671] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.672] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NativeCache", cAlternateFileName="NATIVE~1")) returned 1 [0283.672] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NativeCache", cAlternateFileName="NATIVE~1")) returned 0 [0283.672] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0283.672] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0283.672] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0283.672] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0283.672] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player", lpFilePart=0x0) returned 0x38 [0283.672] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\", lpFilePart=0x0) returned 0x39 [0283.672] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0283.672] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.673] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NativeCache", cAlternateFileName="NATIVE~1")) returned 1 [0283.673] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0283.673] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0283.673] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0283.673] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0283.673] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0283.673] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache", lpFilePart=0x0) returned 0x44 [0283.673] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache\\", lpFilePart=0x0) returned 0x45 [0283.673] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0283.674] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.674] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0283.674] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0283.674] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0283.674] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0283.674] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0283.674] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache", lpFilePart=0x0) returned 0x44 [0283.674] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache\\", lpFilePart=0x0) returned 0x45 [0283.674] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0283.675] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.675] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42a37b71, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42a37b71, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42a37b71, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0283.675] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0283.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0283.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0283.675] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0283.675] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2f [0283.675] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\", lpFilePart=0x0) returned 0x30 [0283.675] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0283.676] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.676] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0283.676] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e898ff, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bibliography", cAlternateFileName="BIBLIO~1")) returned 1 [0283.676] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0283.676] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x816a7a21, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0283.676] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f1c4e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0283.677] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3cefc6a2, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0283.677] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMC", cAlternateFileName="")) returned 1 [0283.677] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0283.677] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0283.678] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0283.678] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0283.678] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling", cAlternateFileName="")) returned 1 [0283.678] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0283.678] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4984c62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4984c62, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0283.678] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb898985, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0xb898985, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0xb898985, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0283.679] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0283.679] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e4423, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 1 [0283.679] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e4423, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 0 [0283.679] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0283.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0283.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0283.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ee10) returned 1 [0283.679] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft", nBufferLength=0x105, lpBuffer=0x14e900, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft", lpFilePart=0x0) returned 0x2f [0283.680] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\", nBufferLength=0x105, lpBuffer=0x14e8a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\", lpFilePart=0x0) returned 0x30 [0283.680] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\*", lpFindFileData=0x14eab0 | out: lpFindFileData=0x14eab0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0283.680] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.680] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AddIns", cAlternateFileName="")) returned 1 [0283.680] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e898ff, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Bibliography", cAlternateFileName="BIBLIO~1")) returned 1 [0283.680] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Credentials", cAlternateFileName="CREDEN~1")) returned 1 [0283.680] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x816a7a21, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Building Blocks", cAlternateFileName="DOCUME~1")) returned 1 [0283.681] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f1c4e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Excel", cAlternateFileName="")) returned 1 [0283.681] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3cefc6a2, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xd9eaaa, ftLastWriteTime.dwHighDateTime=0x1d112e4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Internet Explorer", cAlternateFileName="INTERN~1")) returned 1 [0283.681] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MMC", cAlternateFileName="")) returned 1 [0283.681] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network", cAlternateFileName="")) returned 1 [0283.681] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Office", cAlternateFileName="")) returned 1 [0283.681] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x661c6965, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook", cAlternateFileName="")) returned 1 [0283.681] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Protect", cAlternateFileName="")) returned 1 [0283.682] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spelling", cAlternateFileName="")) returned 1 [0283.682] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemCertificates", cAlternateFileName="SYSTEM~1")) returned 1 [0283.682] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4984c62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4984c62, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0283.682] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb898985, ftCreationTime.dwHighDateTime=0x1d70071, ftLastAccessTime.dwLowDateTime=0xb898985, ftLastAccessTime.dwHighDateTime=0x1d70071, ftLastWriteTime.dwLowDateTime=0xb898985, ftLastWriteTime.dwHighDateTime=0x1d70071, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vault", cAlternateFileName="")) returned 1 [0283.682] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0283.682] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e4423, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x31c6a486, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word", cAlternateFileName="")) returned 1 [0283.682] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14eb00 | out: lpFindFileData=0x14eb00*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0283.682] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0283.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed60) returned 1 [0283.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed20) returned 1 [0283.683] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0283.683] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns", lpFilePart=0x0) returned 0x36 [0283.683] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns\\", lpFilePart=0x0) returned 0x37 [0283.683] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0283.683] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.684] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0283.684] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0283.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0283.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0283.684] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0283.684] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns", lpFilePart=0x0) returned 0x36 [0283.684] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns\\", lpFilePart=0x0) returned 0x37 [0283.684] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\AddIns\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0283.684] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.684] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x811e1db4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x811e1db4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x811e1db4, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0283.685] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0283.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0283.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0283.685] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0283.685] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography", lpFilePart=0x0) returned 0x3c [0283.685] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\", lpFilePart=0x0) returned 0x3d [0283.685] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0283.685] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.685] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9aa3d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Style", cAlternateFileName="")) returned 1 [0283.686] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9aa3d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Style", cAlternateFileName="")) returned 0 [0283.686] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0283.686] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0283.686] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0283.686] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0283.686] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography", lpFilePart=0x0) returned 0x3c [0283.686] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\", lpFilePart=0x0) returned 0x3d [0283.686] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687b40 [0283.687] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e898ff, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e898ff, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.687] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9aa3d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80e9aa3d, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Style", cAlternateFileName="")) returned 1 [0283.687] FindNextFileW (in: hFindFile=0x687b40, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0283.687] FindClose (in: hFindFile=0x687b40 | out: hFindFile=0x687b40) returned 1 [0283.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0283.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0283.687] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0283.687] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style", lpFilePart=0x0) returned 0x42 [0283.687] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\", lpFilePart=0x0) returned 0x43 [0283.687] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9aa3d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80ed2ca5, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0283.757] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9aa3d, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80ed2ca5, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0283.757] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80e9e60e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9e60e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a58ff51, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x51722, dwReserved0=0x0, dwReserved1=0x0, cFileName="APASixthEditionOfficeOnline.xsl", cAlternateFileName="APASIX~1.XSL")) returned 1 [0283.757] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ea6d97, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ea6d97, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a638a82, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x48839, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHICAGO.XSL", cAlternateFileName="")) returned 1 [0283.757] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eabbab, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eabbab, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a6d16e8, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x4197e, dwReserved0=0x0, dwReserved1=0x0, cFileName="GB.XSL", cAlternateFileName="")) returned 1 [0283.757] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eaf650, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eaf650, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a638a82, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3e966, dwReserved0=0x0, dwReserved1=0x0, cFileName="GostName.XSL", cAlternateFileName="")) returned 1 [0283.758] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eb319b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eb319b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a638a82, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3d639, dwReserved0=0x0, dwReserved1=0x0, cFileName="GostTitle.XSL", cAlternateFileName="GOSTTI~1.XSL")) returned 1 [0283.758] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eb804f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eb804f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a7ecfbc, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x45882, dwReserved0=0x0, dwReserved1=0x0, cFileName="HarvardAnglia2008OfficeOnline.xsl", cAlternateFileName="HARVAR~1.XSL")) returned 1 [0283.758] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ebb9a1, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ebb9a1, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x47e7d, dwReserved0=0x0, dwReserved1=0x0, cFileName="IEEE2006OfficeOnline.xsl", cAlternateFileName="IEEE20~1.XSL")) returned 1 [0283.758] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ec07b6, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ec07b6, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x42132, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISO690.XSL", cAlternateFileName="")) returned 1 [0283.758] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ec4265, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ec4265, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x351ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISO690Nmerical.XSL", cAlternateFileName="ISO690~1.XSL")) returned 1 [0283.759] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ecb8b4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ecb8b4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3e4f3, dwReserved0=0x0, dwReserved1=0x0, cFileName="MLASeventhEditionOfficeOnline.xsl", cAlternateFileName="MLASEV~1.XSL")) returned 1 [0283.759] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ed06d2, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ed06d2, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5b432832, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3d5c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="SIST02.XSL", cAlternateFileName="")) returned 1 [0283.760] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ed2ca5, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ed2ca5, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5b500917, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x54256, dwReserved0=0x0, dwReserved1=0x0, cFileName="TURABIAN.XSL", cAlternateFileName="")) returned 1 [0283.760] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0283.760] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0283.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0283.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0283.764] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl", lpFilePart=0x0) returned 0x62 [0283.764] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl", lpFilePart=0x0) returned 0x62 [0283.764] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl", dwFileAttributes=0x80) returned 1 [0283.766] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0283.766] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\apasixtheditionofficeonline.xsl"), fInfoLevelId=0x0, lpFileInformation=0x2539638 | out: lpFileInformation=0x2539638*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80e9e60e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9e60e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a58ff51, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x51722)) returned 1 [0283.766] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0283.766] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl", lpFilePart=0x0) returned 0x62 [0283.766] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0283.766] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\apasixtheditionofficeonline.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0283.766] GetFileType (hFile=0x1f4) returned 0x1 [0283.766] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0283.766] GetFileType (hFile=0x1f4) returned 0x1 [0283.766] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x51722 [0283.767] ReadFile (in: hFile=0x1f4, lpBuffer=0x12552838, nNumberOfBytesToRead=0x51722, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x12552838*, lpNumberOfBytesRead=0x14ec88*=0x51722, lpOverlapped=0x0) returned 1 [0283.774] CloseHandle (hObject=0x1f4) returned 1 [0284.184] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl", lpFilePart=0x0) returned 0x62 [0284.184] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0284.184] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\apasixtheditionofficeonline.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0284.194] GetFileType (hFile=0x1f4) returned 0x1 [0284.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0284.194] GetFileType (hFile=0x1f4) returned 0x1 [0284.194] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.196] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.197] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.197] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.198] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.198] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.199] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.199] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.199] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.200] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.200] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.200] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.201] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.201] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.202] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.202] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.202] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.203] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.203] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.203] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.204] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.204] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.204] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.205] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.205] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.205] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.206] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.206] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.207] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.207] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.207] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.208] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.208] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.209] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.209] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.209] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.210] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.210] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.211] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.211] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.211] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.212] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.212] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.212] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.213] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.213] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.213] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.214] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.214] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.214] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.214] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.215] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.215] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.215] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.216] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.216] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.217] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.217] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.217] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.218] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.218] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.219] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.219] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.219] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.220] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.221] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.222] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.222] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.222] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.223] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.223] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.224] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.224] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.224] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.225] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.225] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.225] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.226] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.226] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.227] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.227] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.228] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.228] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.229] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.231] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.231] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.231] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.232] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.232] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.233] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.233] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.233] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.234] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.234] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.235] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.235] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.235] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.236] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.236] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.237] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.237] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.238] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.238] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.239] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.239] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.239] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.240] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.240] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.241] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b30e0*, nNumberOfBytesToWrite=0xa60, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x25b30e0*, lpNumberOfBytesWritten=0x14eb48*=0xa60, lpOverlapped=0x0) returned 1 [0284.241] CloseHandle (hObject=0x1f4) returned 1 [0284.241] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl", lpFilePart=0x0) returned 0x62 [0284.241] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl.ampkcz", lpFilePart=0x0) returned 0x69 [0284.242] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0284.242] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\apasixtheditionofficeonline.xsl"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80e9e60e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9e60e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x97d26a4e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6ca60)) returned 1 [0284.242] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0284.242] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\apasixtheditionofficeonline.xsl"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\APASixthEditionOfficeOnline.xsl.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\apasixtheditionofficeonline.xsl.ampkcz")) returned 1 [0284.243] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\readme.txt", lpFilePart=0x0) returned 0x4d [0284.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb50) returned 1 [0284.244] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0284.244] GetFileType (hFile=0x1f4) returned 0x1 [0284.244] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eac0) returned 1 [0284.245] GetFileType (hFile=0x1f4) returned 0x1 [0284.246] WriteFile (in: hFile=0x1f4, lpBuffer=0x25b6498*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ebf8, lpOverlapped=0x0 | out: lpBuffer=0x25b6498*, lpNumberOfBytesWritten=0x14ebf8*=0x6c6, lpOverlapped=0x0) returned 1 [0284.247] CloseHandle (hObject=0x1f4) returned 1 [0284.248] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL", lpFilePart=0x0) returned 0x4e [0284.248] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL", lpFilePart=0x0) returned 0x4e [0284.248] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL", dwFileAttributes=0x80) returned 1 [0284.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0284.250] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\chicago.xsl"), fInfoLevelId=0x0, lpFileInformation=0x25b9368 | out: lpFileInformation=0x25b9368*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80ea6d97, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ea6d97, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a638a82, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x48839)) returned 1 [0284.250] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0284.250] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL", lpFilePart=0x0) returned 0x4e [0284.250] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0284.250] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\chicago.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0284.251] GetFileType (hFile=0x1f4) returned 0x1 [0284.251] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0284.251] GetFileType (hFile=0x1f4) returned 0x1 [0284.251] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x48839 [0284.356] ReadFile (in: hFile=0x1f4, lpBuffer=0x1292aad8, nNumberOfBytesToRead=0x48839, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x1292aad8*, lpNumberOfBytesRead=0x14ec88*=0x48839, lpOverlapped=0x0) returned 1 [0284.433] CloseHandle (hObject=0x1f4) returned 1 [0284.905] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL", lpFilePart=0x0) returned 0x4e [0284.905] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0284.905] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\chicago.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0284.909] GetFileType (hFile=0x1f4) returned 0x1 [0284.909] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0284.909] GetFileType (hFile=0x1f4) returned 0x1 [0284.910] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.911] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.911] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.912] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.912] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.913] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.913] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.913] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.914] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.914] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.914] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.915] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.915] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.916] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.916] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.916] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.917] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.917] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.917] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.918] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.918] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.919] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.919] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.919] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.920] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.920] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.920] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.921] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.921] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.922] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.922] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.922] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.923] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.923] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.923] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.924] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.924] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.924] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.925] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.925] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.925] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.926] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.926] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.926] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.927] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.927] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.927] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.929] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.929] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.930] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.930] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.931] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.931] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.931] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.932] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.933] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.933] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.933] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.934] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.934] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.934] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.935] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.935] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.936] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.936] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.937] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.937] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.938] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.938] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.938] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.939] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.939] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.939] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.940] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.940] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.940] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.941] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.941] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.941] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.941] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.942] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.942] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.942] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.943] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.943] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.943] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.943] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.944] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.944] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.944] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.945] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.945] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.945] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.945] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.946] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.946] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0284.946] WriteFile (in: hFile=0x1f4, lpBuffer=0x259bf40*, nNumberOfBytesToWrite=0xbc8, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x259bf40*, lpNumberOfBytesWritten=0x14eb48*=0xbc8, lpOverlapped=0x0) returned 1 [0284.947] CloseHandle (hObject=0x1f4) returned 1 [0284.947] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL", lpFilePart=0x0) returned 0x4e [0284.947] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL.ampkcz", lpFilePart=0x0) returned 0x55 [0284.947] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0284.947] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\chicago.xsl"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ea6d97, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ea6d97, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983e1dfd, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x60bc8)) returned 1 [0284.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0284.947] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\chicago.xsl"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\CHICAGO.XSL.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\chicago.xsl.ampkcz")) returned 1 [0284.952] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL", lpFilePart=0x0) returned 0x49 [0284.952] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL", lpFilePart=0x0) returned 0x49 [0284.952] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL", dwFileAttributes=0x80) returned 1 [0284.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0284.953] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gb.xsl"), fInfoLevelId=0x0, lpFileInformation=0x259e8e8 | out: lpFileInformation=0x259e8e8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80eabbab, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eabbab, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a6d16e8, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x4197e)) returned 1 [0284.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0284.953] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL", lpFilePart=0x0) returned 0x49 [0284.953] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0284.953] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gb.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0284.953] GetFileType (hFile=0x1f4) returned 0x1 [0284.953] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0284.953] GetFileType (hFile=0x1f4) returned 0x1 [0284.953] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x4197e [0284.955] ReadFile (in: hFile=0x1f4, lpBuffer=0x128179d8, nNumberOfBytesToRead=0x4197e, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x128179d8*, lpNumberOfBytesRead=0x14ec88*=0x4197e, lpOverlapped=0x0) returned 1 [0284.960] CloseHandle (hObject=0x1f4) returned 1 [0285.341] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL", lpFilePart=0x0) returned 0x49 [0285.341] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0285.341] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gb.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0285.345] GetFileType (hFile=0x1f4) returned 0x1 [0285.345] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0285.345] GetFileType (hFile=0x1f4) returned 0x1 [0285.345] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.347] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.347] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.347] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.348] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.348] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.349] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.349] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.349] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.350] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.350] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.350] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.351] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.351] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.351] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.352] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.352] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.352] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.353] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.353] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.354] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.354] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.354] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.355] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.355] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.355] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.356] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.356] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.356] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.357] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.357] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.358] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.358] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.358] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.359] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.359] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.360] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.360] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.360] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.361] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.361] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.361] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.362] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.362] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.362] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.363] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.363] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.364] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.364] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.364] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.365] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.365] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.365] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.366] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.367] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.368] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.368] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.368] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.369] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.369] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.370] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.370] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.370] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.371] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.371] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.372] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.372] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.372] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.373] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.373] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.373] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.373] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.374] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.374] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.374] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.374] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.375] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.375] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.375] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.375] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.376] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.376] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.376] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.377] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.377] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.377] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.378] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.378] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c20*, nNumberOfBytesToWrite=0x820, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x2524c20*, lpNumberOfBytesWritten=0x14eb48*=0x820, lpOverlapped=0x0) returned 1 [0285.378] CloseHandle (hObject=0x1f4) returned 1 [0285.379] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL", lpFilePart=0x0) returned 0x49 [0285.379] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL.ampkcz", lpFilePart=0x0) returned 0x50 [0285.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0285.379] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gb.xsl"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eabbab, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eabbab, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x987ffc01, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x57820)) returned 1 [0285.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0285.379] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gb.xsl"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GB.XSL.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gb.xsl.ampkcz")) returned 1 [0285.383] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL", lpFilePart=0x0) returned 0x4f [0285.383] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL", lpFilePart=0x0) returned 0x4f [0285.383] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL", dwFileAttributes=0x80) returned 1 [0285.383] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0285.383] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gostname.xsl"), fInfoLevelId=0x0, lpFileInformation=0x25275c0 | out: lpFileInformation=0x25275c0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80eaf650, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eaf650, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a638a82, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3e966)) returned 1 [0285.383] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0285.383] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL", lpFilePart=0x0) returned 0x4f [0285.384] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0285.384] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gostname.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0285.384] GetFileType (hFile=0x1f4) returned 0x1 [0285.384] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0285.384] GetFileType (hFile=0x1f4) returned 0x1 [0285.384] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x3e966 [0285.384] ReadFile (in: hFile=0x1f4, lpBuffer=0x127d0178, nNumberOfBytesToRead=0x3e966, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x127d0178*, lpNumberOfBytesRead=0x14ec88*=0x3e966, lpOverlapped=0x0) returned 1 [0285.388] CloseHandle (hObject=0x1f4) returned 1 [0285.785] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL", lpFilePart=0x0) returned 0x4f [0285.785] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0285.785] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gostname.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0285.795] GetFileType (hFile=0x1f4) returned 0x1 [0285.795] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0285.795] GetFileType (hFile=0x1f4) returned 0x1 [0285.796] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.797] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.798] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.798] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.799] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.799] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.800] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.801] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.801] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.802] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.802] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.803] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.803] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.803] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.804] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.805] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.805] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.806] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.806] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.807] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.807] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.808] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.808] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.810] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.811] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.811] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.812] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.812] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.813] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.813] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.814] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.814] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.815] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.816] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.816] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.817] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.817] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.818] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.818] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.819] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.819] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.820] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.820] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.821] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.821] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.822] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.822] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.823] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.823] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.824] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.824] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.825] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.825] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.826] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.826] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.827] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.827] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.828] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.829] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.830] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.831] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.831] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.831] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.832] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.832] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.834] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.834] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.834] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.835] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.835] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.835] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.836] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.836] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.836] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.837] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.837] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.837] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.838] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.838] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.839] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.839] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.840] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.840] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0285.841] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bf8*, nNumberOfBytesToWrite=0x808, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x2524bf8*, lpNumberOfBytesWritten=0x14eb48*=0x808, lpOverlapped=0x0) returned 1 [0285.884] CloseHandle (hObject=0x1f4) returned 1 [0285.884] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL", lpFilePart=0x0) returned 0x4f [0285.884] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL.ampkcz", lpFilePart=0x0) returned 0x56 [0285.884] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0285.884] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gostname.xsl"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eaf650, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eaf650, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98cd123f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x53808)) returned 1 [0285.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0285.885] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gostname.xsl"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostName.XSL.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gostname.xsl.ampkcz")) returned 1 [0285.890] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL", lpFilePart=0x0) returned 0x50 [0285.890] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL", lpFilePart=0x0) returned 0x50 [0285.890] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL", dwFileAttributes=0x80) returned 1 [0285.891] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0285.891] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gosttitle.xsl"), fInfoLevelId=0x0, lpFileInformation=0x25275b0 | out: lpFileInformation=0x25275b0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80eb319b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eb319b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a638a82, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3d639)) returned 1 [0285.891] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0285.891] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL", lpFilePart=0x0) returned 0x50 [0285.891] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0285.891] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gosttitle.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0285.892] GetFileType (hFile=0x1f4) returned 0x1 [0285.892] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0285.892] GetFileType (hFile=0x1f4) returned 0x1 [0285.892] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x3d639 [0285.910] ReadFile (in: hFile=0x1f4, lpBuffer=0x12733d98, nNumberOfBytesToRead=0x3d639, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x12733d98*, lpNumberOfBytesRead=0x14ec88*=0x3d639, lpOverlapped=0x0) returned 1 [0285.915] CloseHandle (hObject=0x1f4) returned 1 [0286.402] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL", lpFilePart=0x0) returned 0x50 [0286.402] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0286.402] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gosttitle.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0286.406] GetFileType (hFile=0x1f4) returned 0x1 [0286.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0286.406] GetFileType (hFile=0x1f4) returned 0x1 [0286.407] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.409] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.409] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.410] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.410] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.411] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.411] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.412] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.412] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.413] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.413] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.414] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.414] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.414] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.415] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.417] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.418] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.420] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.421] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.421] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.422] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.422] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.423] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.423] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.424] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.424] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.425] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.425] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.426] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.426] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.426] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.427] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.428] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.428] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.429] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.429] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.430] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.430] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.431] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.431] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.432] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.432] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.432] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.433] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.433] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.434] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.434] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.435] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.435] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.436] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.436] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.437] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.437] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.438] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.438] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.439] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.440] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.440] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.440] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.441] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.442] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.442] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.442] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.443] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.443] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.445] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.445] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.445] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.446] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.446] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.446] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.447] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.447] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.448] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.448] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.448] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.449] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.449] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.450] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.450] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.451] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.451] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524bd8*, nNumberOfBytesToWrite=0xe74, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x2524bd8*, lpNumberOfBytesWritten=0x14eb48*=0xe74, lpOverlapped=0x0) returned 1 [0286.451] CloseHandle (hObject=0x1f4) returned 1 [0286.452] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL", lpFilePart=0x0) returned 0x50 [0286.452] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL.ampkcz", lpFilePart=0x0) returned 0x57 [0286.452] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0286.452] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gosttitle.xsl"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eb319b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eb319b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9923b6a1, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x51e74)) returned 1 [0286.452] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0286.452] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gosttitle.xsl"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\GostTitle.XSL.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\gosttitle.xsl.ampkcz")) returned 1 [0286.460] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl", lpFilePart=0x0) returned 0x64 [0286.460] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl", lpFilePart=0x0) returned 0x64 [0286.460] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl", dwFileAttributes=0x80) returned 1 [0286.461] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0286.461] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\harvardanglia2008officeonline.xsl"), fInfoLevelId=0x0, lpFileInformation=0x25275c0 | out: lpFileInformation=0x25275c0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80eb804f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eb804f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5a7ecfbc, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x45882)) returned 1 [0286.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0286.462] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl", lpFilePart=0x0) returned 0x64 [0286.462] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0286.462] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\harvardanglia2008officeonline.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0286.462] GetFileType (hFile=0x1f4) returned 0x1 [0286.462] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0286.462] GetFileType (hFile=0x1f4) returned 0x1 [0286.462] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x45882 [0286.462] ReadFile (in: hFile=0x1f4, lpBuffer=0x12729db8, nNumberOfBytesToRead=0x45882, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x12729db8*, lpNumberOfBytesRead=0x14ec88*=0x45882, lpOverlapped=0x0) returned 1 [0286.492] CloseHandle (hObject=0x1f4) returned 1 [0286.915] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl", lpFilePart=0x0) returned 0x64 [0286.915] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0286.915] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\harvardanglia2008officeonline.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0286.920] GetFileType (hFile=0x1f4) returned 0x1 [0286.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0286.920] GetFileType (hFile=0x1f4) returned 0x1 [0286.920] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.922] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.922] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.923] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.923] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.923] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.924] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.924] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.924] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.925] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.925] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.926] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.926] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.927] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.927] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.927] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.928] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.928] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.929] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.929] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.930] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.931] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.931] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.932] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.932] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.932] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.933] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.933] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.933] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.934] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.934] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.934] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.935] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.935] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.936] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.936] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.936] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.937] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.937] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.937] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.938] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.938] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.939] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.939] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.940] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.940] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.940] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.941] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.941] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.942] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.942] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.942] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.943] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.943] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.944] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.944] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.944] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.945] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.945] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.945] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.946] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.947] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.947] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.947] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.947] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.949] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.949] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.950] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.951] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.952] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.952] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.952] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.953] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.953] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.953] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.953] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.954] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.954] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.954] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.955] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.955] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.955] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.956] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.956] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.956] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.956] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.957] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.957] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.957] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.958] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.958] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.958] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0286.958] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247f8*, nNumberOfBytesToWrite=0xc34, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x25247f8*, lpNumberOfBytesWritten=0x14eb48*=0xc34, lpOverlapped=0x0) returned 1 [0286.959] CloseHandle (hObject=0x1f4) returned 1 [0286.959] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl", lpFilePart=0x0) returned 0x64 [0286.959] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl.ampkcz", lpFilePart=0x0) returned 0x6b [0286.959] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0286.959] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\harvardanglia2008officeonline.xsl"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eb804f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eb804f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x99711cc8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x5cc34)) returned 1 [0286.959] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0286.959] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\harvardanglia2008officeonline.xsl"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\HarvardAnglia2008OfficeOnline.xsl.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\harvardanglia2008officeonline.xsl.ampkcz")) returned 1 [0286.964] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl", lpFilePart=0x0) returned 0x5b [0286.964] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl", lpFilePart=0x0) returned 0x5b [0286.964] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl", dwFileAttributes=0x80) returned 1 [0286.964] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0286.964] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\ieee2006officeonline.xsl"), fInfoLevelId=0x0, lpFileInformation=0x2527248 | out: lpFileInformation=0x2527248*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80ebb9a1, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ebb9a1, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x47e7d)) returned 1 [0286.965] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0286.965] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl", lpFilePart=0x0) returned 0x5b [0286.965] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0286.965] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\ieee2006officeonline.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0286.965] GetFileType (hFile=0x1f4) returned 0x1 [0286.965] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0286.965] GetFileType (hFile=0x1f4) returned 0x1 [0286.965] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x47e7d [0286.965] ReadFile (in: hFile=0x1f4, lpBuffer=0x126e2a70, nNumberOfBytesToRead=0x47e7d, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x126e2a70*, lpNumberOfBytesRead=0x14ec88*=0x47e7d, lpOverlapped=0x0) returned 1 [0286.971] CloseHandle (hObject=0x1f4) returned 1 [0287.439] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl", lpFilePart=0x0) returned 0x5b [0287.439] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0287.439] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\ieee2006officeonline.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0287.444] GetFileType (hFile=0x1f4) returned 0x1 [0287.444] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0287.444] GetFileType (hFile=0x1f4) returned 0x1 [0287.444] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.446] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.447] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.447] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.448] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.448] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.450] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.450] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.451] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.451] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.452] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.452] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.453] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.453] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.454] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.454] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.455] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.456] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.456] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.457] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.457] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.458] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.458] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.459] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.459] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.459] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.460] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.460] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.461] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.461] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.462] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.462] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.463] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.464] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.464] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.465] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.466] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.467] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.467] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.468] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.468] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.469] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.469] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.470] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.470] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.471] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.471] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.472] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.472] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.473] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.473] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.474] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.475] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.475] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.476] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.476] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.477] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.477] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.478] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.478] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.479] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.480] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.480] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.480] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.481] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.482] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.483] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.483] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.483] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.484] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.484] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.484] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.485] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.485] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.486] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.489] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.490] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.490] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.491] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.491] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.491] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.492] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.492] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.492] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.493] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.493] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.493] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.494] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.494] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.495] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.495] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.495] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.496] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.496] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.497] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0287.497] WriteFile (in: hFile=0x1f4, lpBuffer=0x25247c0*, nNumberOfBytesToWrite=0xec8, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x25247c0*, lpNumberOfBytesWritten=0x14eb48*=0xec8, lpOverlapped=0x0) returned 1 [0287.498] CloseHandle (hObject=0x1f4) returned 1 [0287.498] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl", lpFilePart=0x0) returned 0x5b [0287.498] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl.ampkcz", lpFilePart=0x0) returned 0x62 [0287.498] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0287.498] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\ieee2006officeonline.xsl"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ebb9a1, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ebb9a1, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x99c35034, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x5fec8)) returned 1 [0287.498] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0287.498] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\ieee2006officeonline.xsl"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\IEEE2006OfficeOnline.xsl.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\ieee2006officeonline.xsl.ampkcz")) returned 1 [0287.509] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL", lpFilePart=0x0) returned 0x4d [0287.509] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL", lpFilePart=0x0) returned 0x4d [0287.509] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL", dwFileAttributes=0x80) returned 1 [0287.510] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0287.510] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690.xsl"), fInfoLevelId=0x0, lpFileInformation=0x25271b8 | out: lpFileInformation=0x25271b8*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80ec07b6, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ec07b6, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x42132)) returned 1 [0287.510] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0287.510] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL", lpFilePart=0x0) returned 0x4d [0287.510] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0287.510] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0287.510] GetFileType (hFile=0x1f4) returned 0x1 [0287.510] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0287.510] GetFileType (hFile=0x1f4) returned 0x1 [0287.510] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x42132 [0287.511] ReadFile (in: hFile=0x1f4, lpBuffer=0x126f1ab0, nNumberOfBytesToRead=0x42132, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x126f1ab0*, lpNumberOfBytesRead=0x14ec88*=0x42132, lpOverlapped=0x0) returned 1 [0287.560] CloseHandle (hObject=0x1f4) returned 1 [0288.168] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL", lpFilePart=0x0) returned 0x4d [0288.168] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0288.169] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0288.173] GetFileType (hFile=0x1f4) returned 0x1 [0288.174] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0288.174] GetFileType (hFile=0x1f4) returned 0x1 [0288.174] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.177] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.178] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.178] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.179] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.179] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.180] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.180] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.181] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.182] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.182] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.183] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.183] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.184] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.184] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.185] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.191] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.192] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.192] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.193] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.193] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.194] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.195] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.195] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.196] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.197] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.201] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.201] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.202] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.203] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.203] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.204] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.204] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.205] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.205] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.206] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.207] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.207] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.208] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.208] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.209] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.209] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.210] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.210] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.211] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.211] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.212] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.212] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.213] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.214] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.214] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.215] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.216] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.216] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.217] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.218] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.218] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.219] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.219] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.220] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.220] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.221] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.222] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.222] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.223] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.224] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.225] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.225] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.225] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.227] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.227] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.228] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.228] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.229] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.229] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.229] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.230] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.230] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.231] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.231] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.231] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.232] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.232] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.233] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.233] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.233] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.233] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.234] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14eb68, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14eb68*=0x1000, lpOverlapped=0x0) returned 1 [0288.235] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524768*, nNumberOfBytesToWrite=0x274, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x2524768*, lpNumberOfBytesWritten=0x14eb48*=0x274, lpOverlapped=0x0) returned 1 [0288.235] CloseHandle (hObject=0x1f4) returned 1 [0288.235] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL", lpFilePart=0x0) returned 0x4d [0288.235] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL.ampkcz", lpFilePart=0x0) returned 0x54 [0288.236] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0288.236] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690.xsl"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ec07b6, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ec07b6, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9a33e465, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x58274)) returned 1 [0288.236] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0288.236] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690.xsl"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690.XSL.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690.xsl.ampkcz")) returned 1 [0288.242] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL", lpFilePart=0x0) returned 0x55 [0288.242] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL", lpFilePart=0x0) returned 0x55 [0288.242] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL", dwFileAttributes=0x80) returned 1 [0288.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0288.243] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690nmerical.xsl"), fInfoLevelId=0x0, lpFileInformation=0x2527128 | out: lpFileInformation=0x2527128*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80ec4265, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ec4265, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x351ea)) returned 1 [0288.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0288.243] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL", lpFilePart=0x0) returned 0x55 [0288.243] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0288.243] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690nmerical.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0288.243] GetFileType (hFile=0x1f4) returned 0x1 [0288.243] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0288.243] GetFileType (hFile=0x1f4) returned 0x1 [0288.243] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x351ea [0288.243] ReadFile (in: hFile=0x1f4, lpBuffer=0x126ccc20, nNumberOfBytesToRead=0x351ea, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x126ccc20*, lpNumberOfBytesRead=0x14ec88*=0x351ea, lpOverlapped=0x0) returned 1 [0288.250] CloseHandle (hObject=0x1f4) returned 1 [0288.745] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL", lpFilePart=0x0) returned 0x55 [0288.745] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0288.745] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690nmerical.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0288.749] GetFileType (hFile=0x1f4) returned 0x1 [0288.749] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0288.749] GetFileType (hFile=0x1f4) returned 0x1 [0288.749] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.751] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.751] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.752] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.752] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.753] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.753] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.754] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.754] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.755] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.755] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.756] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.756] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.757] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.757] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.758] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.758] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.759] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.760] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.760] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.761] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.761] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.762] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.762] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.763] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.763] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.764] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.764] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.765] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.765] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.766] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.766] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.767] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.767] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.768] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.768] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.769] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.770] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.770] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.771] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.771] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.772] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.772] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.773] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.773] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.774] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.774] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.775] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.775] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.776] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.778] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.779] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.779] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.780] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.780] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.781] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.781] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.782] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.782] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.783] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.783] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.784] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.785] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.785] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.786] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.787] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.788] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.788] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.789] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.789] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0288.790] WriteFile (in: hFile=0x1f4, lpBuffer=0x25229f0*, nNumberOfBytesToWrite=0xe08, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x25229f0*, lpNumberOfBytesWritten=0x14eb48*=0xe08, lpOverlapped=0x0) returned 1 [0288.790] CloseHandle (hObject=0x1f4) returned 1 [0288.790] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL", lpFilePart=0x0) returned 0x55 [0288.790] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL.ampkcz", lpFilePart=0x0) returned 0x5c [0288.790] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0288.790] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690nmerical.xsl"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ec4265, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ec4265, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9a887ccc, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x46e08)) returned 1 [0288.791] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0288.791] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690nmerical.xsl"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\ISO690Nmerical.XSL.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\iso690nmerical.xsl.ampkcz")) returned 1 [0288.796] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl", lpFilePart=0x0) returned 0x64 [0288.796] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl", lpFilePart=0x0) returned 0x64 [0288.796] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl", dwFileAttributes=0x80) returned 1 [0288.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0288.798] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\mlaseventheditionofficeonline.xsl"), fInfoLevelId=0x0, lpFileInformation=0x2525400 | out: lpFileInformation=0x2525400*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80ecb8b4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ecb8b4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5afed704, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3e4f3)) returned 1 [0288.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0288.798] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl", lpFilePart=0x0) returned 0x64 [0288.798] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0288.798] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\mlaseventheditionofficeonline.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0288.798] GetFileType (hFile=0x1f4) returned 0x1 [0288.798] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0288.799] GetFileType (hFile=0x1f4) returned 0x1 [0288.799] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x3e4f3 [0288.800] ReadFile (in: hFile=0x1f4, lpBuffer=0x125b7e38, nNumberOfBytesToRead=0x3e4f3, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x125b7e38*, lpNumberOfBytesRead=0x14ec88*=0x3e4f3, lpOverlapped=0x0) returned 1 [0288.879] CloseHandle (hObject=0x1f4) returned 1 [0289.334] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl", lpFilePart=0x0) returned 0x64 [0289.334] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0289.334] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\mlaseventheditionofficeonline.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0289.337] GetFileType (hFile=0x1f4) returned 0x1 [0289.337] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0289.337] GetFileType (hFile=0x1f4) returned 0x1 [0289.337] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.339] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.340] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.340] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.341] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.341] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.342] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.343] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.343] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.344] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.344] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.345] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.345] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.346] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.346] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.346] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.347] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.347] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.347] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.348] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.348] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.349] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.349] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.349] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.350] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.350] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.350] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.351] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.351] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.351] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.352] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.353] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.353] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.353] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.354] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.354] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.355] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.355] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.355] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.356] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.356] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.357] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.357] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.358] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.358] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.358] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.359] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.359] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.359] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.361] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.362] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.362] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.363] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.363] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.363] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.364] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.364] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.365] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.365] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.366] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.366] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.367] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.367] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.367] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.367] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.369] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.369] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.369] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.370] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.370] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.370] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.370] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.371] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.371] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.371] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.372] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.372] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.372] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.372] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.373] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.373] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.373] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0289.374] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14eb68, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14eb68*=0x1000, lpOverlapped=0x0) returned 1 [0289.374] WriteFile (in: hFile=0x1f4, lpBuffer=0x259f490*, nNumberOfBytesToWrite=0x220, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x259f490*, lpNumberOfBytesWritten=0x14eb48*=0x220, lpOverlapped=0x0) returned 1 [0289.374] CloseHandle (hObject=0x1f4) returned 1 [0289.374] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl", lpFilePart=0x0) returned 0x64 [0289.374] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl.ampkcz", lpFilePart=0x0) returned 0x6b [0289.374] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0289.375] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\mlaseventheditionofficeonline.xsl"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ecb8b4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ecb8b4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9ae1a41b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x53220)) returned 1 [0289.375] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0289.375] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\mlaseventheditionofficeonline.xsl"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\MLASeventhEditionOfficeOnline.xsl.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\mlaseventheditionofficeonline.xsl.ampkcz")) returned 1 [0289.379] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL", lpFilePart=0x0) returned 0x4d [0289.379] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL", lpFilePart=0x0) returned 0x4d [0289.379] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL", dwFileAttributes=0x80) returned 1 [0289.379] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0289.379] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\sist02.xsl"), fInfoLevelId=0x0, lpFileInformation=0x25a1ec0 | out: lpFileInformation=0x25a1ec0*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80ed06d2, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ed06d2, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5b432832, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x3d5c8)) returned 1 [0289.379] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0289.380] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL", lpFilePart=0x0) returned 0x4d [0289.380] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0289.380] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\sist02.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0289.380] GetFileType (hFile=0x1f4) returned 0x1 [0289.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0289.380] GetFileType (hFile=0x1f4) returned 0x1 [0289.380] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x3d5c8 [0289.516] ReadFile (in: hFile=0x1f4, lpBuffer=0x1252a1e8, nNumberOfBytesToRead=0x3d5c8, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x1252a1e8*, lpNumberOfBytesRead=0x14ec88*=0x3d5c8, lpOverlapped=0x0) returned 1 [0289.572] CloseHandle (hObject=0x1f4) returned 1 [0290.059] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL", lpFilePart=0x0) returned 0x4d [0290.059] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0290.059] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\sist02.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0290.062] GetFileType (hFile=0x1f4) returned 0x1 [0290.062] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0290.062] GetFileType (hFile=0x1f4) returned 0x1 [0290.063] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.064] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.064] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.065] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.065] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.066] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.066] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.066] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.067] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.067] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.068] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.068] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.068] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.069] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.069] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.069] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.070] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.070] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.071] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.071] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.071] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.072] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.072] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.073] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.073] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.073] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.075] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.075] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.076] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.076] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.077] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.077] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.078] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.078] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.078] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.079] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.079] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.080] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.081] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.081] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.081] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.082] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.082] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.082] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.083] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.083] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.083] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.084] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.084] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.085] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.085] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.085] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.086] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.086] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.087] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.087] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.088] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.088] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.088] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.089] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.089] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.090] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.090] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.090] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.091] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.092] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.092] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.093] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.093] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.093] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.094] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.094] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.094] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.095] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.095] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.096] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.096] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.096] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.096] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.097] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.097] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.098] WriteFile (in: hFile=0x1f4, lpBuffer=0x259b598*, nNumberOfBytesToWrite=0xde0, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x259b598*, lpNumberOfBytesWritten=0x14eb48*=0xde0, lpOverlapped=0x0) returned 1 [0290.098] CloseHandle (hObject=0x1f4) returned 1 [0290.098] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL", lpFilePart=0x0) returned 0x4d [0290.098] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL.ampkcz", lpFilePart=0x0) returned 0x54 [0290.098] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0290.098] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\sist02.xsl"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ed06d2, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ed06d2, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9b501f7f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x51de0)) returned 1 [0290.099] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0290.099] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\sist02.xsl"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\SIST02.XSL.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\sist02.xsl.ampkcz")) returned 1 [0290.103] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL", lpFilePart=0x0) returned 0x4f [0290.103] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL", lpFilePart=0x0) returned 0x4f [0290.103] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL", dwFileAttributes=0x80) returned 1 [0290.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0290.103] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\turabian.xsl"), fInfoLevelId=0x0, lpFileInformation=0x259df50 | out: lpFileInformation=0x259df50*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x80ed2ca5, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ed2ca5, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5b500917, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x54256)) returned 1 [0290.103] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0290.103] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL", lpFilePart=0x0) returned 0x4f [0290.103] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0290.104] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\turabian.xsl"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0290.104] GetFileType (hFile=0x1f4) returned 0x1 [0290.104] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0290.104] GetFileType (hFile=0x1f4) returned 0x1 [0290.104] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x54256 [0290.105] ReadFile (in: hFile=0x1f4, lpBuffer=0x127e1c08, nNumberOfBytesToRead=0x54256, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x127e1c08*, lpNumberOfBytesRead=0x14ec88*=0x54256, lpOverlapped=0x0) returned 1 [0290.119] CloseHandle (hObject=0x1f4) returned 1 [0290.533] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL", lpFilePart=0x0) returned 0x4f [0290.533] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0290.533] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\turabian.xsl"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0290.537] GetFileType (hFile=0x1f4) returned 0x1 [0290.537] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0290.537] GetFileType (hFile=0x1f4) returned 0x1 [0290.538] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.539] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.539] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.540] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.540] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.540] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.541] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.541] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.542] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.542] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.542] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.543] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.543] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.543] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.544] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.544] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.545] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.545] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.545] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.546] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.546] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.546] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.547] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.547] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.548] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.548] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.549] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.550] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.550] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.550] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.551] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.551] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.552] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.552] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.553] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.553] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.553] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.554] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.554] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.554] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.555] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.555] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.556] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.556] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.556] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.557] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.557] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.558] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.558] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.559] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.560] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.560] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.561] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.561] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.562] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.562] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.562] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.563] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.563] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.565] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.566] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.567] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.567] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.568] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.568] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.569] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.570] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.570] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.570] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.571] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.571] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.571] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.572] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.572] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.572] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.573] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.573] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.573] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.574] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.574] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.574] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.575] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.575] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.576] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.576] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.576] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.577] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.577] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.577] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.577] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.578] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.578] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.579] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.579] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.579] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.580] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.580] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.580] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.581] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.581] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.581] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.582] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.582] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.582] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.582] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.583] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.583] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.583] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.583] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.584] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.584] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebe8, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14ebe8*=0x1000, lpOverlapped=0x0) returned 1 [0290.584] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14eb68, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14eb68*=0x1000, lpOverlapped=0x0) returned 1 [0290.585] WriteFile (in: hFile=0x1f4, lpBuffer=0x2524c38*, nNumberOfBytesToWrite=0x3f4, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x2524c38*, lpNumberOfBytesWritten=0x14eb48*=0x3f4, lpOverlapped=0x0) returned 1 [0290.585] CloseHandle (hObject=0x1f4) returned 1 [0290.585] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL", lpFilePart=0x0) returned 0x4f [0290.585] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL.ampkcz", lpFilePart=0x0) returned 0x56 [0290.585] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0290.585] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\turabian.xsl"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ed2ca5, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ed2ca5, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9b9a6016, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x703f4)) returned 1 [0290.585] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0290.586] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\turabian.xsl"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\TURABIAN.XSL.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\bibliography\\style\\turabian.xsl.ampkcz")) returned 1 [0290.586] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0290.586] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style", lpFilePart=0x0) returned 0x42 [0290.587] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\", lpFilePart=0x0) returned 0x43 [0290.587] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9b9a87ce, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9b9a87ce, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0290.587] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80e9aa3d, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9b9a87ce, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9b9a87ce, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0290.587] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80e9e60e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80e9e60e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x97d26a4e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6ca60, dwReserved0=0x0, dwReserved1=0x0, cFileName="APASixthEditionOfficeOnline.xsl.ampkcz", cAlternateFileName="APASIX~1.AMP")) returned 1 [0290.587] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ea6d97, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ea6d97, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983e1dfd, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x60bc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="CHICAGO.XSL.ampkcz", cAlternateFileName="CHICAG~1.AMP")) returned 1 [0290.588] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eabbab, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eabbab, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x987ffc01, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x57820, dwReserved0=0x0, dwReserved1=0x0, cFileName="GB.XSL.ampkcz", cAlternateFileName="GBXSL~1.AMP")) returned 1 [0290.588] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eaf650, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eaf650, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98cd123f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x53808, dwReserved0=0x0, dwReserved1=0x0, cFileName="GostName.XSL.ampkcz", cAlternateFileName="GOSTNA~1.AMP")) returned 1 [0290.588] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eb319b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eb319b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9923b6a1, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x51e74, dwReserved0=0x0, dwReserved1=0x0, cFileName="GostTitle.XSL.ampkcz", cAlternateFileName="GOSTTI~1.AMP")) returned 1 [0290.588] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80eb804f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80eb804f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x99711cc8, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x5cc34, dwReserved0=0x0, dwReserved1=0x0, cFileName="HarvardAnglia2008OfficeOnline.xsl.ampkcz", cAlternateFileName="HARVAR~1.AMP")) returned 1 [0290.588] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ebb9a1, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ebb9a1, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x99c35034, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x5fec8, dwReserved0=0x0, dwReserved1=0x0, cFileName="IEEE2006OfficeOnline.xsl.ampkcz", cAlternateFileName="IEEE20~1.AMP")) returned 1 [0290.589] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ec07b6, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ec07b6, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9a33e465, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x58274, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISO690.XSL.ampkcz", cAlternateFileName="ISO690~1.AMP")) returned 1 [0290.589] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ec4265, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ec4265, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9a887ccc, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x46e08, dwReserved0=0x0, dwReserved1=0x0, cFileName="ISO690Nmerical.XSL.ampkcz", cAlternateFileName="ISO690~2.AMP")) returned 1 [0290.590] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ecb8b4, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ecb8b4, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9ae1a41b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x53220, dwReserved0=0x0, dwReserved1=0x0, cFileName="MLASeventhEditionOfficeOnline.xsl.ampkcz", cAlternateFileName="MLASEV~1.AMP")) returned 1 [0290.590] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97d2df66, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x97d2df66, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x97d36812, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0290.590] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ed06d2, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ed06d2, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9b501f7f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x51de0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SIST02.XSL.ampkcz", cAlternateFileName="SIST02~1.AMP")) returned 1 [0290.591] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ed2ca5, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ed2ca5, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9b9a6016, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x703f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="TURABIAN.XSL.ampkcz", cAlternateFileName="TURABI~1.AMP")) returned 1 [0290.591] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80ed2ca5, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80ed2ca5, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9b9a6016, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x703f4, dwReserved0=0x0, dwReserved1=0x0, cFileName="TURABIAN.XSL.ampkcz", cAlternateFileName="TURABI~1.AMP")) returned 0 [0290.629] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0290.629] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0290.630] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0290.630] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0290.630] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x3b [0290.630] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3c [0290.630] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687cd0 [0290.631] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0290.632] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0290.632] FindClose (in: hFindFile=0x687cd0 | out: hFindFile=0x687cd0) returned 1 [0290.632] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0290.632] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0290.632] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0290.632] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials", lpFilePart=0x0) returned 0x3b [0290.632] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\", lpFilePart=0x0) returned 0x3c [0290.632] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Credentials\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0290.633] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0290.633] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x44687ae6, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44687ae6, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x44687ae6, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0290.633] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0290.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0290.633] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0290.633] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0290.633] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks", lpFilePart=0x0) returned 0x48 [0290.633] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpFilePart=0x0) returned 0x49 [0290.633] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687cd0 [0290.638] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0290.638] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0290.638] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 0 [0290.639] FindClose (in: hFindFile=0x687cd0 | out: hFindFile=0x687cd0) returned 1 [0290.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0290.639] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0290.639] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0290.639] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks", lpFilePart=0x0) returned 0x48 [0290.641] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\", lpFilePart=0x0) returned 0x49 [0290.642] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0290.642] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x816a7a21, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x816a7a21, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0290.642] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0290.642] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0290.642] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0290.642] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0290.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0290.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0290.643] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033", lpFilePart=0x0) returned 0x4d [0290.643] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpFilePart=0x0) returned 0x4e [0290.643] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0290.643] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0290.643] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="16", cAlternateFileName="")) returned 1 [0290.644] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="16", cAlternateFileName="")) returned 0 [0290.644] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0290.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0290.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0290.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0290.644] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033", lpFilePart=0x0) returned 0x4d [0290.644] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\", lpFilePart=0x0) returned 0x4e [0290.644] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0290.644] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0290.645] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x81712f94, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="16", cAlternateFileName="")) returned 1 [0290.645] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0290.645] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0290.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0290.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0290.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0290.645] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16", nBufferLength=0x105, lpBuffer=0x14e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16", lpFilePart=0x0) returned 0x50 [0290.645] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\", lpFilePart=0x0) returned 0x51 [0290.645] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\*", lpFindFileData=0x14e960 | out: lpFindFileData=0x14e960*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x817190ef, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0290.646] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x81712f94, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x817190ef, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0290.646] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x817190ef, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x817190ef, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5ca4c63b, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x388cc7, dwReserved0=0x0, dwReserved1=0x0, cFileName="Built-In Building Blocks.dotx", cAlternateFileName="BUILT-~1.DOT")) returned 1 [0290.646] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0290.646] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0290.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0290.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebd0) returned 1 [0290.649] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx", nBufferLength=0x105, lpBuffer=0x14e860, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx", lpFilePart=0x0) returned 0x6e [0290.649] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx", nBufferLength=0x105, lpBuffer=0x14e6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx", lpFilePart=0x0) returned 0x6e [0290.649] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx", dwFileAttributes=0x80) returned 1 [0290.650] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ece0) returned 1 [0290.650] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\built-in building blocks.dotx"), fInfoLevelId=0x0, lpFileInformation=0x2530830 | out: lpFileInformation=0x2530830*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x817190ef, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x817190ef, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5ca4c63b, ftLastWriteTime.dwHighDateTime=0x1d705ed, nFileSizeHigh=0x0, nFileSizeLow=0x388cc7)) returned 1 [0290.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eca0) returned 1 [0291.211] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx", nBufferLength=0x105, lpBuffer=0x14e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx", lpFilePart=0x0) returned 0x6e [0291.211] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eae0) returned 1 [0291.211] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\built-in building blocks.dotx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0291.213] GetFileType (hFile=0x1f4) returned 0x1 [0291.213] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea50) returned 1 [0291.213] GetFileType (hFile=0x1f4) returned 0x1 [0291.213] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.215] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.216] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.216] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.217] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.217] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.218] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.218] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.219] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.219] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.220] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.221] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.221] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.222] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.222] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.222] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.223] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.224] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.224] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.225] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.225] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.226] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.226] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.227] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.227] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.228] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.229] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.229] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.229] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.230] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.230] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.231] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.232] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.232] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.233] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.233] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.234] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.234] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.235] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.235] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.236] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.236] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.237] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.237] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.238] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.238] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.239] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.239] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.240] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.240] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.241] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.242] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.242] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.243] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.243] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.244] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.244] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.245] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.245] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.246] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.246] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.249] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.249] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.250] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.250] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.252] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.252] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.253] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.253] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.254] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.254] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.255] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.255] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.255] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.256] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.256] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.257] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.257] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.257] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.258] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.258] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.259] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.259] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.259] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.260] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.260] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.261] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.261] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.262] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.262] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.262] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.263] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.263] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.264] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.264] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.264] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.265] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.265] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.265] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.266] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.266] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.266] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.267] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.267] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.268] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.268] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.268] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.269] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.269] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.270] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.270] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.270] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.271] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.271] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.272] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.272] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.273] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.273] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.273] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.274] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.274] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.275] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.275] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.275] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.276] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.276] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.276] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.277] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.277] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.279] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.279] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.279] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.280] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.280] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.280] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.281] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.281] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.282] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.282] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.282] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.283] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.283] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.284] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.285] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.285] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.286] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.286] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.287] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.287] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.287] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.288] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.288] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.288] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.289] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.289] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.290] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.290] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.291] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.291] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.291] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.292] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.292] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.293] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.293] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.294] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.294] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.295] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.295] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.296] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.296] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.296] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.297] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.297] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.298] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.298] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.298] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.299] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.299] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.300] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.300] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.300] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.301] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.301] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.302] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.302] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.303] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.303] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.304] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.304] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.304] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.305] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.305] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.306] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.307] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.307] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.308] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.308] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.309] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.309] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.309] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.310] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.310] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.310] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.311] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.313] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.313] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.314] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.314] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.314] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.315] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.315] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.316] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.316] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.316] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.317] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.317] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.318] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.318] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.318] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.319] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.320] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.320] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.323] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.323] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.324] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.324] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.325] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.325] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.325] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.326] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.326] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.327] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.327] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.327] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.328] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.328] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.329] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.329] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.330] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.330] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.330] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.331] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.332] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.332] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.332] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.333] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.333] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.334] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.334] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532538*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ebc8, lpOverlapped=0x0 | out: lpBuffer=0x2532538*, lpNumberOfBytesWritten=0x14ebc8*=0x1000, lpOverlapped=0x0) returned 1 [0291.386] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eca0) returned 1 [0291.387] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec60) returned 1 [0291.388] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\built-in building blocks.dotx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\built-in building blocks.dotx.ampkcz")) returned 1 [0291.389] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eae0) returned 1 [0291.391] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea50) returned 1 [0291.393] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0291.393] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x81712f94, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9c1503c6, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9c15514b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0291.394] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x817190ef, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x817190ef, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9c147a96, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x22133d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Built-In Building Blocks.dotx.ampkcz", cAlternateFileName="BUILT-~1.AMP")) returned 1 [0291.394] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c153dea, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x9c153dea, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9c159f9f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0291.395] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c153dea, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x9c153dea, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9c159f9f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0291.395] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0291.395] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0291.395] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebd0) returned 1 [0291.395] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0291.396] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f1c4e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0291.397] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x934f7bb4, ftCreationTime.dwHighDateTime=0x1d7b063, ftLastAccessTime.dwLowDateTime=0x934f7bb4, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 1 [0291.397] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x934f7bb4, ftCreationTime.dwHighDateTime=0x1d7b063, ftLastAccessTime.dwLowDateTime=0x934f7bb4, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 0 [0291.398] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0291.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0291.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0291.398] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0291.398] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa92f1c4e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x31c6a486, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0291.399] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x934f7bb4, ftCreationTime.dwHighDateTime=0x1d7b063, ftLastAccessTime.dwLowDateTime=0x934f7bb4, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSTART", cAlternateFileName="")) returned 1 [0291.399] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0291.402] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0291.402] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0291.402] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0291.403] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0291.405] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x934f7bb4, ftCreationTime.dwHighDateTime=0x1d7b063, ftLastAccessTime.dwLowDateTime=0x934f7bb4, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0291.405] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x934f7bb4, ftCreationTime.dwHighDateTime=0x1d7b063, ftLastAccessTime.dwLowDateTime=0x934f7bb4, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0291.406] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0291.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0291.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0291.406] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0291.406] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x934f7bb4, ftCreationTime.dwHighDateTime=0x1d7b063, ftLastAccessTime.dwLowDateTime=0x934f7bb4, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0291.407] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x934f7bb4, ftCreationTime.dwHighDateTime=0x1d7b063, ftLastAccessTime.dwLowDateTime=0x934f7bb4, ftLastAccessTime.dwHighDateTime=0x1d7b063, ftLastWriteTime.dwLowDateTime=0x934f7bb4, ftLastWriteTime.dwHighDateTime=0x1d7b063, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0291.407] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0291.407] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0291.408] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0291.408] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0291.408] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0291.409] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x6654de95, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6654de95, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0291.409] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserData", cAlternateFileName="")) returned 1 [0291.409] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserData", cAlternateFileName="")) returned 0 [0291.410] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0291.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0291.410] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0291.410] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0291.410] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3ced6473, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0291.411] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x6654de95, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6654de95, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Quick Launch", cAlternateFileName="QUICKL~1")) returned 1 [0291.411] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UserData", cAlternateFileName="")) returned 1 [0291.413] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0291.413] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0291.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0291.413] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0291.413] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0291.414] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x6654de95, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6654de95, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0291.414] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x3d053a9f, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d053a9f, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x9ee78381, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x94, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0291.415] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6654de95, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6654de95, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6657eabb, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x51b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Outlook.lnk", cAlternateFileName="MICROS~1.LNK")) returned 1 [0291.415] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d053a9f, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d053a9f, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x251fff9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0291.415] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3fec53d2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xad13dd79, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad13dd79, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0291.416] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d02d92b, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d02d92b, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x252261fd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0291.416] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0291.416] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0291.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0291.416] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0291.420] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini", lpFilePart=0x0) returned 0x5a [0291.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0291.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0291.421] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0291.421] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0291.944] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini", lpFilePart=0x0) returned 0x5a [0291.944] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0291.944] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0291.945] GetFileType (hFile=0x1f4) returned 0x1 [0291.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0291.946] GetFileType (hFile=0x1f4) returned 0x1 [0291.946] WriteFile (in: hFile=0x1f4, lpBuffer=0x25bb658*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x25bb658*, lpNumberOfBytesWritten=0x14eb48*=0x1a0, lpOverlapped=0x0) returned 1 [0291.948] CloseHandle (hObject=0x1f4) returned 1 [0291.948] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini", lpFilePart=0x0) returned 0x5a [0291.948] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.ampkcz", lpFilePart=0x0) returned 0x61 [0291.948] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0291.948] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d053a9f, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d053a9f, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x9c6a548a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a0)) returned 1 [0291.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0291.949] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\desktop.ini.ampkcz")) returned 1 [0291.950] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\readme.txt", lpFilePart=0x0) returned 0x59 [0291.950] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb50) returned 1 [0291.950] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0291.952] GetFileType (hFile=0x1f4) returned 0x1 [0291.952] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eac0) returned 1 [0291.952] GetFileType (hFile=0x1f4) returned 0x1 [0291.954] WriteFile (in: hFile=0x1f4, lpBuffer=0x25bea10*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ebf8, lpOverlapped=0x0 | out: lpBuffer=0x25bea10*, lpNumberOfBytesWritten=0x14ebf8*=0x6c6, lpOverlapped=0x0) returned 1 [0291.959] CloseHandle (hObject=0x1f4) returned 1 [0291.967] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0291.967] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch", lpFilePart=0x0) returned 0x4e [0291.967] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\", lpFilePart=0x0) returned 0x4f [0291.967] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x9c6a8f2a, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9c6ab5f5, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687cd0 [0291.968] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x3cefc6a2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x9c6a8f2a, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9c6ab5f5, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0291.968] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d053a9f, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d053a9f, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x9c6a548a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x1a0, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0291.969] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6654de95, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6654de95, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6657eabb, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x51b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Outlook.lnk", cAlternateFileName="MICROS~1.LNK")) returned 1 [0291.969] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c6ab5f5, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x9c6ab5f5, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9c6c023a, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0291.969] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d053a9f, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d053a9f, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x251fff9e, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shows Desktop.lnk", cAlternateFileName="SHOWSD~1.LNK")) returned 1 [0291.969] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3fec53d2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xad13dd79, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad13dd79, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User Pinned", cAlternateFileName="USERPI~1")) returned 1 [0291.970] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d02d92b, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d02d92b, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x252261fd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 1 [0291.970] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3d02d92b, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x3d02d92b, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x252261fd, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x14e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Window Switcher.lnk", cAlternateFileName="WINDOW~1.LNK")) returned 0 [0291.970] FindClose (in: hFindFile=0x687cd0 | out: hFindFile=0x687cd0) returned 1 [0291.970] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0291.970] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0291.970] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0291.970] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x14e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x5a [0291.971] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x5b [0291.971] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*", lpFindFileData=0x14e960 | out: lpFindFileData=0x14e960*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3fec53d2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xad13dd79, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad13dd79, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0291.971] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3fec53d2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xad13dd79, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad13dd79, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0291.971] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43708645, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0291.972] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xad13dd79, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad18a23e, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0291.972] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xad13dd79, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad18a23e, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 0 [0291.972] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0291.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0291.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebd0) returned 1 [0291.972] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0291.973] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", nBufferLength=0x105, lpBuffer=0x14e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned", lpFilePart=0x0) returned 0x5a [0291.973] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\", lpFilePart=0x0) returned 0x5b [0291.973] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\*", lpFindFileData=0x14e960 | out: lpFindFileData=0x14e960*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3fec53d2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xad13dd79, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad13dd79, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0291.973] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0x3fec53d2, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xad13dd79, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad13dd79, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0291.973] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43708645, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ImplicitAppShortcuts", cAlternateFileName="IMPLIC~1")) returned 1 [0291.973] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xad13dd79, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad18a23e, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TaskBar", cAlternateFileName="")) returned 1 [0291.974] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0291.974] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0291.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0291.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebd0) returned 1 [0291.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0291.974] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x14e740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6f [0291.974] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x70 [0291.974] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*", lpFindFileData=0x14e8f0 | out: lpFindFileData=0x14e8f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43708645, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0291.975] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43708645, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0291.975] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43708645, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0291.975] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0291.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0291.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb60) returned 1 [0291.976] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0291.976] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", nBufferLength=0x105, lpBuffer=0x14e740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts", lpFilePart=0x0) returned 0x6f [0291.976] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\", lpFilePart=0x0) returned 0x70 [0291.976] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\*", lpFindFileData=0x14e8f0 | out: lpFindFileData=0x14e8f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43708645, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0291.977] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43708645, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0291.977] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x43708645, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x43708645, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x43708645, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0291.977] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0291.977] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0291.977] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb60) returned 1 [0291.977] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0291.977] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", nBufferLength=0x105, lpBuffer=0x14e740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", lpFilePart=0x0) returned 0x62 [0291.977] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpFilePart=0x0) returned 0x63 [0291.978] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*", lpFindFileData=0x14e8f0 | out: lpFindFileData=0x14e8f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xad13dd79, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad18a23e, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0291.978] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xad13dd79, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad18a23e, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0291.979] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0xad164063, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad18a23e, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x53, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0291.979] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad164063, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0x252988fc, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="File Explorer.lnk", cAlternateFileName="FILEEX~1.LNK")) returned 1 [0291.979] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0291.979] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0291.979] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0291.979] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb60) returned 1 [0291.980] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e7f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini", lpFilePart=0x0) returned 0x6e [0291.980] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e650, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini", lpFilePart=0x0) returned 0x6e [0291.980] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini", dwFileAttributes=0x80) returned 1 [0291.981] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec70) returned 1 [0291.981] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x25d0f20 | out: lpFileInformation=0x25d0f20*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xad164063, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0xad18a23e, ftLastWriteTime.dwHighDateTime=0x1d7006b, nFileSizeHigh=0x0, nFileSizeLow=0x53)) returned 1 [0291.981] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec30) returned 1 [0291.981] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini", lpFilePart=0x0) returned 0x6e [0291.982] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eae0) returned 1 [0291.982] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0291.982] GetFileType (hFile=0x1f4) returned 0x1 [0291.982] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea50) returned 1 [0291.982] GetFileType (hFile=0x1f4) returned 0x1 [0291.982] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ec78 | out: lpFileSizeHigh=0x14ec78*=0x0) returned 0x53 [0291.982] ReadFile (in: hFile=0x1f4, lpBuffer=0x25d1568, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14eba8, lpOverlapped=0x0 | out: lpBuffer=0x25d1568*, lpNumberOfBytesRead=0x14eba8*=0x53, lpOverlapped=0x0) returned 1 [0291.983] CloseHandle (hObject=0x1f4) returned 1 [0292.482] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e540, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini", lpFilePart=0x0) returned 0x6e [0292.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ea20) returned 1 [0292.482] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0292.488] GetFileType (hFile=0x1f4) returned 0x1 [0292.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14e990) returned 1 [0292.488] GetFileType (hFile=0x1f4) returned 0x1 [0292.488] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a1fa0*, nNumberOfBytesToWrite=0x148, lpNumberOfBytesWritten=0x14ea68, lpOverlapped=0x0 | out: lpBuffer=0x25a1fa0*, lpNumberOfBytesWritten=0x14ea68*=0x148, lpOverlapped=0x0) returned 1 [0292.490] CloseHandle (hObject=0x1f4) returned 1 [0292.492] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini", lpFilePart=0x0) returned 0x6e [0292.492] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.ampkcz", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.ampkcz", lpFilePart=0x0) returned 0x75 [0292.492] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0292.492] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), fInfoLevelId=0x0, lpFileInformation=0x14ecc0 | out: lpFileInformation=0x14ecc0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad164063, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0x9cbd1fb7, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x148)) returned 1 [0292.492] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0292.492] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\desktop.ini.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\desktop.ini.ampkcz")) returned 1 [0292.499] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e590, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\readme.txt", lpFilePart=0x0) returned 0x6d [0292.499] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ea70) returned 1 [0292.499] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0292.504] GetFileType (hFile=0x1f4) returned 0x1 [0292.504] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14e9e0) returned 1 [0292.504] GetFileType (hFile=0x1f4) returned 0x1 [0292.505] WriteFile (in: hFile=0x1f4, lpBuffer=0x25a5420*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14eb18, lpOverlapped=0x0 | out: lpBuffer=0x25a5420*, lpNumberOfBytesWritten=0x14eb18*=0x6c6, lpOverlapped=0x0) returned 1 [0292.507] CloseHandle (hObject=0x1f4) returned 1 [0292.518] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0292.518] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", nBufferLength=0x105, lpBuffer=0x14e740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar", lpFilePart=0x0) returned 0x62 [0292.518] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\", lpFilePart=0x0) returned 0x63 [0292.518] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\*", lpFindFileData=0x14e8f0 | out: lpFindFileData=0x14e8f0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xad13dd79, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0x9cbd80e4, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9cbe927c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0292.519] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xad13dd79, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0x9cbd80e4, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9cbe927c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0292.519] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad164063, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0x9cbd1fb7, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x148, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini.ampkcz", cAlternateFileName="DESKTO~1.AMP")) returned 1 [0292.519] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xad164063, ftCreationTime.dwHighDateTime=0x1d7006b, ftLastAccessTime.dwLowDateTime=0xad164063, ftLastAccessTime.dwHighDateTime=0x1d7006b, ftLastWriteTime.dwLowDateTime=0x252988fc, ftLastWriteTime.dwHighDateTime=0x1d112e3, nFileSizeHigh=0x0, nFileSizeLow=0x197, dwReserved0=0x0, dwReserved1=0x0, cFileName="File Explorer.lnk", cAlternateFileName="FILEEX~1.LNK")) returned 1 [0292.519] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9cbe927c, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x9cbe927c, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9cbfb88c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0292.520] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9cbe927c, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x9cbe927c, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9cbfb88c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0292.520] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0292.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0292.528] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb60) returned 1 [0292.528] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0292.528] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData", lpFilePart=0x0) returned 0x4a [0292.528] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpFilePart=0x0) returned 0x4b [0292.529] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0292.529] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0292.530] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0292.530] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 0 [0292.530] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0292.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0292.530] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0292.530] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0292.530] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData", lpFilePart=0x0) returned 0x4a [0292.530] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\", lpFilePart=0x0) returned 0x4b [0292.531] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0292.531] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0292.531] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Low", cAlternateFileName="")) returned 1 [0292.532] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0292.532] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0292.532] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0292.532] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0292.532] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0292.532] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low", nBufferLength=0x105, lpBuffer=0x14e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low", lpFilePart=0x0) returned 0x4e [0292.532] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpFilePart=0x0) returned 0x4f [0292.532] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*", lpFindFileData=0x14e960 | out: lpFindFileData=0x14e960*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0292.533] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0292.533] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0292.534] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0292.534] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0292.534] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebd0) returned 1 [0292.534] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0292.534] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low", nBufferLength=0x105, lpBuffer=0x14e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low", lpFilePart=0x0) returned 0x4e [0292.534] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\", lpFilePart=0x0) returned 0x4f [0292.534] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\*", lpFindFileData=0x14e960 | out: lpFindFileData=0x14e960*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0292.534] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0292.535] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x42ce6642, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x42ce6642, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x42ce6642, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0292.535] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0292.535] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0292.535] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebd0) returned 1 [0292.535] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0292.535] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC", lpFilePart=0x0) returned 0x33 [0292.535] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC\\", lpFilePart=0x0) returned 0x34 [0292.536] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0292.537] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0292.537] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0292.538] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0292.538] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0292.538] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0292.538] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0292.538] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC", lpFilePart=0x0) returned 0x33 [0292.538] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC\\", lpFilePart=0x0) returned 0x34 [0292.538] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\MMC\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0292.539] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0292.539] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3704a98f, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x3704a98f, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x3704a98f, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0292.539] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0292.539] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0292.540] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0292.540] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0292.540] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network", lpFilePart=0x0) returned 0x37 [0292.540] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\", lpFilePart=0x0) returned 0x38 [0292.540] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0292.541] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0292.542] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0292.542] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 0 [0292.542] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0292.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0292.542] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0292.542] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0292.542] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network", lpFilePart=0x0) returned 0x37 [0292.543] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\", lpFilePart=0x0) returned 0x38 [0292.543] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0292.543] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0292.544] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Connections", cAlternateFileName="CONNEC~1")) returned 1 [0292.544] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0292.544] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0292.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0292.544] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0292.544] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0292.544] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections", lpFilePart=0x0) returned 0x43 [0292.544] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpFilePart=0x0) returned 0x44 [0292.544] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0292.545] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0292.545] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pbk", cAlternateFileName="")) returned 1 [0292.545] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pbk", cAlternateFileName="")) returned 0 [0292.546] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0292.546] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0292.546] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0292.546] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0292.546] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections", lpFilePart=0x0) returned 0x43 [0292.546] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\", lpFilePart=0x0) returned 0x44 [0292.546] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0292.547] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0292.547] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pbk", cAlternateFileName="")) returned 1 [0292.547] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0292.547] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0292.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0292.548] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0292.548] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0292.548] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk", nBufferLength=0x105, lpBuffer=0x14e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk", lpFilePart=0x0) returned 0x47 [0292.548] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpFilePart=0x0) returned 0x48 [0292.548] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*", lpFindFileData=0x14e960 | out: lpFindFileData=0x14e960*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0292.549] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0292.549] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 1 [0292.550] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 0 [0292.550] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0292.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0292.550] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebd0) returned 1 [0292.550] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0292.550] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk", nBufferLength=0x105, lpBuffer=0x14e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk", lpFilePart=0x0) returned 0x47 [0292.551] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\", lpFilePart=0x0) returned 0x48 [0292.551] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\*", lpFindFileData=0x14e960 | out: lpFindFileData=0x14e960*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0292.551] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0292.552] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_hiddenPbk", cAlternateFileName="_HIDDE~1")) returned 1 [0292.552] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0292.552] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0292.552] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0292.552] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebd0) returned 1 [0292.552] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0292.552] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk", nBufferLength=0x105, lpBuffer=0x14e740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk", lpFilePart=0x0) returned 0x52 [0292.552] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpFilePart=0x0) returned 0x53 [0292.552] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*", lpFindFileData=0x14e8f0 | out: lpFindFileData=0x14e8f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0292.553] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0292.554] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rasphone.pbk", cAlternateFileName="")) returned 1 [0292.554] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0292.554] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0292.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0292.554] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb60) returned 1 [0292.555] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0292.555] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk", nBufferLength=0x105, lpBuffer=0x14e740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk", lpFilePart=0x0) returned 0x52 [0292.555] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\", lpFilePart=0x0) returned 0x53 [0292.555] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\*", lpFindFileData=0x14e8f0 | out: lpFindFileData=0x14e8f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0292.555] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0292.556] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rasphone.pbk", cAlternateFileName="")) returned 1 [0292.556] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6f3fb46a, ftCreationTime.dwHighDateTime=0x1d7006c, ftLastAccessTime.dwLowDateTime=0x6f3fb46a, ftLastAccessTime.dwHighDateTime=0x1d7006c, ftLastWriteTime.dwLowDateTime=0x6f3fb46a, ftLastWriteTime.dwHighDateTime=0x1d7006c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rasphone.pbk", cAlternateFileName="")) returned 0 [0292.556] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0292.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0292.556] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb60) returned 1 [0292.556] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0292.556] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office", lpFilePart=0x0) returned 0x36 [0292.556] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\", lpFilePart=0x0) returned 0x37 [0292.557] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0292.557] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0292.558] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80f81d62, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80f81d62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80f83167, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x9362, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSO1033.acl", cAlternateFileName="")) returned 1 [0292.558] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4689310, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0292.558] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4689310, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 0 [0292.558] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0292.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0292.558] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0292.559] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0292.559] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office", lpFilePart=0x0) returned 0x36 [0292.559] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\", lpFilePart=0x0) returned 0x37 [0292.559] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0292.560] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80f7a98f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa45e20df, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa45e20df, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0292.560] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80f81d62, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x80f81d62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80f83167, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x9362, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSO1033.acl", cAlternateFileName="")) returned 1 [0292.560] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4689310, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0292.560] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0292.561] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0292.561] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0292.561] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0292.561] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0292.561] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent", lpFilePart=0x0) returned 0x3d [0292.561] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpFilePart=0x0) returned 0x3e [0292.561] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0292.562] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0292.562] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x2, ftCreationTime.dwLowDateTime=0xa481d59b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa481d59b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1c, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat", cAlternateFileName="")) returned 1 [0292.563] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4689310, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x4ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 1 [0292.563] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0292.563] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0292.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0292.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0292.564] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat", lpFilePart=0x0) returned 0x47 [0292.564] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat", lpFilePart=0x0) returned 0x47 [0292.564] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat", dwFileAttributes=0x80) returned 1 [0292.565] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0292.565] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0x25c0040 | out: lpFileInformation=0x25c0040*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0xa481d59b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa481d59b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x1c)) returned 1 [0292.565] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0292.565] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat", lpFilePart=0x0) returned 0x47 [0292.565] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0292.565] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0292.565] GetFileType (hFile=0x1f4) returned 0x1 [0292.565] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0292.565] GetFileType (hFile=0x1f4) returned 0x1 [0292.565] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x1c [0292.566] ReadFile (in: hFile=0x1f4, lpBuffer=0x25c0560, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x25c0560*, lpNumberOfBytesRead=0x14ec88*=0x1c, lpOverlapped=0x0) returned 1 [0292.567] CloseHandle (hObject=0x1f4) returned 1 [0292.982] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat", lpFilePart=0x0) returned 0x47 [0292.982] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0292.982] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0292.983] GetFileType (hFile=0x1f4) returned 0x1 [0292.983] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0292.984] GetFileType (hFile=0x1f4) returned 0x1 [0292.984] WriteFile (in: hFile=0x1f4, lpBuffer=0x263add0*, nNumberOfBytesToWrite=0xf4, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x263add0*, lpNumberOfBytesWritten=0x14eb48*=0xf4, lpOverlapped=0x0) returned 1 [0292.985] CloseHandle (hObject=0x1f4) returned 1 [0292.985] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat", lpFilePart=0x0) returned 0x47 [0292.985] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.ampkcz", lpFilePart=0x0) returned 0x4e [0292.985] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0292.986] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa481d59b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa481d59b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9d08af1c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xf4)) returned 1 [0292.986] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0292.986] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\office\\recent\\index.dat"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\office\\recent\\index.dat.ampkcz")) returned 1 [0292.987] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\readme.txt", lpFilePart=0x0) returned 0x48 [0292.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb50) returned 1 [0292.987] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\office\\recent\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0293.044] GetFileType (hFile=0x1f4) returned 0x1 [0293.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eac0) returned 1 [0293.044] GetFileType (hFile=0x1f4) returned 0x1 [0293.045] WriteFile (in: hFile=0x1f4, lpBuffer=0x263e0d0*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ebf8, lpOverlapped=0x0 | out: lpBuffer=0x263e0d0*, lpNumberOfBytesWritten=0x14ebf8*=0x6c6, lpOverlapped=0x0) returned 1 [0293.046] CloseHandle (hObject=0x1f4) returned 1 [0293.046] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0293.047] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent", lpFilePart=0x0) returned 0x3d [0293.047] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\", lpFilePart=0x0) returned 0x3e [0293.047] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Office\\Recent\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9d08d513, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9d11845e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0293.047] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa45e20df, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9d08d513, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9d11845e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0293.047] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa481d59b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa481d59b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9d08af1c, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xf4, dwReserved0=0x0, dwReserved1=0x0, cFileName="index.dat.ampkcz", cAlternateFileName="INDEXD~1.AMP")) returned 1 [0293.048] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d11845e, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x9d11845e, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9d11e64f, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0293.048] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4689310, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x4ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 1 [0293.048] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4689310, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4689310, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa481d59b, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x4ab, dwReserved0=0x0, dwReserved1=0x0, cFileName="Templates.LNK", cAlternateFileName="TEMPLA~1.LNK")) returned 0 [0293.048] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0293.048] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0293.048] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0293.048] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0293.049] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x37 [0293.049] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\", lpFilePart=0x0) returned 0x38 [0293.049] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x877953e5, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0293.050] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x661c6965, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x877953e5, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0293.050] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6abbe5b6, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6abbe5b6, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6acd6e90, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.srs", cAlternateFileName="")) returned 1 [0293.050] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x877953e5, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x877953e5, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x87797b5c, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x956, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.xml", cAlternateFileName="")) returned 1 [0293.050] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0293.051] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0293.065] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0293.065] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0293.066] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml", nBufferLength=0x105, lpBuffer=0x14e940, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml", lpFilePart=0x0) returned 0x43 [0293.066] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml", nBufferLength=0x105, lpBuffer=0x14e7a0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml", lpFilePart=0x0) returned 0x43 [0293.066] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml", dwFileAttributes=0x80) returned 1 [0293.067] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14edc0) returned 1 [0293.067] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), fInfoLevelId=0x0, lpFileInformation=0x2647400 | out: lpFileInformation=0x2647400*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x877953e5, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x877953e5, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x87797b5c, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0x956)) returned 1 [0293.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed80) returned 1 [0293.067] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml", lpFilePart=0x0) returned 0x43 [0293.067] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec30) returned 1 [0293.068] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0293.068] GetFileType (hFile=0x1f4) returned 0x1 [0293.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0293.068] GetFileType (hFile=0x1f4) returned 0x1 [0293.068] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14edc8 | out: lpFileSizeHigh=0x14edc8*=0x0) returned 0x956 [0293.069] ReadFile (in: hFile=0x1f4, lpBuffer=0x2648240, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14ecf8, lpOverlapped=0x0 | out: lpBuffer=0x2648240*, lpNumberOfBytesRead=0x14ecf8*=0x956, lpOverlapped=0x0) returned 1 [0293.070] CloseHandle (hObject=0x1f4) returned 1 [0293.450] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml", nBufferLength=0x105, lpBuffer=0x14e690, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml", lpFilePart=0x0) returned 0x43 [0293.450] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0293.450] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0293.452] GetFileType (hFile=0x1f4) returned 0x1 [0293.452] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eae0) returned 1 [0293.452] GetFileType (hFile=0x1f4) returned 0x1 [0293.453] WriteFile (in: hFile=0x1f4, lpBuffer=0x26c8988*, nNumberOfBytesToWrite=0xd48, lpNumberOfBytesWritten=0x14ebb8, lpOverlapped=0x0 | out: lpBuffer=0x26c8988*, lpNumberOfBytesWritten=0x14ebb8*=0xd48, lpOverlapped=0x0) returned 1 [0293.454] CloseHandle (hObject=0x1f4) returned 1 [0293.456] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml", lpFilePart=0x0) returned 0x43 [0293.457] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml.ampkcz", nBufferLength=0x105, lpBuffer=0x14e8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml.ampkcz", lpFilePart=0x0) returned 0x4a [0293.457] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0293.457] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), fInfoLevelId=0x0, lpFileInformation=0x14ee10 | out: lpFileInformation=0x14ee10*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x877953e5, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x877953e5, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x9d503f57, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd48)) returned 1 [0293.457] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0293.458] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\outlook\\outlook.xml"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\outlook\\outlook.xml.ampkcz")) returned 1 [0293.459] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\readme.txt", lpFilePart=0x0) returned 0x42 [0293.459] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0293.459] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\outlook\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0293.460] GetFileType (hFile=0x1f4) returned 0x1 [0293.460] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0293.460] GetFileType (hFile=0x1f4) returned 0x1 [0293.461] WriteFile (in: hFile=0x1f4, lpBuffer=0x26cbc50*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ec68, lpOverlapped=0x0 | out: lpBuffer=0x26cbc50*, lpNumberOfBytesWritten=0x14ec68*=0x6c6, lpOverlapped=0x0) returned 1 [0293.463] CloseHandle (hObject=0x1f4) returned 1 [0293.463] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0293.463] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook", lpFilePart=0x0) returned 0x37 [0293.463] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\", lpFilePart=0x0) returned 0x38 [0293.463] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Outlook\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x9d50dca2, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9d511535, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0293.464] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x661c6965, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x9d50dca2, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9d511535, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0293.464] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6abbe5b6, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x6abbe5b6, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x6acd6e90, ftLastWriteTime.dwHighDateTime=0x1d70699, nFileSizeHigh=0x0, nFileSizeLow=0xa00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.srs", cAlternateFileName="")) returned 1 [0293.465] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x877953e5, ftCreationTime.dwHighDateTime=0x1d70699, ftLastAccessTime.dwLowDateTime=0x877953e5, ftLastAccessTime.dwHighDateTime=0x1d70699, ftLastWriteTime.dwLowDateTime=0x9d503f57, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xd48, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook.xml.ampkcz", cAlternateFileName="OUTLOO~1.AMP")) returned 1 [0293.465] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d511535, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x9d511535, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9d518a35, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0293.465] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9d511535, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x9d511535, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9d518a35, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0293.466] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0293.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0293.466] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0293.466] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0293.466] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect", lpFilePart=0x0) returned 0x37 [0293.466] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\", lpFilePart=0x0) returned 0x38 [0293.467] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0293.467] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0293.468] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xa55c36e7, ftLastWriteTime.dwHighDateTime=0x1d7a941, nFileSizeHigh=0x0, nFileSizeLow=0x1c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0293.468] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x50866c1c, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xde7dde0f, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xde7dde0f, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1560258661-3990802383-1811730007-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0293.468] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xa563624b, ftLastWriteTime.dwHighDateTime=0x1d7a941, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0293.469] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0293.469] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0293.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0293.469] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0293.493] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0293.493] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect", lpFilePart=0x0) returned 0x37 [0293.494] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\", lpFilePart=0x0) returned 0x38 [0293.494] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0293.494] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x50866c1c, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x50866c1c, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0293.495] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xa55c36e7, ftLastWriteTime.dwHighDateTime=0x1d7a941, nFileSizeHigh=0x0, nFileSizeLow=0x1c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="CREDHIST", cAlternateFileName="")) returned 1 [0293.495] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x50866c1c, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0xde7dde0f, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xde7dde0f, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1560258661-3990802383-1811730007-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0293.495] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xa563624b, ftLastWriteTime.dwHighDateTime=0x1d7a941, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 1 [0293.496] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x44792966, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x44792966, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xa563624b, ftLastWriteTime.dwHighDateTime=0x1d7a941, nFileSizeHigh=0x0, nFileSizeLow=0x4c, dwReserved0=0x0, dwReserved1=0x0, cFileName="SYNCHIST", cAlternateFileName="")) returned 0 [0293.496] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0293.496] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0293.497] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0293.497] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0293.497] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000", lpFilePart=0x0) returned 0x66 [0293.497] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\", lpFilePart=0x0) returned 0x67 [0293.497] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x50866c1c, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x562658a2, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x562658a2, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0293.498] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x50866c1c, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x562658a2, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x562658a2, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0293.499] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x562658a2, ftCreationTime.dwHighDateTime=0x1d82a22, ftLastAccessTime.dwLowDateTime=0x562658a2, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x5626e193, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="26d4f968-a540-431b-ab1b-a50e9bbda5d1", cAlternateFileName="26D4F9~1")) returned 1 [0293.499] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x9a745757, ftCreationTime.dwHighDateTime=0x1d75217, ftLastAccessTime.dwLowDateTime=0x9a745757, ftLastAccessTime.dwHighDateTime=0x1d75217, ftLastWriteTime.dwLowDateTime=0xa55ebcf3, ftLastWriteTime.dwHighDateTime=0x1d7a941, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="b1182ce8-69d1-4194-8156-bc78cfec3a39", cAlternateFileName="B1182C~1")) returned 1 [0293.499] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xde7dde0f, ftCreationTime.dwHighDateTime=0x1d7b055, ftLastAccessTime.dwLowDateTime=0xde7dde0f, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xde7dde0f, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", cAlternateFileName="BE39CC~1")) returned 1 [0293.499] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5088b163, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5088b163, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xa5626547, ftLastWriteTime.dwHighDateTime=0x1d7a941, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cfeedb70-e610-451b-90c2-def194b5fe80", cAlternateFileName="CFEEDB~1")) returned 1 [0293.500] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5088b163, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5088b163, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5627f2fe, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0293.500] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0293.500] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0293.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0293.501] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0293.501] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0293.501] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000", lpFilePart=0x0) returned 0x66 [0293.501] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\", lpFilePart=0x0) returned 0x67 [0293.501] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1560258661-3990802383-1811730007-1000\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x50866c1c, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x562658a2, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x562658a2, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0293.502] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x50866c1c, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x562658a2, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x562658a2, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0293.502] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x562658a2, ftCreationTime.dwHighDateTime=0x1d82a22, ftLastAccessTime.dwLowDateTime=0x562658a2, ftLastAccessTime.dwHighDateTime=0x1d82a22, ftLastWriteTime.dwLowDateTime=0x5626e193, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="26d4f968-a540-431b-ab1b-a50e9bbda5d1", cAlternateFileName="26D4F9~1")) returned 1 [0293.503] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x9a745757, ftCreationTime.dwHighDateTime=0x1d75217, ftLastAccessTime.dwLowDateTime=0x9a745757, ftLastAccessTime.dwHighDateTime=0x1d75217, ftLastWriteTime.dwLowDateTime=0xa55ebcf3, ftLastWriteTime.dwHighDateTime=0x1d7a941, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="b1182ce8-69d1-4194-8156-bc78cfec3a39", cAlternateFileName="B1182C~1")) returned 1 [0293.503] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xde7dde0f, ftCreationTime.dwHighDateTime=0x1d7b055, ftLastAccessTime.dwLowDateTime=0xde7dde0f, ftLastAccessTime.dwHighDateTime=0x1d7b055, ftLastWriteTime.dwLowDateTime=0xde7dde0f, ftLastWriteTime.dwHighDateTime=0x1d7b055, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="be39cc84-e9bf-4c2d-a3a5-e953c9f3df24", cAlternateFileName="BE39CC~1")) returned 1 [0293.503] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5088b163, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5088b163, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0xa5626547, ftLastWriteTime.dwHighDateTime=0x1d7a941, nFileSizeHigh=0x0, nFileSizeLow=0x1d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cfeedb70-e610-451b-90c2-def194b5fe80", cAlternateFileName="CFEEDB~1")) returned 1 [0293.504] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5088b163, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5088b163, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5627f2fe, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 1 [0293.505] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x5088b163, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5088b163, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5627f2fe, ftLastWriteTime.dwHighDateTime=0x1d82a22, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferred", cAlternateFileName="PREFER~1")) returned 0 [0293.505] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0293.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0293.505] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0293.506] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0293.506] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling", lpFilePart=0x0) returned 0x38 [0293.506] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\", lpFilePart=0x0) returned 0x39 [0293.506] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0293.507] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0293.508] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0293.508] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 0 [0293.508] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0293.509] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0293.509] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0293.509] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0293.509] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling", lpFilePart=0x0) returned 0x38 [0293.509] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\", lpFilePart=0x0) returned 0x39 [0293.509] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0293.510] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x563371fc, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5635d3c1, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5635d3c1, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0293.510] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0293.510] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0293.511] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0293.511] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0293.511] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0293.511] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0293.511] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US", lpFilePart=0x0) returned 0x3e [0293.511] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\", lpFilePart=0x0) returned 0x3f [0293.511] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0293.513] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0293.513] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x567d5b26, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x0, cFileName="default.acl", cAlternateFileName="")) returned 1 [0293.513] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5648e4eb, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5648e4eb, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5648e4eb, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x0, cFileName="default.dic", cAlternateFileName="")) returned 1 [0293.513] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x566a47fe, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x566a47fe, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x566a47fe, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x0, cFileName="default.exc", cAlternateFileName="")) returned 1 [0293.513] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0293.514] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0293.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0293.514] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0293.514] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic", nBufferLength=0x105, lpBuffer=0x14e8d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic", lpFilePart=0x0) returned 0x4a [0293.514] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic", nBufferLength=0x105, lpBuffer=0x14e730, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic", lpFilePart=0x0) returned 0x4a [0293.514] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic", dwFileAttributes=0x80) returned 1 [0293.515] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed50) returned 1 [0293.515] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\spelling\\en-us\\default.dic"), fInfoLevelId=0x0, lpFileInformation=0x26db038 | out: lpFileInformation=0x26db038*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x5648e4eb, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5648e4eb, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x5648e4eb, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x2)) returned 1 [0293.515] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ed10) returned 1 [0293.515] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic", lpFilePart=0x0) returned 0x4a [0293.516] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebc0) returned 1 [0293.516] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\spelling\\en-us\\default.dic"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0293.516] GetFileType (hFile=0x1f4) returned 0x1 [0293.517] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0293.517] GetFileType (hFile=0x1f4) returned 0x1 [0293.517] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14ed58 | out: lpFileSizeHigh=0x14ed58*=0x0) returned 0x2 [0293.517] ReadFile (in: hFile=0x1f4, lpBuffer=0x26db558, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x14ec88, lpOverlapped=0x0 | out: lpBuffer=0x26db558*, lpNumberOfBytesRead=0x14ec88*=0x2, lpOverlapped=0x0) returned 1 [0293.519] CloseHandle (hObject=0x1f4) returned 1 [0294.011] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic", nBufferLength=0x105, lpBuffer=0x14e620, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic", lpFilePart=0x0) returned 0x4a [0294.011] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0294.011] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\spelling\\en-us\\default.dic"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0294.013] GetFileType (hFile=0x1f4) returned 0x1 [0294.013] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea70) returned 1 [0294.013] GetFileType (hFile=0x1f4) returned 0x1 [0294.013] WriteFile (in: hFile=0x1f4, lpBuffer=0x2555d40*, nNumberOfBytesToWrite=0xe0, lpNumberOfBytesWritten=0x14eb48, lpOverlapped=0x0 | out: lpBuffer=0x2555d40*, lpNumberOfBytesWritten=0x14eb48*=0xe0, lpOverlapped=0x0) returned 1 [0294.015] CloseHandle (hObject=0x1f4) returned 1 [0294.015] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic", lpFilePart=0x0) returned 0x4a [0294.015] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic.ampkcz", nBufferLength=0x105, lpBuffer=0x14e880, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic.ampkcz", lpFilePart=0x0) returned 0x51 [0294.015] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0294.015] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\spelling\\en-us\\default.dic"), fInfoLevelId=0x0, lpFileInformation=0x14eda0 | out: lpFileInformation=0x14eda0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5648e4eb, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5648e4eb, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x9da5b519, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xe0)) returned 1 [0294.015] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0294.015] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\spelling\\en-us\\default.dic"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\default.dic.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\spelling\\en-us\\default.dic.ampkcz")) returned 1 [0294.017] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\readme.txt", lpFilePart=0x0) returned 0x49 [0294.017] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb50) returned 1 [0294.017] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\spelling\\en-us\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0294.017] GetFileType (hFile=0x1f4) returned 0x1 [0294.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eac0) returned 1 [0294.018] GetFileType (hFile=0x1f4) returned 0x1 [0294.019] WriteFile (in: hFile=0x1f4, lpBuffer=0x2559058*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ebf8, lpOverlapped=0x0 | out: lpBuffer=0x2559058*, lpNumberOfBytesWritten=0x14ebf8*=0x6c6, lpOverlapped=0x0) returned 1 [0294.020] CloseHandle (hObject=0x1f4) returned 1 [0294.028] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0294.028] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US", lpFilePart=0x0) returned 0x3e [0294.028] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\", lpFilePart=0x0) returned 0x3f [0294.028] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Spelling\\en-US\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x9da5ef9f, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9da6167e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0294.029] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5635d3c1, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x9da5ef9f, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9da6167e, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.029] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x567d5b26, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x567d5b26, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x567d5b26, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x0, cFileName="default.acl", cAlternateFileName="")) returned 1 [0294.029] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5648e4eb, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x5648e4eb, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x9da5b519, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x0, dwReserved1=0x0, cFileName="default.dic.ampkcz", cAlternateFileName="DEFAUL~1.AMP")) returned 1 [0294.030] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x566a47fe, ftCreationTime.dwHighDateTime=0x1d70460, ftLastAccessTime.dwLowDateTime=0x566a47fe, ftLastAccessTime.dwHighDateTime=0x1d70460, ftLastWriteTime.dwLowDateTime=0x566a47fe, ftLastWriteTime.dwHighDateTime=0x1d70460, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x0, cFileName="default.exc", cAlternateFileName="")) returned 1 [0294.030] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9da6167e, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x9da6167e, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9da69ffe, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 1 [0294.030] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9da6167e, ftCreationTime.dwHighDateTime=0x1d858f2, ftLastAccessTime.dwLowDateTime=0x9da6167e, ftLastAccessTime.dwHighDateTime=0x1d858f2, ftLastWriteTime.dwLowDateTime=0x9da69ffe, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0x6c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="readme.txt", cAlternateFileName="")) returned 0 [0294.030] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0294.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0294.030] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0294.030] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0294.031] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates", lpFilePart=0x0) returned 0x42 [0294.031] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpFilePart=0x0) returned 0x43 [0294.031] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0294.031] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.032] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1 [0294.032] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 0 [0294.032] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0294.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0294.032] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0294.032] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0294.032] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates", lpFilePart=0x0) returned 0x42 [0294.032] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\", lpFilePart=0x0) returned 0x43 [0294.033] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0294.033] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.033] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My", cAlternateFileName="")) returned 1 [0294.033] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0294.034] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0294.034] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0294.034] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0294.034] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0294.034] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", lpFilePart=0x0) returned 0x45 [0294.034] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpFilePart=0x0) returned 0x46 [0294.034] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0294.035] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.035] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppContainerUserCertRead", cAlternateFileName="APPCON~1")) returned 1 [0294.035] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1 [0294.036] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRLs", cAlternateFileName="")) returned 1 [0294.036] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 1 [0294.036] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 0 [0294.036] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0294.036] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0294.036] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0294.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0294.037] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My", lpFilePart=0x0) returned 0x45 [0294.037] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\", lpFilePart=0x0) returned 0x46 [0294.037] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0294.037] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.038] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x2024, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppContainerUserCertRead", cAlternateFileName="APPCON~1")) returned 1 [0294.038] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Certificates", cAlternateFileName="CERTIF~1")) returned 1 [0294.038] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CRLs", cAlternateFileName="")) returned 1 [0294.038] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTLs", cAlternateFileName="")) returned 1 [0294.039] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0294.039] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0294.039] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0294.039] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0294.039] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0294.039] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates", nBufferLength=0x105, lpBuffer=0x14e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates", lpFilePart=0x0) returned 0x52 [0294.039] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpFilePart=0x0) returned 0x53 [0294.039] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*", lpFindFileData=0x14e960 | out: lpFindFileData=0x14e960*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0294.040] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.040] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0294.040] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0294.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0294.040] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebd0) returned 1 [0294.040] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0294.041] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates", nBufferLength=0x105, lpBuffer=0x14e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates", lpFilePart=0x0) returned 0x52 [0294.041] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\", lpFilePart=0x0) returned 0x53 [0294.041] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\*", lpFindFileData=0x14e960 | out: lpFindFileData=0x14e960*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0294.041] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.041] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0294.042] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0294.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0294.042] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebd0) returned 1 [0294.042] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0294.042] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs", nBufferLength=0x105, lpBuffer=0x14e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs", lpFilePart=0x0) returned 0x4a [0294.042] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpFilePart=0x0) returned 0x4b [0294.042] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*", lpFindFileData=0x14e960 | out: lpFindFileData=0x14e960*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0294.043] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.043] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0294.043] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0294.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0294.043] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebd0) returned 1 [0294.043] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0294.043] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs", nBufferLength=0x105, lpBuffer=0x14e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs", lpFilePart=0x0) returned 0x4a [0294.043] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\", lpFilePart=0x0) returned 0x4b [0294.044] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\*", lpFindFileData=0x14e960 | out: lpFindFileData=0x14e960*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0294.044] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.044] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0294.044] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0294.044] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0294.045] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebd0) returned 1 [0294.045] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0294.045] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs", nBufferLength=0x105, lpBuffer=0x14e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs", lpFilePart=0x0) returned 0x4a [0294.045] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpFilePart=0x0) returned 0x4b [0294.045] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*", lpFindFileData=0x14e960 | out: lpFindFileData=0x14e960*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0294.047] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.047] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0294.047] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0294.047] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0294.048] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebd0) returned 1 [0294.048] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0294.048] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs", nBufferLength=0x105, lpBuffer=0x14e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs", lpFilePart=0x0) returned 0x4a [0294.048] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\", lpFilePart=0x0) returned 0x4b [0294.048] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\*", lpFindFileData=0x14e960 | out: lpFindFileData=0x14e960*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0294.048] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.049] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x5ec61c93, ftCreationTime.dwHighDateTime=0x1d70068, ftLastAccessTime.dwLowDateTime=0x5ec61c93, ftLastAccessTime.dwHighDateTime=0x1d70068, ftLastWriteTime.dwLowDateTime=0x5ec61c93, ftLastWriteTime.dwHighDateTime=0x1d70068, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0294.049] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0294.049] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0294.049] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebd0) returned 1 [0294.049] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0294.049] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates", lpFilePart=0x0) returned 0x39 [0294.049] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\", lpFilePart=0x0) returned 0x3a [0294.049] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4984c62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4984c62, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0294.053] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4984c62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4984c62, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.053] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LiveContent", cAlternateFileName="LIVECO~1")) returned 1 [0294.054] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4614163, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4614163, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa46a67ce, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x4641, dwReserved0=0x0, dwReserved1=0x0, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 1 [0294.054] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0294.054] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0294.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0294.056] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0294.057] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eda0) returned 1 [0294.057] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates", nBufferLength=0x105, lpBuffer=0x14e890, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates", lpFilePart=0x0) returned 0x39 [0294.057] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\", nBufferLength=0x105, lpBuffer=0x14e830, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\", lpFilePart=0x0) returned 0x3a [0294.057] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\*", lpFindFileData=0x14ea40 | out: lpFindFileData=0x14ea40*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4984c62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4984c62, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687be0 [0294.059] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80b78b76, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4984c62, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa4984c62, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.059] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LiveContent", cAlternateFileName="LIVECO~1")) returned 1 [0294.059] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4614163, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4614163, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa46a67ce, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x4641, dwReserved0=0x0, dwReserved1=0x0, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 1 [0294.059] FindNextFileW (in: hFindFile=0x687be0, lpFindFileData=0x14ea90 | out: lpFindFileData=0x14ea90*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa4614163, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0xa4614163, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa46a67ce, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x4641, dwReserved0=0x0, dwReserved1=0x0, cFileName="Normal.dotm", cAlternateFileName="NORMAL~1.DOT")) returned 0 [0294.060] FindClose (in: hFindFile=0x687be0 | out: hFindFile=0x687be0) returned 1 [0294.061] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecf0) returned 1 [0294.061] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ecb0) returned 1 [0294.061] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0294.061] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent", lpFilePart=0x0) returned 0x45 [0294.061] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\", lpFilePart=0x0) returned 0x46 [0294.061] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0294.065] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.065] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="16", cAlternateFileName="")) returned 1 [0294.065] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="16", cAlternateFileName="")) returned 0 [0294.066] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0294.066] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0294.066] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0294.066] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ed30) returned 1 [0294.066] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent", nBufferLength=0x105, lpBuffer=0x14e820, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent", lpFilePart=0x0) returned 0x45 [0294.066] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\", nBufferLength=0x105, lpBuffer=0x14e7c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\", lpFilePart=0x0) returned 0x46 [0294.066] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\*", lpFindFileData=0x14e9d0 | out: lpFindFileData=0x14e9d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687cd0 [0294.067] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.067] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="16", cAlternateFileName="")) returned 1 [0294.067] FindNextFileW (in: hFindFile=0x687cd0, lpFindFileData=0x14ea20 | out: lpFindFileData=0x14ea20*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0294.067] FindClose (in: hFindFile=0x687cd0 | out: hFindFile=0x687cd0) returned 1 [0294.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec80) returned 1 [0294.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec40) returned 1 [0294.068] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0294.068] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16", nBufferLength=0x105, lpBuffer=0x14e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16", lpFilePart=0x0) returned 0x48 [0294.068] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\", lpFilePart=0x0) returned 0x49 [0294.068] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\*", lpFindFileData=0x14e960 | out: lpFindFileData=0x14e960*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96dfa773, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0294.069] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96dfa773, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.070] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Managed", cAlternateFileName="")) returned 1 [0294.070] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96dfa773, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96e30af9, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96e30af9, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User", cAlternateFileName="")) returned 1 [0294.070] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96dfa773, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96e30af9, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96e30af9, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User", cAlternateFileName="")) returned 0 [0294.070] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0294.071] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0294.071] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebd0) returned 1 [0294.071] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ecc0) returned 1 [0294.071] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16", nBufferLength=0x105, lpBuffer=0x14e7b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16", lpFilePart=0x0) returned 0x48 [0294.071] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\", nBufferLength=0x105, lpBuffer=0x14e750, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\", lpFilePart=0x0) returned 0x49 [0294.071] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\*", lpFindFileData=0x14e960 | out: lpFindFileData=0x14e960*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96dfa773, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0294.071] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96dfa773, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.072] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Managed", cAlternateFileName="")) returned 1 [0294.072] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96dfa773, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96e30af9, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96e30af9, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="User", cAlternateFileName="")) returned 1 [0294.072] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e9b0 | out: lpFindFileData=0x14e9b0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0294.072] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0294.072] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ec10) returned 1 [0294.072] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ebd0) returned 1 [0294.072] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0294.072] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed", nBufferLength=0x105, lpBuffer=0x14e740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed", lpFilePart=0x0) returned 0x50 [0294.073] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\", lpFilePart=0x0) returned 0x51 [0294.073] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\*", lpFindFileData=0x14e8f0 | out: lpFindFileData=0x14e8f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0294.098] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.099] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Themes", cAlternateFileName="DOCUME~1")) returned 1 [0294.099] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmartArt Graphics", cAlternateFileName="SMARTA~1")) returned 1 [0294.099] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x983d5bf8, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983d5bf8, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word Document Bibliography Styles", cAlternateFileName="WORDDO~2")) returned 1 [0294.100] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word Document Building Blocks", cAlternateFileName="WORDDO~1")) returned 1 [0294.100] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word Document Building Blocks", cAlternateFileName="WORDDO~1")) returned 0 [0294.100] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0294.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0294.101] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb60) returned 1 [0294.101] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ec50) returned 1 [0294.102] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed", nBufferLength=0x105, lpBuffer=0x14e740, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed", lpFilePart=0x0) returned 0x50 [0294.102] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\", nBufferLength=0x105, lpBuffer=0x14e6e0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\", lpFilePart=0x0) returned 0x51 [0294.102] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\*", lpFindFileData=0x14e8f0 | out: lpFindFileData=0x14e8f0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0294.103] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.104] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Document Themes", cAlternateFileName="DOCUME~1")) returned 1 [0294.104] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d88102, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d88102, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SmartArt Graphics", cAlternateFileName="SMARTA~1")) returned 1 [0294.104] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d88102, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x983d5bf8, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x983d5bf8, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word Document Bibliography Styles", cAlternateFileName="WORDDO~2")) returned 1 [0294.104] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Word Document Building Blocks", cAlternateFileName="WORDDO~1")) returned 1 [0294.104] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e940 | out: lpFindFileData=0x14e940*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0294.105] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0294.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eba0) returned 1 [0294.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb60) returned 1 [0294.106] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0294.106] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes", nBufferLength=0x105, lpBuffer=0x14e6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes", lpFilePart=0x0) returned 0x60 [0294.106] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\", nBufferLength=0x105, lpBuffer=0x14e670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\", lpFilePart=0x0) returned 0x61 [0294.106] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\*", lpFindFileData=0x14e880 | out: lpFindFileData=0x14e880*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0294.108] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e8d0 | out: lpFindFileData=0x14e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.109] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e8d0 | out: lpFindFileData=0x14e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c54758, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c54758, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0294.109] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e8d0 | out: lpFindFileData=0x14e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c54758, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c54758, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 0 [0294.109] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0294.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0294.109] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eaf0) returned 1 [0294.109] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ebe0) returned 1 [0294.109] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes", nBufferLength=0x105, lpBuffer=0x14e6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes", lpFilePart=0x0) returned 0x60 [0294.109] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\", nBufferLength=0x105, lpBuffer=0x14e670, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\", lpFilePart=0x0) returned 0x61 [0294.110] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\*", lpFindFileData=0x14e880 | out: lpFindFileData=0x14e880*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687c80 [0294.110] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14e8d0 | out: lpFindFileData=0x14e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x96d61fa7, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x96d61fa7, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.110] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14e8d0 | out: lpFindFileData=0x14e8d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c54758, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c54758, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0294.111] FindNextFileW (in: hFindFile=0x687c80, lpFindFileData=0x14e8d0 | out: lpFindFileData=0x14e8d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0294.111] FindClose (in: hFindFile=0x687c80 | out: hFindFile=0x687c80) returned 1 [0294.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb30) returned 1 [0294.111] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eaf0) returned 1 [0294.111] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb70) returned 1 [0294.111] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033", nBufferLength=0x105, lpBuffer=0x14e660, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033", lpFilePart=0x0) returned 0x65 [0294.111] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\", nBufferLength=0x105, lpBuffer=0x14e600, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\", lpFilePart=0x0) returned 0x66 [0294.111] FindFirstFileW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\*", lpFindFileData=0x14e810 | out: lpFindFileData=0x14e810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c54758, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c54758, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x687f00 [0294.114] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x96d61fa7, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98c54758, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x98c54758, ftLastWriteTime.dwHighDateTime=0x1d705ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0294.115] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9826b304, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9826b304, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x70d51000, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x893c1, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM03090430[[fn=Banded]].thmx", cAlternateFileName="TM0309~1.THM")) returned 1 [0294.115] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x984f5d1e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x984f5d1e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa299a700, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x192bb1, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM03090434[[fn=Wood Type]].thmx", cAlternateFileName="TM0309~2.THM")) returned 1 [0294.115] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x988e757c, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x988e757c, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xbdc7df00, ftLastWriteTime.dwHighDateTime=0x1d43fda, nFileSizeHigh=0x0, nFileSizeLow=0x883d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM03457444[[fn=Basis]].thmx", cAlternateFileName="TM2094~1.THM")) returned 1 [0294.115] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98acf19f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98acf19f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xe42a5200, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x8b615, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM03457464[[fn=Dividend]].thmx", cAlternateFileName="TM5959~1.THM")) returned 1 [0294.116] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9841a2b8, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9841a2b8, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xf2786e00, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x7fb28, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM03457475[[fn=Frame]].thmx", cAlternateFileName="TM7844~1.THM")) returned 1 [0294.116] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98af6207, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98af6207, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x34091900, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x2ef7a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM03457485[[fn=Mesh]].thmx", cAlternateFileName="TM2703~1.THM")) returned 1 [0294.116] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x987adf7a, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x987adf7a, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xea6cfe00, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0xbddaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM03457491[[fn=Metropolitan]].thmx", cAlternateFileName="TM5623~1.THM")) returned 1 [0294.116] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x980694ab, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x980694ab, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80545900, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0xe1c0f, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM03457496[[fn=Parallax]].thmx", cAlternateFileName="TM0345~2.THM")) returned 1 [0294.117] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9818a945, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9818a945, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xba712b00, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0xec122, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM03457503[[fn=Quotable]].thmx", cAlternateFileName="TM0345~4.THM")) returned 1 [0294.117] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97fbbf10, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x97fbbf10, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xc65ced00, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x125f51, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM03457510[[fn=Savon]].thmx", cAlternateFileName="TM0345~1.THM")) returned 1 [0294.117] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x980b633e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x980b633e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x80545900, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x76cc4, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM03457515[[fn=View]].thmx", cAlternateFileName="TM0345~3.THM")) returned 1 [0294.117] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x978145cc, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x978145cc, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xc65ced00, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0xee481, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM04033917[[fn=Berlin]].thmx", cAlternateFileName="TM0403~1.THM")) returned 1 [0294.117] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x984c4fd2, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x984c4fd2, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xdd034400, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x165552, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM04033919[[fn=Circuit]].thmx", cAlternateFileName="TMFEFA~1.THM")) returned 1 [0294.118] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x982f049f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x982f049f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x5c911300, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x21dbbf, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM04033921[[fn=Damask]].thmx", cAlternateFileName="TM0403~4.THM")) returned 1 [0294.118] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98ab2749, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98ab2749, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xc68a00, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x1ab70b, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM04033925[[fn=Droplet]].thmx", cAlternateFileName="TM9F98~1.THM")) returned 1 [0294.118] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x981588c3, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x981588c3, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x2358a300, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x2c9ecd, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM04033927[[fn=Main Event]].thmx", cAlternateFileName="TM0403~3.THM")) returned 1 [0294.119] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9852435b, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9852435b, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9cf09100, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x23f73b, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM04033929[[fn=Slate]].thmx", cAlternateFileName="TMA957~1.THM")) returned 1 [0294.119] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9800b4e9, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9800b4e9, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x4f742400, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x371abc, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM04033937[[fn=Vapor Trail]].thmx", cAlternateFileName="TM0403~2.THM")) returned 1 [0294.119] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x98742454, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x98742454, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x973bdf00, ftLastWriteTime.dwHighDateTime=0x1d4196d, nFileSizeHigh=0x0, nFileSizeLow=0x10a79d, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM10001114[[fn=Gallery]].thmx", cAlternateFileName="TM1000~2.THM")) returned 1 [0294.119] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9860260f, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9860260f, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x235700, ftLastWriteTime.dwHighDateTime=0x1d4196e, nFileSizeHigh=0x0, nFileSizeLow=0x9477a, dwReserved0=0x0, dwReserved1=0x0, cFileName="TM10001115[[fn=Parcel]].thmx", cAlternateFileName="TM1000~1.THM")) returned 1 [0294.119] FindNextFileW (in: hFindFile=0x687f00, lpFindFileData=0x14e860 | out: lpFindFileData=0x14e860*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0294.120] FindClose (in: hFindFile=0x687f00 | out: hFindFile=0x687f00) returned 1 [0294.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eac0) returned 1 [0294.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14ea80) returned 1 [0294.121] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx", nBufferLength=0x105, lpBuffer=0x14e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx", lpFilePart=0x0) returned 0x82 [0294.122] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx", nBufferLength=0x105, lpBuffer=0x14e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx", lpFilePart=0x0) returned 0x82 [0294.122] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx", dwFileAttributes=0x80) returned 1 [0294.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb90) returned 1 [0294.125] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03090430[[fn=banded]].thmx"), fInfoLevelId=0x0, lpFileInformation=0x257e258 | out: lpFileInformation=0x257e258*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x9826b304, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9826b304, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x70d51000, ftLastWriteTime.dwHighDateTime=0x1d43fbc, nFileSizeHigh=0x0, nFileSizeLow=0x893c1)) returned 1 [0294.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0294.125] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx", nBufferLength=0x105, lpBuffer=0x14e520, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx", lpFilePart=0x0) returned 0x82 [0294.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ea00) returned 1 [0294.126] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03090430[[fn=banded]].thmx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0294.126] GetFileType (hFile=0x1f4) returned 0x1 [0294.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14e970) returned 1 [0294.126] GetFileType (hFile=0x1f4) returned 0x1 [0294.126] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eb98 | out: lpFileSizeHigh=0x14eb98*=0x0) returned 0x893c1 [0294.131] ReadFile (in: hFile=0x1f4, lpBuffer=0x1252a1e8, nNumberOfBytesToRead=0x893c1, lpNumberOfBytesRead=0x14eac8, lpOverlapped=0x0 | out: lpBuffer=0x1252a1e8*, lpNumberOfBytesRead=0x14eac8*=0x893c1, lpOverlapped=0x0) returned 1 [0294.200] CloseHandle (hObject=0x1f4) returned 1 [0294.656] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx", nBufferLength=0x105, lpBuffer=0x14e460, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx", lpFilePart=0x0) returned 0x82 [0294.657] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14e940) returned 1 [0294.657] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03090430[[fn=banded]].thmx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0294.667] GetFileType (hFile=0x1f4) returned 0x1 [0294.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14e8b0) returned 1 [0294.667] GetFileType (hFile=0x1f4) returned 0x1 [0294.667] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.669] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.669] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.669] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.670] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.670] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.670] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.671] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.671] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.671] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.672] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.672] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.672] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.672] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.673] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.673] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.674] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.674] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.674] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.674] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.675] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.675] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.675] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.676] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.676] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.676] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.677] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.677] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.677] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.677] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.678] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.678] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.678] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.679] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.679] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.679] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.680] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.680] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.681] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.682] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.682] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.683] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.683] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.684] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.684] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.684] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.684] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.685] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.685] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.685] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.686] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.686] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.686] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.687] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.687] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.687] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.688] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.688] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.688] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.689] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.689] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.690] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.690] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.690] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.690] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.692] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.692] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.692] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.693] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.693] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.693] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.694] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.694] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.694] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.695] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.695] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.695] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.696] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.696] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.696] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.696] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.697] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.697] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.697] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.697] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.698] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.698] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.698] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.699] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.699] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.699] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.699] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.700] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.708] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.709] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.709] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.710] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.710] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.710] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.711] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.711] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.711] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.712] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.712] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.712] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.712] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.713] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.713] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.713] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.714] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.714] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.714] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.715] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.715] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.715] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.716] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.716] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.716] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.717] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.717] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.717] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.718] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.718] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.719] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.719] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.720] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.720] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.720] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.721] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.722] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.722] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.722] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.723] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.723] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.723] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.724] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.724] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.724] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.724] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.725] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.725] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.725] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.726] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.726] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.726] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.727] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.727] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.728] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.728] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.728] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.729] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.729] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.729] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.730] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.730] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.730] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.731] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.731] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.731] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.732] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.732] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.732] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.733] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.733] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.733] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.734] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.734] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.734] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.735] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.735] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.735] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.735] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.736] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.736] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.736] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.737] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.737] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.737] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.738] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.738] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.738] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.739] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0294.739] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14e9a8, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14e9a8*=0x1000, lpOverlapped=0x0) returned 1 [0294.740] WriteFile (in: hFile=0x1f4, lpBuffer=0x25f7e00*, nNumberOfBytesToWrite=0x88, lpNumberOfBytesWritten=0x14e988, lpOverlapped=0x0 | out: lpBuffer=0x25f7e00*, lpNumberOfBytesWritten=0x14e988*=0x88, lpOverlapped=0x0) returned 1 [0294.740] CloseHandle (hObject=0x1f4) returned 1 [0294.740] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx", nBufferLength=0x105, lpBuffer=0x14e6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx", lpFilePart=0x0) returned 0x82 [0294.741] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx.ampkcz", nBufferLength=0x105, lpBuffer=0x14e6c0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx.ampkcz", lpFilePart=0x0) returned 0x89 [0294.741] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0294.741] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03090430[[fn=banded]].thmx"), fInfoLevelId=0x0, lpFileInformation=0x14ebe0 | out: lpFileInformation=0x14ebe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9826b304, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x9826b304, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0x9e147d1b, ftLastWriteTime.dwHighDateTime=0x1d858f2, nFileSizeHigh=0x0, nFileSizeLow=0xb7088)) returned 1 [0294.741] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eac0) returned 1 [0294.741] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03090430[[fn=banded]].thmx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090430[[fn=Banded]].thmx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03090430[[fn=banded]].thmx.ampkcz")) returned 1 [0294.742] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\readme.txt", nBufferLength=0x105, lpBuffer=0x14e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\readme.txt", lpFilePart=0x0) returned 0x70 [0294.742] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14e990) returned 1 [0294.743] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\readme.txt" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\readme.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0294.743] GetFileType (hFile=0x1f4) returned 0x1 [0294.743] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14e900) returned 1 [0294.743] GetFileType (hFile=0x1f4) returned 0x1 [0294.747] WriteFile (in: hFile=0x1f4, lpBuffer=0x25fb308*, nNumberOfBytesToWrite=0x6c6, lpNumberOfBytesWritten=0x14ea38, lpOverlapped=0x0 | out: lpBuffer=0x25fb308*, lpNumberOfBytesWritten=0x14ea38*=0x6c6, lpOverlapped=0x0) returned 1 [0294.749] CloseHandle (hObject=0x1f4) returned 1 [0294.750] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434[[fn=Wood Type]].thmx", nBufferLength=0x105, lpBuffer=0x14e710, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434[[fn=Wood Type]].thmx", lpFilePart=0x0) returned 0x85 [0294.750] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434[[fn=Wood Type]].thmx", nBufferLength=0x105, lpBuffer=0x14e570, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434[[fn=Wood Type]].thmx", lpFilePart=0x0) returned 0x85 [0294.750] SetFileAttributesW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434[[fn=Wood Type]].thmx", dwFileAttributes=0x80) returned 1 [0294.751] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb90) returned 1 [0294.751] GetFileAttributesExW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434[[fn=Wood Type]].thmx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03090434[[fn=wood type]].thmx"), fInfoLevelId=0x0, lpFileInformation=0x25ff150 | out: lpFileInformation=0x25ff150*(dwFileAttributes=0x80, ftCreationTime.dwLowDateTime=0x984f5d1e, ftCreationTime.dwHighDateTime=0x1d705ee, ftLastAccessTime.dwLowDateTime=0x984f5d1e, ftLastAccessTime.dwHighDateTime=0x1d705ee, ftLastWriteTime.dwLowDateTime=0xa299a700, ftLastWriteTime.dwHighDateTime=0x1d43fbb, nFileSizeHigh=0x0, nFileSizeLow=0x192bb1)) returned 1 [0294.751] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0294.752] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434[[fn=Wood Type]].thmx", nBufferLength=0x105, lpBuffer=0x14e520, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434[[fn=Wood Type]].thmx", lpFilePart=0x0) returned 0x85 [0294.752] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ea00) returned 1 [0294.752] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434[[fn=Wood Type]].thmx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03090434[[fn=wood type]].thmx"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x1f4 [0294.752] GetFileType (hFile=0x1f4) returned 0x1 [0294.752] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14e970) returned 1 [0294.752] GetFileType (hFile=0x1f4) returned 0x1 [0294.752] GetFileSize (in: hFile=0x1f4, lpFileSizeHigh=0x14eb98 | out: lpFileSizeHigh=0x14eb98*=0x0) returned 0x192bb1 [0294.757] ReadFile (in: hFile=0x1f4, lpBuffer=0x134b2210, nNumberOfBytesToRead=0x192bb1, lpNumberOfBytesRead=0x14eac8, lpOverlapped=0x0 | out: lpBuffer=0x134b2210*, lpNumberOfBytesRead=0x14eac8*=0x192bb1, lpOverlapped=0x0) returned 1 [0295.098] CloseHandle (hObject=0x1f4) returned 1 [0296.129] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434[[fn=Wood Type]].thmx", nBufferLength=0x105, lpBuffer=0x14e460, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434[[fn=Wood Type]].thmx", lpFilePart=0x0) returned 0x85 [0296.129] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14e940) returned 1 [0296.129] CreateFileW (lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434[[fn=Wood Type]].thmx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03090434[[fn=wood type]].thmx"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x1f4 [0296.177] GetFileType (hFile=0x1f4) returned 0x1 [0296.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14e8b0) returned 1 [0296.177] GetFileType (hFile=0x1f4) returned 0x1 [0296.177] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.180] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.180] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.181] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.181] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.182] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.182] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.183] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.183] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.184] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.184] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.185] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.185] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.186] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.187] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.187] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.188] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.188] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.189] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.189] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.190] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.190] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.191] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.191] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.192] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.192] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.193] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.193] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.194] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.194] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.195] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.195] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.195] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.196] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.196] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.197] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.197] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.198] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.198] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.199] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.207] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.208] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.208] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.209] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.209] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.210] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.211] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.211] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.212] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.212] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.213] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.213] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.214] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.214] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.215] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.215] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.216] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.217] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.217] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.218] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.219] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.219] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.220] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.220] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.221] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.222] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.223] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.223] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.223] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.224] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.224] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.225] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.225] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.225] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.226] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.226] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.226] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.227] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.227] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.228] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.228] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.229] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.229] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.229] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.230] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.230] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.231] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.231] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.232] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.232] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.233] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.233] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.233] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.234] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.234] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.235] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.235] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.236] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.236] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.237] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.237] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.238] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.238] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.239] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.239] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.240] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.240] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.241] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.241] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.242] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.242] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.243] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.243] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.244] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.244] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.245] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.245] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.245] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.246] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.246] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.247] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.247] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.248] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.248] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.249] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.249] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.250] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.250] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.250] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.252] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.253] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.253] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.253] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.254] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.254] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.255] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.255] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.255] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.256] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.256] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.257] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.257] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.258] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.258] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.259] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.259] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.260] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.260] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.260] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.261] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.261] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.261] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.262] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.262] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.263] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.263] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.263] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.264] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.264] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.265] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.265] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.265] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.266] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.266] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.267] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.267] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.267] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.268] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.268] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.269] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.269] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.269] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.270] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.270] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.271] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.271] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.271] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.272] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.272] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.273] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.273] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.274] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.274] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.275] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.275] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.275] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.276] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.276] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.277] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.277] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.277] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.278] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.279] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.281] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.282] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.282] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.283] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.283] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.284] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.284] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.285] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.285] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.285] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.286] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.286] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.286] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.287] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.287] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.288] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.288] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.289] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.289] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.290] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.290] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.291] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.291] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.292] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.292] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.293] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.293] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.293] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.294] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.294] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.294] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.295] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.295] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.296] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.296] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.297] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.297] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.297] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.298] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.298] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.299] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.299] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.301] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.302] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.302] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.303] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.303] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.304] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.304] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.304] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.305] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.305] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.305] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.306] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.306] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.306] WriteFile (in: hFile=0x1f4, lpBuffer=0x2532aa8*, nNumberOfBytesToWrite=0x1000, lpNumberOfBytesWritten=0x14ea28, lpOverlapped=0x0 | out: lpBuffer=0x2532aa8*, lpNumberOfBytesWritten=0x14ea28*=0x1000, lpOverlapped=0x0) returned 1 [0296.345] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0296.345] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eac0) returned 1 [0296.346] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434[[fn=Wood Type]].thmx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03090434[[fn=wood type]].thmx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03090434[[fn=Wood Type]].thmx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03090434[[fn=wood type]].thmx.ampkcz")) returned 1 [0296.348] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb90) returned 1 [0296.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0296.348] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ea00) returned 1 [0296.348] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14e970) returned 1 [0296.913] GetFullPathNameW (in: lpFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457444[[fn=Basis]].thmx", nBufferLength=0x105, lpBuffer=0x14e460, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457444[[fn=Basis]].thmx", lpFilePart=0x0) returned 0x81 [0296.913] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14e940) returned 1 [0296.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14e8b0) returned 1 [0296.941] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb00) returned 1 [0296.942] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eac0) returned 1 [0296.942] MoveFileW (lpExistingFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457444[[fn=Basis]].thmx" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03457444[[fn=basis]].thmx"), lpNewFileName="C:\\Users\\RDhJ0CNFevzX\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\TM03457444[[fn=Basis]].thmx.ampkcz" (normalized: "c:\\users\\rdhj0cnfevzx\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\tm03457444[[fn=basis]].thmx.ampkcz")) returned 1 [0296.943] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14eb90) returned 1 [0296.944] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14eb50) returned 1 [0296.944] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x14ea00) returned 1 [0296.944] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x14e970) returned 1 Thread: id = 13 os_tid = 0x30c Thread: id = 14 os_tid = 0x11f4 Thread: id = 15 os_tid = 0x1264 [0142.635] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0142.635] RoInitialize () returned 0x1 [0142.635] RoUninitialize () returned 0x0 Thread: id = 16 os_tid = 0x970 Thread: id = 17 os_tid = 0xa08 Thread: id = 18 os_tid = 0xab0